1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Problems with IE after malware removal

Discussion in 'Malware and Virus Removal Archive' started by BillB, 2011/05/02.

  1. 2011/05/02
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    [Resolved] Problems with IE after malware removal

    I'm trying to help a friend with their PC. They were complaining of not being able to get on the internet, no pop-ups or anything else obvious. I ran Malwarebytes, Superantispyware and Avast scans, all cleaned up a few things and the PC can now connect to the internet. I tried updating to IE7 from IE6, but every time I try to open it, it just flashes and goes away. I have tried all the suggestions from MS to fix the problem, uninstall and reinstall, re-registering IEPROXY and resetting IE to defaults. I did a search and found several posts in other forums about the same problem and it was fixed by removing spyware/viruses. I'm posting here to see if there is more on the PC than the initial scans found. Here are the logs requested.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6473

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 7.0.5730.13

    4/29/2011 3:10:16 PM
    mbam-log-2011-04-29 (15-10-16).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 274080
    Time elapsed: 1 hour(s), 11 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 2 (build 2600)
    Logical Drives Mask: 0x000001fc

    Kernel Drivers (total 137):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E2000 \WINDOWS\system32\hal.dll
    0xF7ABC000 \WINDOWS\system32\KDCOM.DLL
    0xF79CC000 \WINDOWS\system32\BOOTVID.dll
    0xF748D000 ACPI.sys
    0xF7ABE000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF747C000 pci.sys
    0xF75BC000 isapnp.sys
    0xF75CC000 ohci1394.sys
    0xF75DC000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF7B84000 pciide.sys
    0xF783C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7AC0000 viaide.sys
    0xF7AC2000 intelide.sys
    0xF75EC000 MountMgr.sys
    0xF745D000 ftdisk.sys
    0xF7AC4000 dmload.sys
    0xF7437000 dmio.sys
    0xF7844000 PartMgr.sys
    0xF75FC000 VolSnap.sys
    0xF7377000 iastor.sys
    0xF735F000 atapi.sys
    0xF731C000 ftsata2.sys
    0xF7304000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    0xF760C000 disk.sys
    0xF761C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF72E5000 fltMgr.sys
    0xF72D3000 sr.sys
    0xF762C000 bb-run.sys
    0xF763C000 PxHelp20.sys
    0xF72BC000 KSecDD.sys
    0xF722F000 Ntfs.sys
    0xF7202000 NDIS.sys
    0xF71E7000 Mup.sys
    0xF766C000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF680F000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF799C000 \SystemRoot\system32\DRIVERS\ELacpi.sys
    0xF647C000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xF6468000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF6443000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF79A4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF6420000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF79AC000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF63DB000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
    0xF63B8000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF62C1000 \SystemRoot\system32\DRIVERS\HSX_DP.sys
    0xF620B000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0xF79B4000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF61E3000 \SystemRoot\system32\DRIVERS\e100b325.sys
    0xF61CF000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF67FF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF79BC000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7B24000 \??\C:\WINDOWS\System32\Drivers\Elmou.sys
    0xF79C4000 \SystemRoot\system32\DRIVERS\PS2.sys
    0xF7854000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF7B26000 \??\C:\WINDOWS\System32\Drivers\Elkbd.sys
    0xF67EF000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF67DF000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF67CF000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF7BF1000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF67BF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7AB4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF61B8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF67AF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF782C000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF786C000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF61A7000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF767C000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7874000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF787C000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF6176000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF768C000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7B28000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6142000 \SystemRoot\system32\DRIVERS\update.sys
    0xF65B9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF76AC000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF7B76000 \??\C:\WINDOWS\System32\Drivers\Elmon.sys
