1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Need help with white smoke infection

Discussion in 'Malware and Virus Removal Archive' started by BillB, 2011/02/04.

Page 1 of 2
  1. 2011/02/04
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    [Resolved] Need help with white smoke infection

    I have a friend's laptop that keeps getting something called white smoke translator. Malwarebytes and Superantispyware seem to clean it up but it comes back. I'm including the required logs;

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5677

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    2/4/2011 1:37:17 PM
    mbam-log-2011-02-04 (13-37-17).txt

    Scan type: Quick scan
    Objects scanned: 145103
    Time elapsed: 6 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 3
    Files Infected: 21

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\WhiteSmokeTranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmokeTranslator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\program files\whitesmoke translator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke translator (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

    Files Infected:
    c:\Windows\System32\config\systemprofile\AppData\Roaming\palladium.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\Startup\launch whitesmoke translator.lnk (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\asdfasfas.bat (Malware.Trace) -> Quarantined and deleted successfully.
    c:\program files\whitesmoke translator\whitesmokedictregistration.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\program files\whitesmoke translator\wstraydictmode.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke translator\registration.lnk (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke translator\uninstall.lnk (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke translator\whitesmoke translator.lnk (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\0x0409.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\config.txt (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\data1.cab (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\data1.hdr (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\data2.cab (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\ISSetup.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\layout.bin (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\setup.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\setup.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\setup.inx (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\setup.iss (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\setup.log (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
    c:\Windows\System32\config\systemprofile\AppData\Roaming\whitesmokesetup\setup.ocx (PUP.WhiteSmoke) -> Quarantined and deleted successfully.


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: Wistron
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP G60 Notebook PC
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 199):
    0x82E50000 \SystemRoot\system32\ntkrnlpa.exe
    0x82E19000 \SystemRoot\system32\halmacpi.dll
    0x86770000 \SystemRoot\system32\kdcom.dll
    0x83418000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x83423000 \SystemRoot\system32\PSHED.dll
    0x83434000 \SystemRoot\system32\BOOTVID.dll
    0x8343C000 \SystemRoot\system32\CLFS.SYS
    0x8347E000 \SystemRoot\system32\CI.dll
    0x83529000 \SystemRoot\System32\drivers\ihwjaxy.sys
    0x83537000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x835A8000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x835B6000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x83400000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x83409000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x83600000 \SystemRoot\system32\DRIVERS\pci.sys
    0x8362A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x83635000 \SystemRoot\System32\drivers\partmgr.sys
    0x83646000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x83656000 \SystemRoot\System32\drivers\volmgrx.sys
    0x836A1000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x836A8000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x836B6000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x836BE000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x836C9000 \SystemRoot\System32\drivers\mountmgr.sys
    0x836DF000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x836E8000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8370B000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x83714000 \SystemRoot\system32\drivers\fltmgr.sys
    0x83748000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8AA09000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8AB38000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8AB63000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8AB76000 \SystemRoot\System32\Drivers\cng.sys
    0x8ABD3000 \SystemRoot\System32\drivers\pcw.sys
    0x8ABE1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8AC20000 \SystemRoot\system32\drivers\ndis.sys
    0x8ACD7000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8AD15000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8AE16000 \SystemRoot\System32\drivers\tcpip.sys
    0x8AF5F000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8AF90000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x8AFCF000 \SystemRoot\System32\Drivers\spldr.sys
    0x8AD3A000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8AFD7000 \SystemRoot\System32\Drivers\mup.sys
    0x8AFE7000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8AD67000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8AFEF000 \SystemRoot\system32\DRIVERS\disk.sys
    0x8AD99000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x8ADDA000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8ADF9000 \SystemRoot\System32\Drivers\Null.SYS
    0x8AC00000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8AC07000 \SystemRoot\System32\drivers\vga.sys
    0x83759000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8AC13000 \SystemRoot\System32\drivers\watchdog.sys
    0x8ABEA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8ABF2000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8AA00000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x8377A000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x83785000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x83793000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x837AA000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x837B5000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x9002D000 \SystemRoot\system32\drivers\afd.sys
    0x90087000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x9008C000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x900BE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x900C5000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x900E4000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x900F5000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x90103000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x90116000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x90126000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0x90148000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0x9014E000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x9018F000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x90199000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x901A3000 \SystemRoot\System32\drivers\discache.sys
    0x901AF000 \SystemRoot\System32\Drivers\dfsc.sys
    0x901C7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x90838000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x9087F000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x908A0000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x908B1000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x908BA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x908D2000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
    0x908D7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x908E4000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x90914000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x90916000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x90923000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x90927000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x9092F000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x90939000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x90984000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x90993000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x90432000 \SystemRoot\system32\DRIVERS\nvm62x32.sys
    0x91C3B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x92592000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x90487000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x92594000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x9400A000 \SystemRoot\system32\DRIVERS\athr.sys
    0x9411A000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x94124000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x94131000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x94143000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x9415B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x94166000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x94188000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x941A0000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x941B7000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x941CE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x91C00000 \SystemRoot\system32\DRIVERS\ks.sys
    0x941D0000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x9053E000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x941DE000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x90582000 \SystemRoot\system32\drivers\CHDRT32.sys
    0x925CD000 \SystemRoot\system32\drivers\portcls.sys
    0x905BD000 \SystemRoot\system32\drivers\drmk.sys
    0x909B2000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x8260B000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8270E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x827C3000 \SystemRoot\system32\drivers\modem.sys
    0x827D0000 \SystemRoot\system32\drivers\nvhda32v.sys
    0x827DE000 \SystemRoot\system32\drivers\RTSTOR.SYS
    0x905D6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x90400000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x95CF0000 \SystemRoot\System32\win32k.sys
    0x827F1000 \SystemRoot\System32\drivers\Dxapi.sys
    0x941EF000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x82600000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x94000000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x905ED000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x90424000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x95F50000 \SystemRoot\System32\TSDDD.dll
    0x95F80000 \SystemRoot\System32\cdd.dll
    0x95FA0000 \SystemRoot\System32\ATMFD.DLL
    0x90800000 \SystemRoot\system32\drivers\luafv.sys
    0x837BF000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x827FB000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x9081B000 \SystemRoot\system32\drivers\WudfPf.sys
    0x909F0000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9D415000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x9D45B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x9D46B000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9D47E000 \SystemRoot\system32\drivers\HTTP.sys
    0x9D503000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9D51C000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9D52E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9D551000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9D58C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9D5BF000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xA123D000 \SystemRoot\system32\drivers\peauth.sys
    0xA12D4000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA12DE000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA12FF000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA130C000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0xA1314000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA1363000 \SystemRoot\System32\DRIVERS\srv.sys
    0xAAE6B000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0xAAE74000 \??\C:\Users\JUDITH~1\AppData\Local\Temp\aftirkob.sys
    0x77300000 \Windows\System32\ntdll.dll
    0x482D0000 \Windows\System32\smss.exe
    0x77540000 \Windows\System32\apisetschema.dll
    0x00730000 \Windows\System32\autochk.exe
    0x774F0000 \Windows\System32\ws2_32.dll
    0x77460000 \Windows\System32\oleaut32.dll
    0x77270000 \Windows\System32\clbcatq.dll
    0x77220000 \Windows\System32\Wldap32.dll
    0x77120000 \Windows\System32\wininet.dll
    0x77070000 \Windows\System32\rpcrt4.dll
    0x77450000 \Windows\System32\psapi.dll
    0x76FA0000 \Windows\System32\user32.dll
    0x76F00000 \Windows\System32\advapi32.dll
    0x76E60000 \Windows\System32\usp10.dll
    0x76E00000 \Windows\System32\shlwapi.dll
    0x76DA0000 \Windows\System32\difxapi.dll
    0x76D70000 \Windows\System32\imagehlp.dll
    0x76BD0000 \Windows\System32\setupapi.dll
    0x76AF0000 \Windows\System32\kernel32.dll
    0x76AD0000 \Windows\System32\imm32.dll
    0x768D0000 \Windows\System32\iertutil.dll
    0x76800000 \Windows\System32\msctf.dll
    0x76780000 \Windows\System32\comdlg32.dll
    0x766D0000 \Windows\System32\msvcrt.dll
    0x766B0000 \Windows\System32\sechost.dll
    0x75A60000 \Windows\System32\shell32.dll
    0x77440000 \Windows\System32\lpk.dll
    0x75A50000 \Windows\System32\nsi.dll
    0x75A00000 \Windows\System32\gdi32.dll
    0x758C0000 \Windows\System32\urlmon.dll
    0x758B0000 \Windows\System32\normaliz.dll
    0x75750000 \Windows\System32\ole32.dll
    0x75730000 \Windows\System32\devobj.dll
    0x756A0000 \Windows\System32\comctl32.dll
    0x75670000 \Windows\System32\cfgmgr32.dll
    0x75640000 \Windows\System32\wintrust.dll
    0x75520000 \Windows\System32\crypt32.dll
    0x754D0000 \Windows\System32\KernelBase.dll
    0x754C0000 \Windows\System32\msasn1.dll