    0xA7706000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0x9A000000 \SystemRoot\system32\drivers\portcls.sys
    0x9ADF3000 \SystemRoot\system32\drivers\drmk.sys
    0x9ADC3000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7B38000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF7AD0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xA117D000 \SystemRoot\System32\Drivers\Null.SYS
    0xA26B2000 \SystemRoot\System32\Drivers\Beep.SYS
    0x9A30D000 \SystemRoot\System32\drivers\vga.sys
    0x9C7B7000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0x9C7B5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x9A305000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x9A2FD000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xA245C000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0x99FCD000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0x99F75000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0x9ADA3000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x99F54000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0x99F2C000 \SystemRoot\system32\DRIVERS\netbt.sys
    0x9AD93000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xA120E000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x99F0A000 \SystemRoot\System32\drivers\afd.sys
    0x9AD83000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x9AD73000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0x99EE8000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0xA1206000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0x99EBD000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x99E4E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9AD63000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA1248000 \??\C:\WINDOWS\System32\Drivers\Elhid.sys
    0xA11F6000 \??\C:\WINDOWS\System32\Drivers\HIDPARSE.SYS
    0x99E06000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x99DA8000 \SystemRoot\System32\Drivers\aswSnx.SYS
    0xA11E6000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0x9C2BA000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x99D85000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0x99CC5000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xA08D7000 \SystemRoot\System32\drivers\Dxapi.sys
    0xA0AA5000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0x9A27B000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF021000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF043000 \SystemRoot\System32\ialmdev5.DLL
    0xBF07E000 \SystemRoot\System32\ialmdd5.DLL
    0xAA40C000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xA081D000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0xA1C6E000 \SystemRoot\system32\DRIVERS\EAPPkt.sys
    0xA0BA5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x99C5E000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0x99AC9000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0x99A38000 \SystemRoot\System32\Drivers\HTTP.sys
    0x999B9000 \SystemRoot\system32\DRIVERS\srv.sys
    0x99AA1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x9992C000 \SystemRoot\system32\drivers\wdmaud.sys
    0xAA6AA000 \SystemRoot\system32\drivers\sysaudio.sys
    0x995CF000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0x989FF000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 46):
    0 System Idle Process
    4 System
    716 C:\WINDOWS\system32\smss.exe
    780 csrss.exe
    804 C:\WINDOWS\system32\winlogon.exe
    848 C:\WINDOWS\system32\services.exe
    860 C:\WINDOWS\system32\lsass.exe
    1020 C:\WINDOWS\system32\svchost.exe
    1104 svchost.exe
    1200 C:\WINDOWS\system32\svchost.exe
    1328 svchost.exe
    1372 svchost.exe
    1496 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    1956 C:\WINDOWS\system32\spoolsv.exe
    196 svchost.exe
    228 C:\WINDOWS\explorer.exe
    284 C:\WINDOWS\ehome\ehrecvr.exe
    144 C:\WINDOWS\ehome\ehSched.exe
    464 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    512 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    584 svchost.exe
    1140 C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
    1268 mcrdsvc.exe
    2024 wmiprvse.exe
    2140 C:\WINDOWS\ehome\ehtray.exe
    2160 C:\WINDOWS\RTHDCPL.EXE
    2176 C:\WINDOWS\system32\hkcmd.exe
    2184 C:\WINDOWS\system32\igfxpers.exe
    2192 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    2212 C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    2336 C:\WINDOWS\system32\dllhost.exe
    2540 C:\WINDOWS\ehome\ehmsas.exe
    2672 alg.exe
    2852 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    2860 C:\Program Files\AVAST Software\Avast\AvastUI.exe
    2996 C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    3004 C:\WINDOWS\system32\svchost.exe
    3012 C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    3868 C:\hp\KBD\kbd.exe
    2232 C:\WINDOWS\system\hpsysdrv.exe
    1616 C:\Program Files\DISC\DISCover.exe
    3288 C:\Program Files\DISC\DISCUpdMgr.exe
    3300 C:\Program Files\DISC\DiscStreamHub.exe
    2656 C:\WINDOWS\system32\wuauclt.exe
    3068 C:\WINDOWS\system32\wscntfy.exe
    2072 C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`0e8b2e00 (FAT32)