    Processes (total 63):
    0 System Idle Process
    4 System
    276 C:\Windows\System32\smss.exe
    388 csrss.exe
    448 C:\Windows\System32\wininit.exe
    456 csrss.exe
    496 C:\Windows\System32\services.exe
    512 C:\Windows\System32\lsass.exe
    520 C:\Windows\System32\lsm.exe
    632 C:\Windows\System32\svchost.exe
    656 C:\Windows\System32\winlogon.exe
    752 C:\Windows\System32\nvvsvc.exe
    792 C:\Windows\System32\svchost.exe
    848 C:\Windows\System32\svchost.exe
    920 C:\Windows\System32\svchost.exe
    988 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\svchost.exe
    1152 C:\Windows\System32\nvvsvc.exe
    1280 C:\Windows\System32\svchost.exe
    1412 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1420 C:\Windows\System32\dwm.exe
    1452 C:\Windows\explorer.exe
    1804 C:\Windows\System32\spoolsv.exe
    1812 C:\Windows\System32\taskeng.exe
    1820 C:\Windows\System32\taskhost.exe
    1880 C:\Windows\System32\rundll32.exe
    1956 C:\Windows\System32\svchost.exe
    304 C:\Windows\System32\dlbtcoms.exe
    584 C:\Windows\System32\svchost.exe
    1024 C:\Windows\System32\svchost.exe
    1496 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2056 C:\Windows\System32\svchost.exe
    2152 C:\Windows\System32\svchost.exe
    2200 C:\Program Files\SMINST\BLService.exe
    2228 C:\Program Files\CyberLink\Shared files\RichVideo.exe
    2264 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2328 C:\Windows\System32\svchost.exe
    2372 C:\Windows\System32\drivers\XAudio.exe
    2868 C:\Windows\System32\svchost.exe
    3108 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    3204 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3412 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    3448 C:\Program Files\AWS\WeatherBug\Weather.exe
    3464 C:\Windows\ehome\ehmsas.exe
    3500 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    3508 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    3732 C:\Windows\System32\SearchIndexer.exe
    3864 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3972 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    4040 WmiPrvSE.exe
    3040 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    3188 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    296 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    3268 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    504 C:\Windows\System32\ctfmon.exe
    964 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    2676 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    1752 C:\Windows\System32\wuauclt.exe
    3612 C:\Windows\System32\taskeng.exe
    2356 C:\Windows\System32\audiodg.exe
    1756 C:\Users\judithwright\Desktop\MBRCheck.exe
    3484 C:\Windows\System32\conhost.exe
    2788 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`cac00000 (NTFS)

    PhysicalDrive0 Model Number: ST9320320AS, Rev: HP07

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
     
    BillB,
    #1
  2. 2011/02/04
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-02-04 14:08:43
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort3 ST9320320AS rev.HP07
    Running: 2b0nx59p.exe; Driver: C:\Users\JUDITH~1\AppData\Local\Temp\aftirkob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x90841728]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x908417D8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90841870]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9085582E]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x90855652]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x9085578C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E93599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB7F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!RtlSidHashLookup + 23C 82EBF74C 4 Bytes [28, 17, 84, 90]
    .text ntkrnlpa.exe!RtlSidHashLookup + 3FC 82EBF90C 4 Bytes [D8, 17, 84, 90]
    .text ntkrnlpa.exe!RtlSidHashLookup + 54C 82EBFA5C 4 Bytes [70, 18, 84, 90]
    PAGE ntkrnlpa.exe!ZwLoadDriver 82FF1291 7 Bytes JMP 90855790 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83058FBF 5 Bytes JMP 908511EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject + 27 83072CF3 5 Bytes JMP 90852CA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!NtCreateSection 83080D63 7 Bytes JMP 90855656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 8312AEAC 7 Bytes JMP 90855832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    ? System32\drivers\ihwjaxy.sys The system cannot find the path specified. !
    PAGE peauth.sys A124902C 102 Bytes JMP BCFF7CB9
    PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AAE1E000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AAE1E123 629 Bytes [95, E1, AA, FE, 05, 34, 95, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 5329 AAE1E399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 538F AAE1E3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 543B AAE1E4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
    PAGE ...
    .text user32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0
    .text user32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0
    .text user32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30
    .text user32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720
    .text user32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[296] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[296] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[296] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[296] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[296] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[296] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[296] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\dlbtcoms.exe[304] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\dlbtcoms.exe[304] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\dlbtcoms.exe[304] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\dlbtcoms.exe[304] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\dlbtcoms.exe[304] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\dlbtcoms.exe[304] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\dlbtcoms.exe[304] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[448] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[448] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[448] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[448] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[448] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[448] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[448] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[496] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[496] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[496] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[496] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[496] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[496] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[496] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[512] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[512] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[512] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[512] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[512] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[512] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[512] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[520] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[520] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[520] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[520] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[520] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[520] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[520] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[584] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[584] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[584] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[584] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[584] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[584] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[584] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[632] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[632] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[632] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[632] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[632] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[632] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[632] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[656] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[656] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[656] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[656] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[656] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[656] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[656] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\nvvsvc.exe[752] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\nvvsvc.exe[752] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\nvvsvc.exe[752] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\nvvsvc.exe[752] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\nvvsvc.exe[752] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\nvvsvc.exe[752] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\nvvsvc.exe[752] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[792] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[792] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[792] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[792] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[792] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[792] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[792] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[848] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[848] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[848] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[848] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[848] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[848] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[848] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[920] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[920] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[920] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[920] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[920] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[920] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\sppsvc.exe[960] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\sppsvc.exe[960] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\sppsvc.exe[960] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\sppsvc.exe[960] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\sppsvc.exe[960] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\sppsvc.exe[960] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\sppsvc.exe[960] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtProtectVirtualMemory 77345380 5 Bytes JMP 0092000A
    .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtWriteVirtualMemory 77345F00 5 Bytes JMP 0093000A
    .text C:\Windows\system32\svchost.exe[988] ntdll.dll!KiUserExceptionDispatcher 77346448 5 Bytes JMP 0091000A
    .text C:\Windows\system32\svchost.exe[988] ole32.dll!CoCreateInstance 757A590C 5 Bytes JMP 00CC000A
    .text C:\Windows\system32\svchost.exe[988] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[988] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[988] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[988] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[988] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1024] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1024] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1024] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1024] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1024] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1024] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1024] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1124] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1124] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\nvvsvc.exe[1152] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\nvvsvc.exe[1152] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\nvvsvc.exe[1152] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\nvvsvc.exe[1152] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\nvvsvc.exe[1152] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\nvvsvc.exe[1152] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\nvvsvc.exe[1152] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[1224] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[1224] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[1224] USER32.dll!UnhookWindowsHookEx
     
    BillB,
    #2


  3. to hide this advert.

  4. 2011/02/04
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    .text C:\Windows\system32\taskeng.exe[1224] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[1224] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[1224] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[1224] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1280] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1280] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1280] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1280] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1280] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1412] kernel32.dll!SetUnhandledExceptionFilter 76B43162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Windows\system32\Dwm.exe[1420] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[1420] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[1420] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[1420] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[1420] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[1420] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[1420] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\Explorer.EXE[1452] ntdll.dll!NtProtectVirtualMemory 77345380 5 Bytes JMP 003A000A
    .text C:\Windows\Explorer.EXE[1452] ntdll.dll!NtWriteVirtualMemory 77345F00 5 Bytes JMP 005C000A
    .text C:\Windows\Explorer.EXE[1452] ntdll.dll!KiUserExceptionDispatcher 77346448 5 Bytes JMP 0034000A
    .text C:\Windows\Explorer.EXE[1452] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\Explorer.EXE[1452] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\Explorer.EXE[1452] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\Explorer.EXE[1452] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\Explorer.EXE[1452] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1496] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1496] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1496] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1496] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1496] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1496] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1496] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wuauclt.exe[1752] ntdll.dll!NtProtectVirtualMemory 77345380 5 Bytes JMP 0123000A
    .text C:\Windows\system32\wuauclt.exe[1752] ntdll.dll!NtWriteVirtualMemory 77345F00 5 Bytes JMP 0139000A
    .text C:\Windows\system32\wuauclt.exe[1752] ntdll.dll!KiUserExceptionDispatcher 77346448 5 Bytes JMP 011E000A
    .text C:\Windows\system32\wuauclt.exe[1752] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wuauclt.exe[1752] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wuauclt.exe[1752] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wuauclt.exe[1752] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wuauclt.exe[1752] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[1804] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[1804] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[1804] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[1804] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[1804] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[1804] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[1804] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[1812] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[1812] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[1812] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[1812] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[1812] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[1812] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[1812] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskhost.exe[1820] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskhost.exe[1820] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskhost.exe[1820] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskhost.exe[1820] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskhost.exe[1820] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskhost.exe[1820] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskhost.exe[1820] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\rundll32.exe[1880] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\rundll32.exe[1880] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\rundll32.exe[1880] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\rundll32.exe[1880] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\rundll32.exe[1880] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\rundll32.exe[1880] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\rundll32.exe[1880] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1956] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1956] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1956] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1956] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1956] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2056] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2056] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2056] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2056] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2056] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2056] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2056] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2152] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2152] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2152] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2152] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2152] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2152] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2152] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\SMINST\BLService.exe[2200] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\SMINST\BLService.exe[2200] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\SMINST\BLService.exe[2200] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\SMINST\BLService.exe[2200] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\SMINST\BLService.exe[2200] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\SMINST\BLService.exe[2200] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\SMINST\BLService.exe[2200] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2228] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2228] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2228] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2228] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2228] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2228] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2228] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2264] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2264] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2264] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2264] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2264] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2264] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2264] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2372] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2372] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2372] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2372] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2372] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2372] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2372] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2868] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2868] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2868] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2868] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2868] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2868] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2868] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\servicing\TrustedInstaller.exe[2900] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\servicing\TrustedInstaller.exe[2900] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\servicing\TrustedInstaller.exe[2900] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\servicing\TrustedInstaller.exe[2900] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\servicing\TrustedInstaller.exe[2900] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\servicing\TrustedInstaller.exe[2900] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\servicing\TrustedInstaller.exe[2900] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wbem\wmiprvse.exe[3008] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wbem\wmiprvse.exe[3008] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wbem\wmiprvse.exe[3008] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wbem\wmiprvse.exe[3008] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wbem\wmiprvse.exe[3008] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wbem\wmiprvse.exe[3008] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wbem\wmiprvse.exe[3008] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3040] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3040] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3040] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3040] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3040] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3040] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3040] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3108] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3108] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3108] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3108] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3108] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3108] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3108] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3188] ntdll.dll!LdrUnloadDll
     
    BillB,
    #3
  5. 2011/02/04
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3188] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3188] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3188] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3188] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3188] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3188] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3412] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3412] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3412] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3412] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3412] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3412] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3412] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\AWS\WeatherBug\Weather.exe[3448] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\AWS\WeatherBug\Weather.exe[3448] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\AWS\WeatherBug\Weather.exe[3448] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\AWS\WeatherBug\Weather.exe[3448] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\AWS\WeatherBug\Weather.exe[3448] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\AWS\WeatherBug\Weather.exe[3448] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\AWS\WeatherBug\Weather.exe[3448] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\ehome\ehmsas.exe[3464] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\ehome\ehmsas.exe[3464] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\ehome\ehmsas.exe[3464] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\ehome\ehmsas.exe[3464] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\ehome\ehmsas.exe[3464] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\ehome\ehmsas.exe[3464] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\ehome\ehmsas.exe[3464] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3500] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3500] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3500] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3500] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3500] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3500] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3500] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3508] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3508] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3508] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3508] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3508] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3508] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3508] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\judithwright\Desktop\2b0nx59p.exe[3564] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\judithwright\Desktop\2b0nx59p.exe[3564] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\judithwright\Desktop\2b0nx59p.exe[3564] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\judithwright\Desktop\2b0nx59p.exe[3564] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\judithwright\Desktop\2b0nx59p.exe[3564] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\judithwright\Desktop\2b0nx59p.exe[3564] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\judithwright\Desktop\2b0nx59p.exe[3564] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[3732] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[3732] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[3732] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[3732] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[3732] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[3732] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[3732] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3864] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3864] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3864] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3864] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3864] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3864] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3864] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3972] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3972] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3972] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3972] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3972] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3972] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3972] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4040] ntdll.dll!LdrUnloadDll 7735BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4040] ntdll.dll!LdrLoadDll 7735F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4040] USER32.dll!UnhookWindowsHookEx 76FACC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4040] USER32.dll!UnhookWinEvent 76FAD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4040] USER32.dll!SetWindowsHookExW 76FB210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4040] USER32.dll!SetWinEventHook 76FB507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wbem\wmiprvse.exe[4040] USER32.dll!SetWindowsHookExA 76FD6DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[1452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74002494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FE5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FE56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7400250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73FF8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73FF4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FF50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FF51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73FF66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73FF82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FF8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73FF907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FFE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73FF4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\system32\rundll32.exe[1880] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753A5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\rundll32.exe[1880] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753A5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\rundll32.exe[1880] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753A5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\rundll32.exe[1880] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753A5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\rundll32.exe[1880] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [753A5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\rundll32.exe[1880] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [753A5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \Device\Ide\IdeDeviceP3T0L0-5 -> \??\IDE#DiskST9320320AS_____________________________HP07____#5&b0fd174&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sectors 625142192 (+255): rootkit-like behavior;

    ---- EOF - GMER 1.0.15 ----
     
    BillB,
    #4
  6. 2011/02/04
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    DDS (Ver_10-12-12.02) - NTFSx86
    Run by judithwright at 14:10:16.05 on Fri 02/04/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1855 [GMT -5:00]

    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\dlbtcoms.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\ctfmon.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\judithwright\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    BHO: Serif Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Serif Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\users\judith~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: judiwrightartgallery.com\www
    Trusted Zone: vistaprint.com\www
    DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\judith~1\appdata\roaming\mozilla\firefox\profiles\iip4jjx9.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=13842&l=dis
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SRFV5&o=13840&locale=en_US&apn_uid=E187B884-6B13-4DD0-84BD-DFB3D85BE8F4&apn_ptnrs=SJ&apn_sauid=B5B7AA4A-95D7-402B-ACDD-BFD65C1C30F5&apn_dtid=YYYYYYYYUS&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Serif Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-7-8 294608]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-8 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-7-8 51280]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-16 40384]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 193840]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-19 1343400]

    =============== Created Last 30 ================

    2011-02-04 18:28:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-04 18:28:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-17 18:33:42 141824 --sha-r- c:\windows\system32\C_10006S.dll
    2011-01-12 14:03:53 -------- d-----w- c:\program files\WOT
    2011-01-10 20:09:31 -------- d-----w- c:\users\judith~1\appdata\local\Windows Live
    2011-01-10 17:34:05 38848 ----a-w- c:\windows\avastSS.scr
    2011-01-10 17:33:03 -------- d-----w- c:\progra~2\Alwil Software
    2011-01-10 16:44:09 -------- d-----w- c:\users\judith~1\appdata\roaming\SUPERAntiSpyware.com
    2011-01-10 16:44:09 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
    2011-01-10 16:44:01 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-01-10 16:42:27 -------- d-----w- c:\program files\SpywareBlaster
    2011-01-07 23:46:07 -------- d-----w- c:\program files\common files\HP

    ==================== Find3M ====================

    2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7600 Disk: ST9320320AS rev.HP07 -> Harddisk0\DR0 -> \Device\Ide\IdePort3 P3T0L0-5

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x863AC735]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x863b2990]; MOV EAX, [0x863b2a0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x82E8C458] -> \Device\Harddisk0\DR0[0x86391188]
    3 CLASSPNP[0x8AD9D59E] -> ntkrnlpa!IofCallDriver[0x82E8C458] -> [0x862958B8]
    5 ACPI[0x835BF3B2] -> ntkrnlpa!IofCallDriver[0x82E8C458] -> \IdeDeviceP3T0L0-5[0x86277908]
    \Driver\atapi[0x86394838] -> IRP_MJ_CREATE -> 0x863AC735
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP3T0L0-5 -> \??\IDE#DiskST9320320AS_____________________________HP07____#5&b0fd174&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 625142446 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    ============= FINISH: 14:11:12.18 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/16/2009 12:24:46 PM
    System Uptime: 2/4/2011 1:38:43 PM (1 hours ago)

    Motherboard: Wistron | | 303C
    Processor: AMD Turion Dual-Core RM-75 | Socket A | 2200/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 287 GiB total, 216.057 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.809 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP115: 9/11/2010 2:34:19 PM - Installed Serif PhotoPlus SE
    RP116: 9/14/2010 10:10:56 AM - Windows Update
    RP117: 9/15/2010 8:35:31 PM - Windows Update
    RP118: 9/18/2010 9:30:15 AM - Windows Update
    RP119: 9/22/2010 2:49:58 PM - Windows Update
    RP120: 9/24/2010 9:33:01 AM - Windows Update
    RP121: 10/1/2010 1:27:19 PM - Windows Update
    RP122: 10/1/2010 1:52:06 PM - Windows Update
    RP123: 10/2/2010 10:30:23 AM - Windows Update
    RP124: 10/5/2010 7:44:24 PM - Windows Update
    RP125: 10/5/2010 9:39:10 PM - Windows Update
    RP126: 10/8/2010 7:31:45 PM - Windows Update
    RP127: 10/15/2010 1:29:32 PM - Windows Update
    RP128: 10/15/2010 3:37:39 PM - Windows Update
    RP129: 10/18/2010 7:08:08 PM - Windows Update
    RP130: 10/19/2010 5:17:46 PM - Windows Update
    RP131: 10/22/2010 7:10:38 PM - Windows Update
    RP132: 10/26/2010 8:47:44 PM - Windows Update
    RP133: 10/26/2010 9:01:04 PM - Windows Update
    RP134: 10/27/2010 8:48:38 PM - Windows Update
    RP135: 11/2/2010 11:48:01 AM - Windows Update
    RP136: 11/4/2010 6:55:55 PM - Windows Update
    RP137: 11/5/2010 5:07:45 PM - Windows Update
    RP138: 11/12/2010 7:13:52 PM - Windows Update
    RP139: 11/12/2010 8:28:46 PM - Windows Update
    RP140: 11/16/2010 7:37:09 PM - Windows Update
    RP141: 11/19/2010 1:42:34 PM - Windows Update
    RP142: 11/23/2010 6:54:57 PM - Windows Update
    RP143: 11/23/2010 9:01:26 PM - Windows Update
    RP144: 11/26/2010 5:40:59 AM - Windows Update
    RP145: 12/2/2010 11:04:21 AM - Windows Update
    RP146: 12/3/2010 7:02:27 PM - Windows Update
    RP147: 12/8/2010 4:14:10 PM - Windows Update
    RP148: 12/10/2010 6:32:47 PM - Windows Update
    RP149: 12/14/2010 7:11:39 PM - Windows Update
    RP150: 12/14/2010 10:25:08 PM - Windows Update
    RP151: 12/17/2010 4:33:57 PM - Windows Update
    RP152: 12/21/2010 9:16:36 PM - Windows Update
    RP153: 12/26/2010 5:27:27 AM - Windows Update
    RP154: 12/28/2010 7:54:04 PM - Windows Update
    RP155: 12/30/2010 2:07:17 PM - Windows Update
    RP156: 12/31/2010 11:16:03 AM - Windows Update
    RP157: 1/5/2011 1:48:07 PM - Windows Update
    RP158: 1/6/2011 9:09:39 PM - Windows Update
    RP159: 1/7/2011 6:43:00 PM - Removed Scan
    RP160: 1/7/2011 6:44:26 PM - Removed Destinations
    RP161: 1/7/2011 6:45:17 PM - Installed Scan
    RP162: 1/7/2011 6:47:16 PM - Installed Destinations
    RP163: 1/10/2011 12:33:31 PM - avast! Free Antivirus Setup
    RP164: 1/10/2011 3:04:43 PM - B4updys
    RP165: 1/10/2011 3:05:52 PM - Windows Update
    RP166: 1/12/2011 9:03:19 AM - Installed WOT for Internet Explorer
    RP167: 1/19/2011 9:30:43 PM - Scheduled Checkpoint