    PhysicalDrive0 Model Number: WDCWD2500JS-60NCB1, Rev: 10.02E02

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CEB


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice:

    Done!

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by HP_Administrator at 8:09:07.57 on Mon 05/02/2011
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.647 [GMT -4:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Norton Internet Worm Protection *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    svchost.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\DISC\DISCover.exe
    C:\Program Files\DISC\DiscUpdMgr.exe
    C:\Program Files\DISC\DiscStreamHub.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
    mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe "
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [<NO NAME>]
    mRun: [PCDrProfiler]
    mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
    mRun: [Reminder] "c:\windows\creator\Remind_XP.exe "
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\hp_adm~1.com\applic~1\mozilla\firefox\profiles\529cihsk.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    FF - prefs.js: network.proxy.type - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-3 371544]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-4-3 301528]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-4-3 19544]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-3 42184]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
    S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
    .
    =============== Created Last 30 ================
    .
    2011-04-21 21:03:32 -------- d-----w- c:\docume~1\hp_adm~1.com\applic~1\SUPERAntiSpyware.com
    2011-04-21 21:02:52 -------- d-----w- c:\windows\system32\appmgmt
    2011-04-20 23:28:55 -------- d-sh--w- c:\documents and settings\hp_administrator.computer\UserData
    2011-04-20 23:28:48 -------- d-----w- c:\docume~1\hp_adm~1.com\applic~1\HPQ
    2011-04-20 23:24:05 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2011-04-20 23:18:48 -------- d-sh--r- C:\cmdcons
    2011-04-20 23:06:28 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2011-04-20 21:33:21 -------- d-sh--r- c:\windows\system32\dllcache
    2011-04-04 20:24:14 -------- d-----w- C:\tmp
    2011-04-04 18:34:02 63488 ------w- c:\windows\system32\dllcache\icardie.dll
    2011-04-04 18:34:02 52224 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-04-04 18:34:02 459264 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2011-04-04 18:34:02 268288 ------w- c:\windows\system32\dllcache\iertutil.dll
    2011-04-04 18:34:02 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
    2011-04-04 18:34:01 380928 ------w- c:\windows\system32\dllcache\ieapfltr.dll
    2011-04-04 18:34:01 2452872 ------w- c:\windows\system32\dllcache\ieapfltr.dat
    2011-04-04 18:34:00 6067200 ------w- c:\windows\system32\dllcache\ieframe.dll
    2011-04-04 15:01:46 -------- d-----w- c:\windows\system32\CatRoot_bak
    2011-04-04 14:59:45 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2011-04-04 14:59:45 272128 ------w- c:\windows\system32\dllcache\bthport.sys
    2011-04-04 14:59:09 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-04-04 14:58:17 2137088 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2011-04-04 14:58:16 2181376 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
    2011-04-04 14:58:16 2016768 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
    2011-04-04 14:58:15 2058368 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2011-04-04 14:48:30 -------- d-----w- c:\windows\system32\PreInstall
    2011-04-04 13:33:02 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2011-04-03 15:32:38 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-03 15:32:23 40648 ----a-w- c:\windows\avastSS.scr
    2011-04-03 15:32:16 -------- d-----w- c:\program files\AVAST Software
    2011-04-03 15:32:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
    2011-04-03 15:04:37 -------- d-----w- c:\docume~1\hp_adm~1.com\applic~1\Malwarebytes
    2011-04-03 15:04:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-03 15:04:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-03 15:04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    .
    ==================== Find3M ====================
    .
    2011-02-04 21:48:32 456192 ------w- c:\windows\system32\encdec.dll
    2011-02-04 21:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
    .
    ============= FINISH: 8:10:30.21 ===============
     