    ==== Installed Programs ======================


    32 Bit HP CIO Components Installer
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9
    Adobe Shockwave Player
    Ask Toolbar
    Atheros Driver Installation Program
    avast! Free Antivirus
    BufferChm
    C4600
    Compatibility Pack for the 2007 Office system
    Conexant HD Audio
    CyberLink DVD Suite
    CyberLink YouCam
    Destinations
    DeviceDiscovery
    ESU for Microsoft Vista
    GPBaseService2
    HDAUDIO Soft Data Fax Modem with SmartCP
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Customer Participation Program 13.0
    HP Doc Viewer
    HP DVD Play 3.7
    HP Help and Support
    HP Imaging Device Functions 13.0
    HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
    HP Quick Launch Buttons 6.40 H2
    HP Smart Web Printing 4.5
    HP Solution Center 13.0
    HP Total Care Advisor
    HP Total Care Setup
    HP Update
    HP User Guides 0118
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPNetworkAssistant
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    hpWLPGInstaller
    Internet Explorer (Enable DEP)
    iSEEK AnswerWorks English Runtime
    Java(TM) 6 Update 7
    Junk Mail filter update
    Juno Preloader
    LabelPrint
    LightScribe System Software 1.14.17.1
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Live Search Toolbar
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox (3.6.13)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal
    My HP Games
    NetWaiting
    NetZero Preloader
    Norton Internet Security
    NVIDIA Drivers
    Picasa 3
    Power2Go
    PowerDirector
    PS_AIO_05_C4600_Software_Min
    PVSonyDll
    Realtek USB 2.0 Card Reader
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Serif PhotoPlus SE
    Shop for HP Supplies
    SmartWebPrinting
    SolutionCenter
    SPORE Creature Creator Trial Edition
    SpywareBlaster 4.4
    Status
    SUPERAntiSpyware
    Synaptics Pointing Device Driver
    Toolbox
    TrayApp
    TurboTax 2009
    TurboTax 2009 waliper
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    TurboTax 2009 wsciper
    TurboTax 2009 wvaiper
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    WeatherBug
    WebReg
    Whitesmoke Translator
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    WinZip
    WOT for Internet Explorer
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    2/4/2011 1:27:17 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    2/4/2011 1:14:26 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    2/4/2011 1:10:32 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    2/4/2011 1:09:32 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    2/4/2011 1:08:32 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    2/4/2011 1:08:32 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/4/2011 1:08:32 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/4/2011 1:08:32 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/4/2011 1:08:32 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/4/2011 1:08:32 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/4/2011 1:08:32 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/4/2011 1:08:32 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/4/2011 1:08:32 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/4/2011 1:08:32 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/4/2011 1:08:32 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/4/2011 1:08:32 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/4/2011 1:08:32 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/4/2011 1:08:32 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/4/2011 1:08:32 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/4/2011 1:08:32 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/2/2011 9:53:37 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    2/2/2011 7:20:46 PM, Error: Microsoft-Windows-WHEA-Logger [20] - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: 11 Processor ID: 0 The details view of this entry contains further information.
    1/30/2011 7:14:39 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.

    ==== End Of File ===========================
     
    BillB,
    #5
  7. 2011/02/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================================

    We have a rootkit here as well.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #6
  8. 2011/02/04
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    Hi Broni, here's the log;

    2011/02/04 16:29:02.0007 2844 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
    2011/02/04 16:29:02.0210 2844 ================================================================================
    2011/02/04 16:29:02.0210 2844 SystemInfo:
    2011/02/04 16:29:02.0210 2844
    2011/02/04 16:29:02.0210 2844 OS Version: 6.1.7600 ServicePack: 0.0
    2011/02/04 16:29:02.0210 2844 Product type: Workstation
    2011/02/04 16:29:02.0210 2844 ComputerName: JUDITHWRIGHT-PC
    2011/02/04 16:29:02.0210 2844 UserName: judithwright
    2011/02/04 16:29:02.0210 2844 Windows directory: C:\Windows
    2011/02/04 16:29:02.0210 2844 System windows directory: C:\Windows
    2011/02/04 16:29:02.0210 2844 Processor architecture: Intel x86
    2011/02/04 16:29:02.0210 2844 Number of processors: 2
    2011/02/04 16:29:02.0210 2844 Page size: 0x1000
    2011/02/04 16:29:02.0210 2844 Boot type: Normal boot
    2011/02/04 16:29:02.0210 2844 ================================================================================
    2011/02/04 16:29:02.0834 2844 Initialize success
    2011/02/04 16:29:10.0525 2224 ================================================================================
    2011/02/04 16:29:10.0525 2224 Scan started
    2011/02/04 16:29:10.0525 2224 Mode: Manual;
    2011/02/04 16:29:10.0525 2224 ================================================================================
    2011/02/04 16:29:12.0802 2224 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/02/04 16:29:12.0927 2224 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/02/04 16:29:13.0052 2224 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/02/04 16:29:13.0208 2224 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/02/04 16:29:13.0348 2224 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/02/04 16:29:13.0426 2224 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/02/04 16:29:13.0582 2224 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/02/04 16:29:13.0660 2224 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/02/04 16:29:13.0723 2224 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/02/04 16:29:13.0863 2224 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/02/04 16:29:13.0941 2224 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/02/04 16:29:13.0972 2224 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/02/04 16:29:14.0097 2224 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/02/04 16:29:14.0206 2224 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/02/04 16:29:14.0347 2224 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/02/04 16:29:14.0409 2224 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/02/04 16:29:14.0487 2224 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/02/04 16:29:14.0596 2224 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/02/04 16:29:14.0737 2224 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/02/04 16:29:14.0830 2224 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/02/04 16:29:14.0971 2224 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/02/04 16:29:15.0064 2224 aswMonFlt (317f85fb68a3be507e9ccede5e6d9ee0) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/02/04 16:29:15.0127 2224 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\Windows\system32\drivers\aswRdr.sys
    2011/02/04 16:29:15.0314 2224 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\Windows\system32\drivers\aswSP.sys
    2011/02/04 16:29:15.0376 2224 aswTdi (1408421505257846eb336feeef33352d) C:\Windows\system32\drivers\aswTdi.sys
    2011/02/04 16:29:15.0532 2224 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/02/04 16:29:15.0595 2224 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/02/04 16:29:15.0829 2224 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
    2011/02/04 16:29:16.0203 2224 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/02/04 16:29:16.0359 2224 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/02/04 16:29:16.0656 2224 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/02/04 16:29:16.0921 2224 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/02/04 16:29:16.0952 2224 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    2011/02/04 16:29:17.0030 2224 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/02/04 16:29:17.0092 2224 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/02/04 16:29:17.0233 2224 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/02/04 16:29:17.0295 2224 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/02/04 16:29:17.0358 2224 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/02/04 16:29:17.0404 2224 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/02/04 16:29:17.0467 2224 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/02/04 16:29:17.0592 2224 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/02/04 16:29:17.0748 2224 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/02/04 16:29:17.0919 2224 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/02/04 16:29:17.0997 2224 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/02/04 16:29:18.0200 2224 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/02/04 16:29:18.0262 2224 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/02/04 16:29:18.0309 2224 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/02/04 16:29:18.0450 2224 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys
    2011/02/04 16:29:18.0543 2224 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/02/04 16:29:18.0699 2224 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/02/04 16:29:18.0808 2224 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/02/04 16:29:19.0074 2224 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/02/04 16:29:19.0152 2224 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/02/04 16:29:19.0276 2224 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/02/04 16:29:19.0479 2224 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
    2011/02/04 16:29:19.0542 2224 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    2011/02/04 16:29:19.0588 2224 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
    2011/02/04 16:29:19.0713 2224 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/02/04 16:29:19.0807 2224 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/02/04 16:29:20.0072 2224 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/02/04 16:29:20.0290 2224 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/02/04 16:29:20.0368 2224 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/02/04 16:29:20.0540 2224 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/02/04 16:29:20.0602 2224 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/02/04 16:29:20.0743 2224 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/02/04 16:29:20.0852 2224 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/02/04 16:29:20.0899 2224 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/02/04 16:29:20.0930 2224 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/02/04 16:29:21.0039 2224 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/02/04 16:29:21.0117 2224 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/02/04 16:29:21.0148 2224 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/02/04 16:29:21.0273 2224 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/02/04 16:29:21.0414 2224 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/02/04 16:29:21.0616 2224 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/02/04 16:29:21.0679 2224 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/02/04 16:29:21.0726 2224 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/02/04 16:29:21.0788 2224 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/02/04 16:29:21.0897 2224 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/02/04 16:29:22.0069 2224 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/02/04 16:29:22.0334 2224 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    2011/02/04 16:29:22.0506 2224 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/02/04 16:29:22.0693 2224 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    2011/02/04 16:29:22.0818 2224 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    2011/02/04 16:29:22.0974 2224 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/02/04 16:29:23.0083 2224 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/02/04 16:29:23.0254 2224 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/02/04 16:29:23.0410 2224 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/02/04 16:29:23.0535 2224 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/02/04 16:29:23.0629 2224 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/02/04 16:29:23.0769 2224 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/02/04 16:29:23.0972 2224 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/02/04 16:29:24.0159 2224 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/02/04 16:29:24.0237 2224 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/02/04 16:29:24.0378 2224 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/02/04 16:29:24.0440 2224 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/02/04 16:29:24.0534 2224 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/02/04 16:29:24.0674 2224 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/02/04 16:29:24.0799 2224 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/02/04 16:29:24.0877 2224 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/02/04 16:29:24.0955 2224 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/02/04 16:29:25.0173 2224 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/02/04 16:29:25.0360 2224 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/02/04 16:29:25.0423 2224 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/02/04 16:29:25.0470 2224 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/02/04 16:29:25.0516 2224 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/02/04 16:29:25.0626 2224 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/02/04 16:29:25.0797 2224 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    2011/02/04 16:29:25.0860 2224 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/02/04 16:29:25.0969 2224 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/02/04 16:29:26.0062 2224 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/02/04 16:29:26.0187 2224 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/02/04 16:29:26.0312 2224 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/02/04 16:29:26.0421 2224 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/02/04 16:29:26.0484 2224 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/02/04 16:29:26.0562 2224 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/02/04 16:29:26.0624 2224 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/02/04 16:29:26.0702 2224 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/02/04 16:29:26.0842 2224 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/02/04 16:29:26.0905 2224 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/02/04 16:29:26.0952 2224 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/02/04 16:29:27.0014 2224 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/02/04 16:29:27.0076 2224 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/02/04 16:29:27.0186 2224 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/02/04 16:29:27.0248 2224 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/02/04 16:29:27.0310 2224 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/02/04 16:29:27.0435 2224 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/02/04 16:29:27.0498 2224 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/02/04 16:29:27.0544 2224 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/02/04 16:29:27.0591 2224 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/02/04 16:29:27.0638 2224 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/02/04 16:29:27.0685 2224 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/02/04 16:29:27.0732 2224 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/02/04 16:29:27.0763 2224 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/02/04 16:29:27.0966 2224 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/02/04 16:29:28.0168 2224 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/02/04 16:29:28.0340 2224 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/02/04 16:29:28.0465 2224 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/02/04 16:29:28.0590 2224 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/02/04 16:29:28.0652 2224 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/02/04 16:29:28.0699 2224 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/02/04 16:29:28.0839 2224 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/02/04 16:29:28.0917 2224 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/02/04 16:29:29.0136 2224 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/02/04 16:29:29.0245 2224 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/02/04 16:29:29.0338 2224 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/02/04 16:29:29.0463 2224 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2011/02/04 16:29:29.0604 2224 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/02/04 16:29:29.0791 2224 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
    2011/02/04 16:29:29.0916 2224 NVHDA (b0dd52428bf564f5fc5ee331060be2a6) C:\Windows\system32\drivers\nvhda32v.sys
    2011/02/04 16:29:30.0337 2224 nvlddmkm (9dac05d828e56801fd6ce5fdfced64af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/02/04 16:29:30.0742 2224 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/02/04 16:29:30.0883 2224 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
    2011/02/04 16:29:30.0976 2224 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/02/04 16:29:31.0054 2224 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/02/04 16:29:31.0164 2224 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/02/04 16:29:31.0304 2224 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/02/04 16:29:31.0351 2224 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/02/04 16:29:31.0413 2224 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/02/04 16:29:31.0491 2224 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/02/04 16:29:31.0554 2224 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/02/04 16:29:31.0647 2224 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/02/04 16:29:31.0741 2224 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/02/04 16:29:31.0819 2224 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/02/04 16:29:32.0256 2224 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/02/04 16:29:32.0334 2224 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/02/04 16:29:32.0568 2224 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/02/04 16:29:32.0677 2224 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/02/04 16:29:32.0786 2224 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/02/04 16:29:32.0848 2224 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/02/04 16:29:32.0926 2224 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/02/04 16:29:33.0051 2224 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/02/04 16:29:33.0129 2224 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/02/04 16:29:33.0270 2224 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/02/04 16:29:33.0348 2224 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/02/04 16:29:33.0410 2224 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/02/04 16:29:33.0488 2224 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/02/04 16:29:33.0535 2224 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/02/04 16:29:33.0660 2224 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/02/04 16:29:33.0738 2224 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/02/04 16:29:33.0800 2224 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/02/04 16:29:33.0972 2224 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/02/04 16:29:34.0237 2224 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/02/04 16:29:34.0408 2224 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS
    2011/02/04 16:29:34.0596 2224 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2011/02/04 16:29:34.0720 2224 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    2011/02/04 16:29:34.0908 2224 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/02/04 16:29:35.0001 2224 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/02/04 16:29:35.0204 2224 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/02/04 16:29:35.0376 2224 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/02/04 16:29:35.0454 2224 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/02/04 16:29:35.0500 2224 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/02/04 16:29:35.0578 2224 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/02/04 16:29:35.0610 2224 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/02/04 16:29:35.0656 2224 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/02/04 16:29:35.0703 2224 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/02/04 16:29:35.0766 2224 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/02/04 16:29:35.0859 2224 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/02/04 16:29:35.0922 2224 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/02/04 16:29:36.0031 2224 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/02/04 16:29:36.0218 2224 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/02/04 16:29:36.0468 2224 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
    2011/02/04 16:29:36.0639 2224 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
    2011/02/04 16:29:36.0717 2224 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/02/04 16:29:36.0858 2224 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/02/04 16:29:36.0982 2224 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/02/04 16:29:37.0123 2224 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/02/04 16:29:37.0388 2224 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2011/02/04 16:29:37.0622 2224 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/02/04 16:29:37.0794 2224 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/02/04 16:29:37.0856 2224 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/02/04 16:29:37.0903 2224 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/02/04 16:29:37.0965 2224 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/02/04 16:29:37.0996 2224 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/02/04 16:29:38.0199 2224 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/02/04 16:29:38.0355 2224 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/02/04 16:29:38.0418 2224 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/02/04 16:29:38.0480 2224 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2011/02/04 16:29:38.0698 2224 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/02/04 16:29:38.0808 2224 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/02/04 16:29:38.0932 2224 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/02/04 16:29:39.0042 2224 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/02/04 16:29:39.0120 2224 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/02/04 16:29:39.0198 2224 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/02/04 16:29:39.0354 2224 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/02/04 16:29:39.0432 2224 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/02/04 16:29:39.0588 2224 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/02/04 16:29:39.0666 2224 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/02/04 16:29:39.0728 2224 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/02/04 16:29:39.0775 2224 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/02/04 16:29:39.0946 2224 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
    2011/02/04 16:29:40.0149 2224 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/02/04 16:29:40.0243 2224 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/02/04 16:29:40.0321 2224 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/02/04 16:29:40.0383 2224 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/02/04 16:29:40.0508 2224 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/02/04 16:29:40.0602 2224 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/02/04 16:29:40.0680 2224 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/02/04 16:29:40.0758 2224 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/02/04 16:29:40.0820 2224 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/02/04 16:29:40.0898 2224 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/02/04 16:29:41.0054 2224 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/02/04 16:29:41.0194 2224 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/02/04 16:29:41.0366 2224 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/02/04 16:29:41.0460 2224 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/02/04 16:29:41.0616 2224 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/02/04 16:29:41.0709 2224 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/02/04 16:29:41.0974 2224 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/02/04 16:29:42.0052 2224 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/02/04 16:29:42.0318 2224 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/02/04 16:29:42.0364 2224 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/02/04 16:29:42.0442 2224 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    2011/02/04 16:29:42.0786 2224 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/02/04 16:29:42.0973 2224 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/02/04 16:29:43.0113 2224 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/02/04 16:29:43.0207 2224 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/02/04 16:29:43.0238 2224 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/02/04 16:29:43.0394 2224 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
    2011/02/04 16:29:43.0581 2224 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/02/04 16:29:43.0675 2224 ================================================================================
    2011/02/04 16:29:43.0675 2224 Scan finished
    2011/02/04 16:29:43.0675 2224 ================================================================================
    2011/02/04 16:29:43.0706 3764 Detected object count: 1
    2011/02/04 16:30:00.0460 3764 \HardDisk0 - will be cured after reboot
    2011/02/04 16:30:00.0460 3764 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/02/04 16:30:19.0352 2168 Deinitialize success
     
    BillB,
    #7
  9. 2011/02/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good :)

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #8
  10. 2011/02/05
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    I disabled the Avast shields before running combofix, but it still complained about them being active, not sure if that was a problem or not. Here are the new logs;

    ComboFix 11-01-31.02 - judithwright 02/05/2011 11:13:32.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1969 [GMT -5:00]
    Running from: c:\users\judithwright\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\judithwright\GoToAssistDownloadHelper.exe

    .
    ((((((((((((((((((((((((( Files Created from 2011-01-05 to 2011-02-05 )))))))))))))))))))))))))))))))
    .