    BillB,
    #1
  2. 2011/05/02
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/20/2011 7:11:33 PM
    System Uptime: 5/2/2011 7:52:05 AM (1 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | LEUCITE3
    Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Socket 775 | 3000/200mhz
    Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Socket 775 | 3000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 224 GiB total, 187.902 GiB free.
    D: is FIXED (FAT32) - 9 GiB total, 0.395 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 4/20/2011 7:20:21 PM - Norton Antivirus post configuration restore point
    RP2: 4/20/2011 7:23:10 PM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter
    RP3: 4/20/2011 7:39:23 PM - Configured Customer Experience Enhancement
    RP4: 3/21/2011 3:38:17 PM - System Checkpoint
    RP5: 4/3/2011 11:32:16 AM - avast! Free Antivirus Setup
    RP6: 4/4/2011 10:47:28 AM - Software Distribution Service 3.0
    RP7: 4/4/2011 12:52:58 PM - B4Updts
    RP8: 4/4/2011 12:53:24 PM - Software Distribution Service 3.0
    RP9: 4/4/2011 2:05:28 PM - B4Updts2
    RP10: 4/4/2011 2:06:26 PM - Software Distribution Service 3.0
    RP11: 4/4/2011 2:32:57 PM - B4IE7
    RP12: 4/4/2011 2:41:15 PM - Installed Windows XP KB915865.
    RP13: 4/4/2011 2:41:45 PM - Installed Windows NLSDownlevelMapping.
    RP14: 4/4/2011 2:42:12 PM - Installed Windows IDNMitigationAPIs.
    RP15: 4/4/2011 2:43:20 PM - Installed Windows Internet Explorer 7.
    RP16: 4/4/2011 2:44:03 PM - Software Distribution Service 3.0
    RP17: 4/4/2011 3:19:34 PM - B4Updts3
    RP18: 4/4/2011 3:19:53 PM - Software Distribution Service 3.0
    RP19: 4/5/2011 8:31:23 AM - Software Distribution Service 3.0
    RP20: 4/5/2011 10:27:54 AM - B4Updts4
    RP21: 4/5/2011 10:28:02 AM - Software Distribution Service 3.0
    RP22: 4/5/2011 10:40:24 AM - Software Distribution Service 3.0
    RP23: 4/5/2011 10:54:09 AM - Installed Windows XP KB915865.
    RP24: 4/5/2011 10:54:42 AM - Installed Windows NLSDownlevelMapping.
    RP25: 4/5/2011 10:55:06 AM - Installed Windows IDNMitigationAPIs.
    RP26: 4/5/2011 10:56:09 AM - Installed Windows Internet Explorer 7.
    RP27: 4/5/2011 10:56:54 AM - Software Distribution Service 3.0
    RP28: 4/6/2011 8:03:04 AM - Software Distribution Service 3.0
    RP29: 4/6/2011 12:44:46 PM - Software Distribution Service 3.0
    RP30: 4/6/2011 1:31:59 PM - Software Distribution Service 3.0
    RP31: 4/6/2011 1:36:06 PM - Software Distribution Service 3.0
    RP32: 4/7/2011 8:07:57 AM - Software Distribution Service 3.0
    RP33: 4/29/2011 1:02:49 PM - System Checkpoint
    RP34: 5/2/2011 7:53:52 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Adobe Reader 7.0.5
    AutoUpdate
    avast! Free Antivirus
    BufferChm
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    CueTour
    Data Fax SoftModem with SmartCP
    Destinations
    DeviceManagementQFolder
    DISCover
    DivX
    Easy Internet Sign-up
    Enhanced Multimedia Keyboard Solution
    FullDPAppQFolder
    GemMaster Mystic
    High Definition Audio Driver Package - KB888111
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 10 (KB910393)
    Hotfix for Windows XP (KB888795)
    Hotfix for Windows XP (KB891593)
    Hotfix for Windows XP (KB893357)
    Hotfix for Windows XP (KB895961)
    Hotfix for Windows XP (KB899337)
    Hotfix for Windows XP (KB899510)
    Hotfix for Windows XP (KB902841)
    Hotfix for Windows XP (KB906569)
    Hotfix for Windows XP (KB912024)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB935448)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB981793)
    HP Boot Optimizer
    HP DigitalMedia Archive
    HP DVD Play 2.1
    HP Imaging Device Functions 7.0
    HP Photosmart for Media Center PC
    HP Photosmart Premier Software 6.5
    HP Software Update
    HP Web Helper
    HPPhotoSmartExpress
    HpSdpAppCoreApp
    InstantShareDevices
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    Intel(R) PRO Network Connections Drivers
    Intel(R) Quick Resume Technology Drivers
    Intel® Viivâ„¢ Software
    J2SE Runtime Environment 5.0 Update 6
    LightScribe 1.4.113.1
    Macromedia Flash Player 8
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2006
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Standard Edition 2003 60 days trial
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox 4.0 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 5.0
    muvee autoProducer unPlugged 2.0
    My HP Games
    NETGEAR WG111v3 wireless USB 2.0 adapter
    Netscape Browser (remove only)
    OptionalContentQFolder
    Otto
    PC-Doctor 5 for Windows
    PhotoGallery
    Python 2.2 pywin32 extensions (build 203)
    Python 2.2.3
    Quicken 2006
    RandMap
    RealPlayer
    Realtek High Definition Audio Driver
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981350)
    Security Update for Windows XP (KB982381)
    SkinsHP1
    SlideShow
    SlideShowMusic
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Sonic_PrimoSDK
    SUPERAntiSpyware
    Unload
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB912945)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Updates from HP (remove only)
    WebFldrs XP
    WildTangent Web Driver
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Format Runtime
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB883667
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB892050
    Windows XP Hotfix - KB893066
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB912067
    Windows XP Media Center Edition 2005 KB973768
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/29/2011 12:31:24 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
    4/29/2011 12:27:21 PM, error: ipnathlp [30013] - The DHCP allocator has disabled itself on IP address 192.168.1.6, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.
    4/29/2011 1:32:20 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
    4/29/2011 1:32:20 PM, error: Service Control Manager [7034] - The Intel(R) Quick Resume technology service terminated unexpectedly. It has done this 1 time(s).
    4/29/2011 1:32:20 PM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
    BillB,
    #2


  3. to hide this advert.

  4. 2011/05/02
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-04-29 17:20:30
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.10.0
    Running: 1cis8g68.exe; Driver: C:\DOCUME~1\HP_ADM~1.COM\LOCALS~1\Temp\kgdiqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9EA0D9CA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9EA62A68]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0x9EA2DAF5]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9EA0FEAC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9EA0FF04]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9EA1001A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0x9EA2D4A9]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9EA0FE02]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9EA0FF54]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9EA0FE56]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9EA0FFC8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9EA0D9EE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0x9EA2E1BB]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0x9EA2E471]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x9EA1029E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0x9EA2E026]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0x9EA2DE91]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9EA62B18]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9EA0D7B8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9EA0DA12]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9EA10412]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9EA0E4AA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9EA0FEDC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9EA0FF2C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9EA10044]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0x9EA2D805]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9EA0FE2E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x9EA100D6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9EA0FF94]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9EA0FE84]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x9EA101BA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9EA0FFF2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9EA62BB0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0x9EA2DD0C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9EA0E370]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0x9EA2DB5E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0x9EA6AE26]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0x9EA2CB1C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9EA0DA36]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9EA0DA5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9EA0D812]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9EA0D94E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0x9EA2E2C2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9EA0D92A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9EA0D972]
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0x9EB45620]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9EA0DA7E]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9EA778DE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A4F7E 4 Bytes CALL 9EA0EE25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAF9A 1 Byte [E9]
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BAF9A 5 Bytes JMP 9EA7329E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C18D0 5 Bytes JMP 9EA74D38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFA2E 7 Bytes JMP 9EA778E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\DISC\DISCover.exe[244] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
    .text C:\Program Files\DISC\DISCover.exe[244] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
    .text C:\Program Files\DISC\DISCover.exe[244] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003E0030
    .text C:\Program Files\DISC\DISCover.exe[244] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003E006C
    .text C:\Program Files\DISC\DISCover.exe[244] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003E00E4
    .text C:\Program Files\DISC\DISCover.exe[244] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 003E0120
    .text C:\Program Files\DISC\DISCover.exe[244] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003E00A8
    .text C:\Program Files\DISC\DISCover.exe[244] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003F01D4
    .text C:\Program Files\DISC\DISCover.exe[244] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003F00E4
    .text C:\Program Files\DISC\DISCover.exe[244] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003F0120
    .text C:\Program Files\DISC\DISCover.exe[244] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003F015C
    .text C:\Program Files\DISC\DISCover.exe[244] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003F0198
    .text C:\Program Files\DISC\DISCover.exe[244] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003F0030
    .text C:\Program Files\DISC\DISCover.exe[244] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003F006C
    .text C:\Program Files\DISC\DISCover.exe[244] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003F00A8
    .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[540] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
    .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[540] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
    .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[540] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003F01D4
    .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[540] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003F00E4
    .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[540] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003F0120
    .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[540] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003F015C
    .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[540] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003F0198
    .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[540] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003F0030
    .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[540] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003F006C
    .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[540] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003F00A8
    .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[540] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00860030
    .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[540] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0086006C
    .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[540] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 008600E4
    .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[540] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00860120
    .text C:\Program Files\NETGEAR\WG111v3\WG111v3.exe[540] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 008600A8
    .text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[588] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
    .text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[588] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
    .text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[588] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00370030
    .text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[588] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0037006C
    .text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[588] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003700E4
    .text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[588] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00370120
    .text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[588] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003700A8
    .text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[588] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003801D4
    .text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[588] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003800E4
    .text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[588] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380120
    .text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[588] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 0038015C
    .text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[588] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380198
    .text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[588] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 00380030
    .text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[588] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 0038006C
    .text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[588] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003800A8
    .text C:\WINDOWS\system32\winlogon.exe[804] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00070030
    .text C:\WINDOWS\system32\winlogon.exe[804] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0007006C
    .text C:\WINDOWS\system32\winlogon.exe[804] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A01D4
    .text C:\WINDOWS\system32\winlogon.exe[804] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A00E4
    .text C:\WINDOWS\system32\winlogon.exe[804] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0120
    .text C:\WINDOWS\system32\winlogon.exe[804] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A015C
    .text C:\WINDOWS\system32\winlogon.exe[804] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0198
    .text C:\WINDOWS\system32\winlogon.exe[804] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A0030
    .text C:\WINDOWS\system32\winlogon.exe[804] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A006C
    .text C:\WINDOWS\system32\winlogon.exe[804] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A00A8
    .text C:\WINDOWS\system32\winlogon.exe[804] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\winlogon.exe[804] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\winlogon.exe[804] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\winlogon.exe[804] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\winlogon.exe[804] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
    .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A01D4
    .text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A00E4
    .text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0120
    .text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A015C
    .text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0198
    .text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A0030
    .text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A006C
    .text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A00A8
    .text C:\WINDOWS\system32\services.exe[848] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\services.exe[848] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\services.exe[848] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\services.exe[848] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\services.exe[848] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
    .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A01D4
    .text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A00E4
    .text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0120
    .text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A015C
    .text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0198
    .text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A0030
    .text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A006C
    .text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A00A8
    .text C:\WINDOWS\system32\lsass.exe[860] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\lsass.exe[860] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\lsass.exe[860] USER32.dll!SetWindowsHookExW
     