    2011-02-05 16:20 . 2011-02-05 16:20 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-04 18:28 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-04 18:28 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-17 18:33 . 2011-01-17 18:33 141824 --sha-r- c:\windows\system32\C_10006S.dll
    2011-01-16 00:48 . 2011-01-16 00:48 -------- d-----w- c:\windows\Sun
    2011-01-12 14:03 . 2011-01-12 14:03 -------- d-----w- c:\program files\WOT
    2011-01-10 20:09 . 2011-01-10 20:09 -------- d-----w- c:\users\judithwright\AppData\Local\Windows Live
    2011-01-10 17:34 . 2010-12-31 20:06 38848 ----a-w- c:\windows\avastSS.scr
    2011-01-10 17:33 . 2011-01-10 17:33 -------- d-----w- c:\programdata\Alwil Software
    2011-01-10 16:44 . 2011-01-10 16:44 -------- d-----w- c:\users\judithwright\AppData\Roaming\SUPERAntiSpyware.com
    2011-01-10 16:44 . 2011-01-10 16:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-01-10 16:44 . 2011-01-10 16:44 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-01-10 16:42 . 2011-01-12 14:14 -------- d-----w- c:\program files\SpywareBlaster
    2011-01-07 23:46 . 2011-01-07 23:46 -------- d-----w- c:\program files\Common Files\HP

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-13 08:47 . 2009-07-09 00:17 188216 ----a-w- c:\windows\system32\aswBoot.exe
    2011-01-13 08:41 . 2009-07-09 00:17 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-01-13 08:40 . 2009-07-09 00:18 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-01-13 08:37 . 2009-07-09 00:18 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-01-13 08:37 . 2009-07-09 00:17 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-01-13 08:37 . 2009-07-09 00:17 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
    2010-11-10 04:33 . 2011-01-05 18:48 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{297A2200-A6F5-41B9-BEE9-A50DF800B7DF}\mpengine.dll
    .
    Code:
    <pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu .exe
c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu .exe
c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu .exe
c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu .exe
c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu .exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\HP\QuickPlay\QPService .exe
c:\program files\Java\jre1.6.0_07\bin\jusched .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
</pre>
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-29 02:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
    "LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    "Weather "= "c:\program files\AWS\WeatherBug\Weather.exe" [2009-10-20 1693184]
    "SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2424560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
    "avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
    "Malwarebytes' Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

    c:\users\judithwright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1343400]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
    S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: judiwrightartgallery.com\www
    Trusted Zone: vistaprint.com\www
    DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
    FF - ProfilePath - c:\users\judithwright\AppData\Roaming\Mozilla\Firefox\Profiles\iip4jjx9.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=13842&l=dis
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SRFV5&o=13840&locale=en_US&apn_uid=E187B884-6B13-4DD0-84BD-DFB3D85BE8F4&apn_ptnrs=SJ&apn_sauid=B5B7AA4A-95D7-402B-ACDD-BFD65C1C30F5&apn_dtid=YYYYYYYYUS&q=
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Serif Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    AddRemove-CNXT_AUDIO_HDA - c:\program files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-02-05 11:22:50
    ComboFix-quarantined-files.txt 2011-02-05 16:22

    Pre-Run: 231,718,924,288 bytes free
    Post-Run: 231,633,715,200 bytes free

    - - End Of File - - C39116F7542B39E8571059FD5B1A1096


    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 02/05/2011 at 11:25:53.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:

    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\runonce.exe


    Rkill completed on 02/05/2011 at 11:26:00.
     
    BillB,
    #9
  11. 2011/02/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall Ask Toolbar, known foistware.

    ================================================================

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    RenV::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu .exe
c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu .exe
c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu .exe
c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu .exe
c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu .exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\HP\QuickPlay\QPService .exe
c:\program files\Java\jre1.6.0_07\bin\jusched .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #10
  12. 2011/02/05
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    Here's the new log;

    ComboFix 11-01-31.02 - judithwright 02/05/2011 12:32:27.2.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2814.1853 [GMT -5:00]
    Running from: c:\users\judithwright\Desktop\ComboFix.exe
    Command switches used :: c:\users\judithwright\Desktop\CFScript.txt
    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2011-01-05 to 2011-02-05 )))))))))))))))))))))))))))))))
    .

    2011-02-05 17:38 . 2011-02-05 17:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-04 18:28 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-04 18:28 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-17 18:33 . 2011-01-17 18:33 141824 --sha-r- c:\windows\system32\C_10006S.dll
    2011-01-16 00:48 . 2011-01-16 00:48 -------- d-----w- c:\windows\Sun
    2011-01-12 14:03 . 2011-01-12 14:03 -------- d-----w- c:\program files\WOT
    2011-01-10 20:09 . 2011-01-10 20:09 -------- d-----w- c:\users\judithwright\AppData\Local\Windows Live
    2011-01-10 17:34 . 2010-12-31 20:06 38848 ----a-w- c:\windows\avastSS.scr
    2011-01-10 17:33 . 2011-01-10 17:33 -------- d-----w- c:\programdata\Alwil Software
    2011-01-10 16:44 . 2011-01-10 16:44 -------- d-----w- c:\users\judithwright\AppData\Roaming\SUPERAntiSpyware.com
    2011-01-10 16:44 . 2011-01-10 16:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-01-10 16:44 . 2011-01-10 16:44 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-01-10 16:42 . 2011-01-12 14:14 -------- d-----w- c:\program files\SpywareBlaster
    2011-01-07 23:46 . 2011-01-07 23:46 -------- d-----w- c:\program files\Common Files\HP

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-13 08:47 . 2009-07-09 00:17 188216 ----a-w- c:\windows\system32\aswBoot.exe
    2011-01-13 08:41 . 2009-07-09 00:17 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-01-13 08:40 . 2009-07-09 00:18 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-01-13 08:37 . 2009-07-09 00:18 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-01-13 08:37 . 2009-07-09 00:17 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-01-13 08:37 . 2009-07-09 00:17 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
    2010-11-10 04:33 . 2011-01-05 18:48 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{297A2200-A6F5-41B9-BEE9-A50DF800B7DF}\mpengine.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
    "LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
    "Weather "= "c:\program files\AWS\WeatherBug\Weather.exe" [2009-10-20 1693184]
    "SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2424560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
    "avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
    "Malwarebytes' Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

    c:\users\judithwright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1343400]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
    S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: judiwrightartgallery.com\www
    Trusted Zone: vistaprint.com\www
    DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
    FF - ProfilePath - c:\users\judithwright\AppData\Roaming\Mozilla\Firefox\Profiles\iip4jjx9.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=13842&l=dis
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-02-05 12:41:02
    ComboFix-quarantined-files.txt 2011-02-05 17:41
    ComboFix2.txt 2011-02-05 16:22

    Pre-Run: 231,242,637,312 bytes free
    Post-Run: 231,194,099,712 bytes free

    - - End Of File - - 2D8F057E596AE30E9B3A45A81DDC51AD
     
    BillB,
    #11
  13. 2011/02/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #12
  14. 2011/02/05
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    The machine isn't doing to badly, the white smoke pop has gone. Here are the new logs;

    OTL Extras logfile created on: 2/5/2011 3:17:03 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\judithwright\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
    5.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 287.17 Gb Total Space | 215.37 Gb Free Space | 75.00% Space Free | Partition Type: NTFS
    Drive D: | 10.92 Gb Total Space | 1.81 Gb Free Space | 16.57% Space Free | Partition Type: NTFS

    Computer Name: JUDITHWRIGHT-PC | User Name: judithwright | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2525398949-4156741840-1587911372-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
    "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{09234F0D-5971-4701-94EE-89CB6926E273}" = Serif PhotoPlus SE
    "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
    "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1ADB7BF5-F8EB-4F76-98FD-65A7FFBEAECE}" = Whitesmoke Translator
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
    "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
    "{35599970-EAA2-012B-ACE9-000000000000}" = TurboTax 2009 waliper
    "{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{3C9AE630-EAA2-012B-AEB0-000000000000}" = TurboTax 2009 wsciper
    "{3D29DFC0-EAA2-012B-AED3-000000000000}" = TurboTax 2009 wvaiper
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
    "{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
    "{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8F931595-5561-4E26-AC78-7E9B1E3E9C98}" = WeatherBug
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F99520C7-7EE6-472E-8DD8-E60003A9292F}" = WOT for Internet Explorer
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "avast5" = avast! Free Antivirus
    "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "NVIDIA Drivers" = NVIDIA Drivers
    "Picasa 3" = Picasa 3
    "Shop for HP Supplies" = Shop for HP Supplies
    "SpywareBlaster_is1" = SpywareBlaster 4.4
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TurboTax 2009" = TurboTax 2009
    "WildTangent hp Master Uninstall" = My HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinZip" = WinZip
    "Yahoo! Companion" = Yahoo! Toolbar

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
    BillB,
    #13
  15. 2011/02/05
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    OTL logfile created on: 2/5/2011 3:17:03 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\judithwright\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
    5.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 287.17 Gb Total Space | 215.37 Gb Free Space | 75.00% Space Free | Partition Type: NTFS
    Drive D: | 10.92 Gb Total Space | 1.81 Gb Free Space | 16.57% Space Free | Partition Type: NTFS