    BillB,
    #3
  5. 2011/05/02
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    .text C:\WINDOWS\system32\lsass.exe[860] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\lsass.exe[860] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
    .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A01D4
    .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A00E4
    .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0120
    .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A015C
    .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0198
    .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A0030
    .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A006C
    .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A00A8
    .text C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
    .text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A01D4
    .text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A00E4
    .text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0120
    .text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A015C
    .text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0198
    .text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A0030
    .text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A006C
    .text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A00A8
    .text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
    .text c:\windows\system\hpsysdrv.exe[1144] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
    .text c:\windows\system\hpsysdrv.exe[1144] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
    .text c:\windows\system\hpsysdrv.exe[1144] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00370030
    .text c:\windows\system\hpsysdrv.exe[1144] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0037006C
    .text c:\windows\system\hpsysdrv.exe[1144] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003700E4
    .text c:\windows\system\hpsysdrv.exe[1144] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00370120
    .text c:\windows\system\hpsysdrv.exe[1144] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003700A8
    .text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
    .text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
    .text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A01D4
    .text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A00E4
    .text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0120
    .text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A015C
    .text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0198
    .text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A0030
    .text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A006C
    .text C:\WINDOWS\System32\svchost.exe[1196] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A00A8
    .text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
    .text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
    .text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
    .text C:\WINDOWS\System32\svchost.exe[1196] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
    .text C:\WINDOWS\System32\svchost.exe[1264] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
    .text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A01D4
    .text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A00E4
    .text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0120
    .text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A015C
    .text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0198
    .text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A0030
    .text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A006C
    .text C:\WINDOWS\System32\svchost.exe[1264] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A00A8
    .text C:\WINDOWS\System32\svchost.exe[1264] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
    .text C:\WINDOWS\System32\svchost.exe[1264] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
    .text C:\WINDOWS\System32\svchost.exe[1264] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\System32\svchost.exe[1264] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
    .text C:\WINDOWS\System32\svchost.exe[1264] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
    .text C:\HP\KBD\KBD.EXE[1312] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
    .text C:\HP\KBD\KBD.EXE[1312] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
    .text C:\HP\KBD\KBD.EXE[1312] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00370030
    .text C:\HP\KBD\KBD.EXE[1312] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0037006C
    .text C:\HP\KBD\KBD.EXE[1312] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003700E4
    .text C:\HP\KBD\KBD.EXE[1312] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00370120
    .text C:\HP\KBD\KBD.EXE[1312] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003700A8
    .text C:\HP\KBD\KBD.EXE[1312] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003801D4
    .text C:\HP\KBD\KBD.EXE[1312] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003800E4
    .text C:\HP\KBD\KBD.EXE[1312] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380120
    .text C:\HP\KBD\KBD.EXE[1312] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 0038015C
    .text C:\HP\KBD\KBD.EXE[1312] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380198
    .text C:\HP\KBD\KBD.EXE[1312] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 00380030
    .text C:\HP\KBD\KBD.EXE[1312] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 0038006C
    .text C:\HP\KBD\KBD.EXE[1312] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003800A8
    .text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
    .text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A01D4
    .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A00E4
    .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0120
    .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A015C
    .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0198
    .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A0030
    .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A006C
    .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A00A8
    .text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
    .text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A01D4
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A00E4
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0120
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A015C
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0198
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A0030
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A006C
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A00A8
    .text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1608] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\WINDOWS\Explorer.EXE[1792] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
    .text C:\WINDOWS\Explorer.EXE[1792] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
    .text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002B01D4
    .text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002B0120
    .text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002B015C
    .text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002B0198
    .text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002B0030
    .text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002B006C
    .text C:\WINDOWS\Explorer.EXE[1792] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002C0030
    .text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002C006C
    .text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002C0120
    .text C:\WINDOWS\Explorer.EXE[1792] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002C00A8
    .text C:\WINDOWS\system32\wuauclt.exe[1800] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000A0030
    .text C:\WINDOWS\system32\wuauclt.exe[1800] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000A006C
    .text C:\WINDOWS\system32\wuauclt.exe[1800] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002B01D4
    .text C:\WINDOWS\system32\wuauclt.exe[1800] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\wuauclt.exe[1800] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\wuauclt.exe[1800] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002B015C
    .text C:\WINDOWS\system32\wuauclt.exe[1800] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002B0198
    .text C:\WINDOWS\system32\wuauclt.exe[1800] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\wuauclt.exe[1800] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\wuauclt.exe[1800] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\system32\wuauclt.exe[1800] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002C0030
    .text C:\WINDOWS\system32\wuauclt.exe[1800] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002C006C
    .text C:\WINDOWS\system32\wuauclt.exe[1800] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\system32\wuauclt.exe[1800] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002C0120
    .text C:\WINDOWS\system32\wuauclt.exe[1800] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002C00A8
    .text C:\WINDOWS\system32\spoolsv.exe[1820] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
    .text C:\WINDOWS\system32\spoolsv.exe[1820] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\spoolsv.exe[1820] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A01D4
    .text C:\WINDOWS\system32\spoolsv.exe[1820] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A00E4
    .text C:\WINDOWS\system32\spoolsv.exe[1820] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0120
    .text C:\WINDOWS\system32\spoolsv.exe[1820] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A015C
    .text C:\WINDOWS\system32\spoolsv.exe[1820] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0198
    .text C:\WINDOWS\system32\spoolsv.exe[1820] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A0030
    .text C:\WINDOWS\system32\spoolsv.exe[1820] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A006C
    .text C:\WINDOWS\system32\spoolsv.exe[1820] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A00A8
    .text C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\spoolsv.exe[1820] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\ehome\ehtray.exe[1952] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
    .text C:\WINDOWS\ehome\ehtray.exe[1952] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
    .text C:\WINDOWS\ehome\ehtray.exe[1952] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002D0030
    .text C:\WINDOWS\ehome\ehtray.exe[1952] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002D006C
    .text C:\WINDOWS\ehome\ehtray.exe[1952] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002D00E4
    .text C:\WINDOWS\ehome\ehtray.exe[1952] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002D0120
    .text C:\WINDOWS\ehome\ehtray.exe[1952] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002D00A8
    .text C:\WINDOWS\ehome\ehtray.exe[1952] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002E01D4
    .text C:\WINDOWS\ehome\ehtray.exe[1952] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002E00E4
    .text C:\WINDOWS\ehome\ehtray.exe[1952] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002E0120
    .text C:\WINDOWS\ehome\ehtray.exe[1952] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002E015C
    .text C:\WINDOWS\ehome\ehtray.exe[1952] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002E0198
    .text C:\WINDOWS\ehome\ehtray.exe[1952] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002E0030
    .text C:\WINDOWS\ehome\ehtray.exe[1952] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002E006C
    .text C:\WINDOWS\ehome\ehtray.exe[1952] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002E00A8
    .text C:\WINDOWS\RTHDCPL.EXE[1968] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
    .text C:\WINDOWS\RTHDCPL.EXE[1968] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
    .text C:\WINDOWS\RTHDCPL.EXE[1968] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00370030
    .text C:\WINDOWS\RTHDCPL.EXE[1968] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0037006C
    .text C:\WINDOWS\RTHDCPL.EXE[1968] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003700E4
    .text C:\WINDOWS\RTHDCPL.EXE[1968] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00370120
    .text C:\WINDOWS\RTHDCPL.EXE[1968] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003700A8
    .text C:\WINDOWS\RTHDCPL.EXE[1968] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003801D4
    .text C:\WINDOWS\RTHDCPL.EXE[1968] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003800E4
    .text C:\WINDOWS\RTHDCPL.EXE[1968] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380120
    .text C:\WINDOWS\RTHDCPL.EXE[1968] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 0038015C
    .text C:\WINDOWS\RTHDCPL.EXE[1968] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380198
    .text C:\WINDOWS\RTHDCPL.EXE[1968] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 00380030
    .text C:\WINDOWS\RTHDCPL.EXE[1968] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 0038006C
    .text C:\WINDOWS\RTHDCPL.EXE[1968] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003800A8
    .text C:\WINDOWS\system32\hkcmd.exe[1976] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
    .text C:\WINDOWS\system32\hkcmd.exe[1976] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
    .text C:\WINDOWS\system32\hkcmd.exe[1976] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00370030
    .text C:\WINDOWS\system32\hkcmd.exe[1976] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0037006C
    .text C:\WINDOWS\system32\hkcmd.exe[1976] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003700E4
    .text C:\WINDOWS\system32\hkcmd.exe[1976] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00370120
    .text C:\WINDOWS\system32\hkcmd.exe[1976] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003700A8
    .text C:\WINDOWS\system32\hkcmd.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003801D4
    .text C:\WINDOWS\system32\hkcmd.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003800E4
    .text C:\WINDOWS\system32\hkcmd.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380120
    .text C:\WINDOWS\system32\hkcmd.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 0038015C
    .text C:\WINDOWS\system32\hkcmd.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380198
    .text C:\WINDOWS\system32\hkcmd.exe[1976] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 00380030
    .text C:\WINDOWS\system32\hkcmd.exe[1976] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 0038006C
    .text C:\WINDOWS\system32\hkcmd.exe[1976] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003800A8
    .text C:\WINDOWS\system32\igfxpers.exe[1984] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
    .text C:\WINDOWS\system32\igfxpers.exe[1984] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
    .text C:\WINDOWS\system32\igfxpers.exe[1984] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00370030
    .text C:\WINDOWS\system32\igfxpers.exe[1984] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0037006C
    .text C:\WINDOWS\system32\igfxpers.exe[1984] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003700E4
    .text C:\WINDOWS\system32\igfxpers.exe[1984] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00370120
    .text C:\WINDOWS\system32\igfxpers.exe[1984] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003700A8
    .text C:\WINDOWS\system32\igfxpers.exe[1984] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003801D4
    .text C:\WINDOWS\system32\igfxpers.exe[1984] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003800E4
    .text C:\WINDOWS\system32\igfxpers.exe[1984] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380120
    .text C:\WINDOWS\system32\igfxpers.exe[1984] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 0038015C
    .text C:\WINDOWS\system32\igfxpers.exe[1984] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380198
    .text C:\WINDOWS\system32\igfxpers.exe[1984] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 00380030
    .text C:\WINDOWS\system32\igfxpers.exe[1984] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 0038006C
    .text C:\WINDOWS\system32\igfxpers.exe[1984] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003800A8
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1996] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1996] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1996] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00370030
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1996] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0037006C
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1996] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003700E4
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1996] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00370120
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1996] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003700A8
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1996] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003801D4
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1996] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003800E4
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1996] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380120
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1996] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 0038015C
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1996] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380198
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1996] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 00380030
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1996] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 0038006C
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe[1996] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003800A8
    .text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2004] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
    .text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2004] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
    .text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2004] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00370030
    .text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2004] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0037006C
    .text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2004] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003700E4
     