    Computer Name: JUDITHWRIGHT-PC | User Name: judithwright | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/02/05 15:15:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\judithwright\Desktop\OTL.exe
    PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/10/20 11:08:26 | 001,693,184 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
    PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
    PRC - [2007/06/07 01:50:14 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbtcoms.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/02/05 15:15:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\judithwright\Desktop\OTL.exe
    MOD - [2011/01/13 03:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009/07/13 20:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
    MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009/07/13 20:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
    MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/04/19 14:11:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
    SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
    SRV - [2007/06/07 01:50:14 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/01/13 03:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009/07/23 20:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
    DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009/07/13 18:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
    DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
    DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
    DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
    DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
    DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
    DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009/07/13 17:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
    DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2009/07/13 17:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/09/19 19:43:50 | 000,061,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
    DRV - [2008/06/05 11:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2008/05/09 14:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2008/04/24 17:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2008/04/17 13:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2007/10/31 20:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2007/10/31 20:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2007/10/31 20:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?pc=Z007&form=ZGAPHP
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?pc=Z007&form=ZGAPHP
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 3A FB 56 8E 84 CA 01 [binary data]
    IE - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com "
    FF - prefs.js..browser.search.defaultenginename: "Ask.com "
    FF - prefs.js..browser.search.order.1: "Ask.com "
    FF - prefs.js..browser.search.selectedEngine: "Ask.com "
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.ask.com?o=13842&l=dis "
    FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/15 12:12:13 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/17 16:31:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/17 16:31:02 | 000,000,000 | ---D | M]
     
    BillB,
    #14
  16. 2011/02/05
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    [2010/08/16 14:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\judithwright\AppData\Roaming\Mozilla\Extensions
    [2009/12/19 15:00:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\judithwright\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2011/02/05 12:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\judithwright\AppData\Roaming\Mozilla\Firefox\Profiles\iip4jjx9.default\extensions
    [2010/08/16 14:20:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\judithwright\AppData\Roaming\Mozilla\Firefox\Profiles\iip4jjx9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/01/12 08:58:16 | 000,000,000 | ---D | M] (WOT) -- C:\Users\judithwright\AppData\Roaming\Mozilla\Firefox\Profiles\iip4jjx9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/02/04 13:09:29 | 000,002,569 | ---- | M] () -- C:\Users\judithwright\AppData\Roaming\Mozilla\Firefox\Profiles\iip4jjx9.default\searchplugins\askcom.xml
    [2010/08/16 14:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/02/15 12:12:13 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
    [2011/02/04 13:12:47 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

    O1 HOSTS File: ([2011/02/05 11:20:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O15 - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\..Trusted Domains: judiwrightartgallery.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\..Trusted Domains: vistaprint.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab (HP Product Detection Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\palladium.exe) - File not found
    O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\palladium.exe) - File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
    NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)


    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/05 15:15:04 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\judithwright\Desktop\OTL.exe
    [2011/02/05 12:41:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/02/05 12:39:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/02/05 12:30:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/02/05 11:11:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/02/05 11:11:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/02/05 11:11:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/02/05 11:11:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/02/05 11:09:50 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/02/04 16:28:13 | 001,360,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\judithwright\Desktop\TDSSKiller.exe
    [2011/02/04 13:28:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/02/04 13:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/02/04 13:28:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/02/04 13:12:14 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\judithwright\Desktop\TFC.exe
    [2011/01/15 19:48:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2011/01/12 09:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
    [2011/01/10 15:35:26 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/01/10 15:09:31 | 000,000,000 | ---D | C] -- C:\Users\judithwright\AppData\Local\Windows Live
    [2011/01/10 12:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2011/01/10 12:34:05 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/01/10 12:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2011/01/10 11:44:09 | 000,000,000 | ---D | C] -- C:\Users\judithwright\AppData\Roaming\SUPERAntiSpyware.com
    [2011/01/10 11:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/01/10 11:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011/01/10 11:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/01/10 11:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
    [2011/01/10 11:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
    [2011/01/07 18:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
    [2007/01/30 14:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbtpmui.dll
    [2007/01/30 14:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbtserv.dll
    [2007/01/30 14:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomm.dll
    [2007/01/30 14:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbtlmpm.dll
    [2007/01/30 14:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbtiesc.dll
    [2007/01/30 14:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbtpplc.dll
    [2007/01/30 14:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomc.dll
    [2007/01/30 14:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbtprox.dll
    [2007/01/30 14:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbtinpa.dll
    [2007/01/30 14:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbtusb1.dll
    [2007/01/30 14:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbthbn3.dll
    [2 C:\Users\judithwright\Documents\*.tmp files -> C:\Users\judithwright\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/02/05 15:15:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\judithwright\Desktop\OTL.exe
    [2011/02/05 15:14:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/02/05 11:55:00 | 000,011,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/02/05 11:55:00 | 000,011,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/02/05 11:20:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/02/05 11:05:03 | 2213,351,424 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/04 16:50:44 | 000,720,369 | ---- | M] () -- C:\Users\judithwright\Desktop\rkill.exe
    [2011/02/04 16:49:05 | 004,263,406 | R--- | M] () -- C:\Users\judithwright\Desktop\ComboFix.exe
    [2011/02/04 13:28:44 | 000,619,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/02/04 13:28:44 | 000,105,646 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/02/04 13:28:37 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/04 13:24:09 | 000,624,128 | ---- | M] () -- C:\Users\judithwright\Desktop\dds.scr
    [2011/02/04 13:23:29 | 000,080,384 | ---- | M] () -- C:\Users\judithwright\Desktop\MBRCheck.exe
    [2011/02/04 13:21:01 | 000,296,448 | ---- | M] () -- C:\Users\judithwright\Desktop\2b0nx59p.exe
    [2011/02/04 13:12:29 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\judithwright\Desktop\TFC.exe
    [2011/02/02 21:58:00 | 000,078,336 | ---- | M] () -- C:\Users\judithwright\Documents\Name Badge Template.doc
    [2011/02/01 10:36:10 | 001,360,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\judithwright\Desktop\TDSSKiller.exe
    [2011/01/31 20:45:54 | 000,000,246 | ---- | M] () -- C:\ProgramData\hpqp.ini
    [2011/01/30 17:08:59 | 000,000,112 | ---- | M] () -- C:\ProgramData\SwUNRAt.dat
    [2011/01/27 21:00:41 | 000,011,752 | ---- | M] () -- C:\Users\judithwright\Documents\CONDO EXPENSES VS. INCOME AS OF DEC. 2010.xlsx
    [2011/01/24 20:45:17 | 000,011,291 | ---- | M] () -- C:\Users\judithwright\Documents\Did you see where some baseball.docx
    [2011/01/24 11:26:59 | 274,160,160 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/01/20 13:07:48 | 000,875,838 | ---- | M] () -- C:\Users\judithwright\Documents\Doc1.docx
    [2011/01/19 19:32:32 | 000,014,908 | ---- | M] () -- C:\Users\judithwright\Documents\In the Spotlight with John and Diana Peschio.docx
    [2011/01/18 19:23:13 | 000,011,921 | ---- | M] () -- C:\Users\judithwright\Documents\Peanuts Quiz.docx
    [2011/01/17 13:33:42 | 000,141,824 | RHS- | M] () -- C:\Windows\System32\C_10006S.dll
    [2011/01/16 19:14:51 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011/01/13 03:37:19 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011/01/12 20:56:48 | 000,036,864 | ---- | M] () -- C:\Users\judithwright\Documents\Name Tags for Paintings 2.doc
    [2011/01/12 09:03:57 | 000,000,165 | ---- | M] () -- C:\Windows\setup.iss
    [2011/01/10 12:35:51 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/01/10 11:44:04 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/01/10 11:42:29 | 000,000,977 | ---- | M] () -- C:\Users\judithwright\Desktop\SpywareBlaster.lnk
    [2011/01/07 18:53:37 | 000,001,112 | ---- | M] () -- C:\Windows\System32\Improve Your PC.lnk
    [2011/01/07 09:49:44 | 000,373,691 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110108-133356.backup
    [2011/01/06 20:41:39 | 000,098,816 | ---- | M] () -- C:\Users\judithwright\Documents\Martha vs Maxine.doc
    [2 C:\Users\judithwright\Documents\*.tmp files -> C:\Users\judithwright\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/02/05 11:11:45 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/02/05 11:11:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/02/05 11:11:45 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/02/05 11:11:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/02/05 11:11:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/02/04 16:50:33 | 000,720,369 | ---- | C] () -- C:\Users\judithwright\Desktop\rkill.exe
    [2011/02/04 16:48:51 | 004,263,406 | R--- | C] () -- C:\Users\judithwright\Desktop\ComboFix.exe
    [2011/02/04 13:28:37 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/04 13:24:01 | 000,624,128 | ---- | C] () -- C:\Users\judithwright\Desktop\dds.scr
    [2011/02/04 13:23:24 | 000,080,384 | ---- | C] () -- C:\Users\judithwright\Desktop\MBRCheck.exe
    [2011/02/04 13:21:01 | 000,296,448 | ---- | C] () -- C:\Users\judithwright\Desktop\2b0nx59p.exe
    [2011/01/30 17:08:59 | 000,000,112 | ---- | C] () -- C:\ProgramData\SwUNRAt.dat
    [2011/01/27 21:00:41 | 000,011,752 | ---- | C] () -- C:\Users\judithwright\Documents\CONDO EXPENSES VS. INCOME AS OF DEC. 2010.xlsx
    [2011/01/24 20:45:17 | 000,011,291 | ---- | C] () -- C:\Users\judithwright\Documents\Did you see where some baseball.docx
    [2011/01/20 13:07:47 | 000,875,838 | ---- | C] () -- C:\Users\judithwright\Documents\Doc1.docx
    [2011/01/18 22:12:26 | 000,014,908 | ---- | C] () -- C:\Users\judithwright\Documents\In the Spotlight with John and Diana Peschio.docx
    [2011/01/18 19:23:11 | 000,011,921 | ---- | C] () -- C:\Users\judithwright\Documents\Peanuts Quiz.docx
    [2011/01/17 13:33:42 | 000,141,824 | RHS- | C] () -- C:\Windows\System32\C_10006S.dll
    [2011/01/16 19:07:12 | 274,160,160 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/01/12 09:02:04 | 000,000,165 | ---- | C] () -- C:\Windows\setup.iss
    [2011/01/10 12:35:51 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/01/10 11:44:04 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/01/10 11:42:29 | 000,000,977 | ---- | C] () -- C:\Users\judithwright\Desktop\SpywareBlaster.lnk
    [2011/01/07 18:53:37 | 000,001,112 | ---- | C] () -- C:\Windows\System32\Improve Your PC.lnk
    [2011/01/06 20:41:38 | 000,098,816 | ---- | C] () -- C:\Users\judithwright\Documents\Martha vs Maxine.doc
    [2010/02/15 12:01:34 | 000,002,601 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2010/02/02 15:24:43 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
    [2009/12/16 21:23:12 | 000,028,504 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/12/16 19:17:59 | 000,028,504 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/12/16 12:25:43 | 000,000,000 | ---- | C] () -- C:\Users\judithwright\AppData\Local\QSwitch.txt
    [2009/12/16 12:25:43 | 000,000,000 | ---- | C] () -- C:\Users\judithwright\AppData\Local\DSwitch.txt
    [2009/12/16 12:25:43 | 000,000,000 | ---- | C] () -- C:\Users\judithwright\AppData\Local\AtStart.txt
    [2009/12/16 12:25:40 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
    [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2007/02/19 07:20:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlbtinsr.dll
    [2007/02/19 07:20:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlbtcur.dll
    [2007/02/19 07:20:02 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlbtjswr.dll
    [2007/02/19 07:17:06 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlbtinsb.dll
    [2007/02/19 07:17:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbtcub.dll
    [2007/02/19 07:16:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbtcu.dll
    [2007/02/19 07:16:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlbtins.dll
    [2007/02/19 07:15:34 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlbtutil.dll
    [2007/02/07 17:57:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbtcoin.dll
    [2007/01/22 07:18:28 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlbtcfg.dll
    [2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2005/08/18 10:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbtvs.dll
    [2005/05/25 13:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbtcnv4.dll

    ========== LOP Check ==========

    [2010/08/22 22:17:13 | 000,000,000 | ---D | M] -- C:\Users\judithwright\AppData\Roaming\PlayFirst
    [2010/09/11 13:36:51 | 000,000,000 | ---D | M] -- C:\Users\judithwright\AppData\Roaming\Serif
    [2009/12/19 15:00:28 | 000,000,000 | ---D | M] -- C:\Users\judithwright\AppData\Roaming\Thunderbird
    [2010/07/22 14:11:29 | 000,000,000 | ---D | M] -- C:\Users\judithwright\AppData\Roaming\W Photo Studio Viewer
    [2010/01/23 10:04:42 | 000,000,000 | ---D | M] -- C:\Users\judithwright\AppData\Roaming\WeatherBug
    [2009/12/15 23:23:11 | 000,000,000 | ---D | M] -- C:\Users\judithwright\AppData\Roaming\WildTangent
    [2011/02/04 13:08:32 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2009/12/16 01:47:30 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/02/05 12:41:03 | 000,008,394 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/02/11 19:32:36 | 000,000,816 | ---- | M] () -- C:\dlbt.log
    [2011/02/05 11:05:03 | 2213,351,424 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/23 08:45:42 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2011/02/05 11:05:13 | 2951,139,328 | -HS- | M] () -- C:\pagefile.sys
    [2011/02/05 11:26:00 | 000,000,428 | ---- | M] () -- C:\rkill.log
    [2011/02/04 16:30:19 | 000,066,366 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_04.02.2011_16.29.01_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/01/30 09:44:30 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\dlbtPP5C.DLL
    [2008/10/06 15:37:30 | 000,315,392 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpfpp083.dll
    [2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
    [2009/07/13 20:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/12/31 15:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >
     
    BillB,
    #15
  17. 2011/02/05
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/07/25 15:03:43 | 000,000,286 | -HS- | M] () -- C:\Users\judithwright\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
    [2009/12/16 12:25:23 | 000,000,221 | -HS- | M] () -- C:\Users\judithwright\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/02/04 13:21:01 | 000,296,448 | ---- | M] () -- C:\Users\judithwright\Desktop\2b0nx59p.exe
    [2011/02/04 16:49:05 | 004,263,406 | R--- | M] () -- C:\Users\judithwright\Desktop\ComboFix.exe
    [2011/02/04 13:23:29 | 000,080,384 | ---- | M] () -- C:\Users\judithwright\Desktop\MBRCheck.exe
    [2011/02/05 15:15:06 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\judithwright\Desktop\OTL.exe
    [2011/02/04 16:50:44 | 000,720,369 | ---- | M] () -- C:\Users\judithwright\Desktop\rkill.exe
    [2011/02/01 10:36:10 | 001,360,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\judithwright\Desktop\TDSSKiller.exe
    [2011/02/04 13:12:29 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\judithwright\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >
    [2010/04/08 18:21:44 | 000,000,698 | ---- | M] () -- C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/04 17:43:43 | 000,000,402 | -HS- | M] () -- C:\Users\judithwright\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/01/31 20:45:54 | 000,000,246 | ---- | M] () -- C:\ProgramData\hpqp.ini
    [2010/07/29 18:14:12 | 000,000,021 | ---- | M] () -- C:\ProgramData\hpqp.txt
    [2010/05/17 12:20:17 | 000,002,601 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2010/04/05 18:23:27 | 000,028,504 | ---- | M] () -- C:\ProgramData\nvModes.001

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 989 bytes -> C:\Users\judithwright\Documents\Woolworth 1957 sandwich menu____.eml:OECustomProperty
    @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
    @Alternate Data Stream - 893 bytes -> C:\Users\judithwright\Documents\AmExpress Personal Security Key.eml:OECustomProperty
    @Alternate Data Stream - 1007 bytes -> C:\Users\judithwright\Documents\Your Etsy Username.eml:OECustomProperty

    < End of report >
     
    BillB,
    #16
  18. 2011/02/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===============================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
FF - prefs.js..browser.search.defaultengine:  "Ask.com "
FF - prefs.js..browser.search.defaultenginename:  "Ask.com "
FF - prefs.js..browser.search.order.1:  "Ask.com "
FF - prefs.js..browser.search.selectedEngine:  "Ask.com "
FF - prefs.js..browser.startup.homepage:  "http://www.ask.com?o=13842&l=dis "
[2011/02/04 13:12:47 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml
[2011/02/04 13:09:29 | 000,002,569 | ---- | M] () -- C:\Users\judithwright\AppData\Roaming\Mozilla\Firefox\Profiles\iip4jjx9.def ault\searchplugins\askcom.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O15 - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\..Trusted Domains: judiwrightartgallery.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\..Trusted Domains: vistaprint.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2525398949-4156741840-1587911372-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\palladium.exe) - File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\palladium.exe) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2 C:\Users\judithwright\Documents\*.tmp files -> C:\Users\judithwright\Documents\*.tmp -> ]

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #17
  19. 2011/02/05
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    Java has been updated and old versions removed. Eset scan was clean. Here are the logs you requested;

    All processes killed
    ========== OTL ==========
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: "Ask.com" removed from browser.search.defaultenginename
    Prefs.js: "Ask.com" removed from browser.search.order.1
    Prefs.js: "Ask.com" removed from browser.search.selectedEngine
    Prefs.js: "http://www.ask.com?o=13842&l=dis" removed from browser.startup.homepage
    C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml moved successfully.
    File C:\Users\judithwright\AppData\Roaming\Mozilla\Firefox\Profiles\iip4jjx9.def ault\searchplugins\askcom.xml not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware (reboot) deleted successfully.
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe moved successfully.
    Registry key HKEY_USERS\S-1-5-21-2525398949-4156741840-1587911372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2525398949-4156741840-1587911372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\judiwrightartgallery.com\www\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2525398949-4156741840-1587911372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vistaprint.com\www\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2525398949-4156741840-1587911372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
    Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Windows\system32\config\systemprofile\AppData\Roaming\palladium.exe deleted successfully.
    Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Windows\system32\config\systemprofile\AppData\Roaming\palladium.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    C:\Users\judithwright\Documents\~WRL0001.tmp deleted successfully.
    C:\Users\judithwright\Documents\~WRL1669.tmp deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: judithwright
    ->Temp folder emptied: 41805 bytes
    ->Temporary Internet Files folder emptied: 277740 bytes
    ->Java cache emptied: 177760 bytes
    ->FireFox cache emptied: 55871854 bytes
    ->Flash cache emptied: 456 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4230 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 54.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: judithwright
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.6 log created on 02052011_155351

    Files\Folders moved on Reboot...
    C:\Users\judithwright\AppData\Local\Temp\ehmsas.txt moved successfully.

    Registry entries deleted on Reboot...


    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    avast! Free Antivirus
    Norton Internet Security
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 23
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader 9
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.13)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 AvastUI.exe
    ``````````End of Log````````````
     
    BillB,
    #18
  20. 2011/02/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    ===============================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
    broni,
    #19
  21. 2011/02/05
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    Here's the OTL log. One thing I noticed after doing the cleanup, the shortcut for Malwarebytes on the desktop doesn't work anymore. Is it possible that something removed the program?

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: judithwright
    ->Temp folder emptied: 363045 bytes
    ->Temporary Internet Files folder emptied: 1538001 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 31233710 bytes
    ->Flash cache emptied: 456 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 7273 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 32.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: judithwright
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.20.6 log created on 02052011_190622

    Files\Folders moved on Reboot...
    C:\Users\judithwright\AppData\Local\Temp\ehmsas.txt moved successfully.

    Registry entries deleted on Reboot...
     
    BillB,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...