    BillB,
    #4
  6. 2011/05/02
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    .text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2004] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00370120
    .text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2004] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003700A8
    .text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2004] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003801D4
    .text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2004] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003800E4
    .text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2004] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380120
    .text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2004] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 0038015C
    .text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2004] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380198
    .text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2004] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 00380030
    .text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2004] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 0038006C
    .text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2004] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003800A8
    .text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2036] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
    .text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2036] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
    .text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2036] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00370030
    .text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2036] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0037006C
    .text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2036] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003700E4
    .text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2036] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00370120
    .text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2036] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003700A8
    .text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2036] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003801D4
    .text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2036] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003800E4
    .text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2036] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380120
    .text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2036] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 0038015C
    .text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2036] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380198
    .text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2036] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 00380030
    .text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2036] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 0038006C
    .text C:\Program Files\HP\HP Software Update\HPwuSchd2.exe[2036] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003800A8
    .text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
    .text C:\WINDOWS\system32\svchost.exe[2396] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A01D4
    .text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A00E4
    .text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0120
    .text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A015C
    .text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0198
    .text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A0030
    .text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A006C
    .text C:\WINDOWS\system32\svchost.exe[2396] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A00A8
    .text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\svchost.exe[2396] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\eHome\ehRecvr.exe[2440] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00080030
    .text C:\WINDOWS\eHome\ehRecvr.exe[2440] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0008006C
    .text C:\WINDOWS\eHome\ehRecvr.exe[2440] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
    .text C:\WINDOWS\eHome\ehRecvr.exe[2440] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
    .text C:\WINDOWS\eHome\ehRecvr.exe[2440] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\eHome\ehRecvr.exe[2440] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
    .text C:\WINDOWS\eHome\ehRecvr.exe[2440] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\eHome\ehRecvr.exe[2440] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002C01D4
    .text C:\WINDOWS\eHome\ehRecvr.exe[2440] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\eHome\ehRecvr.exe[2440] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002C0120
    .text C:\WINDOWS\eHome\ehRecvr.exe[2440] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002C015C
    .text C:\WINDOWS\eHome\ehRecvr.exe[2440] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002C0198
    .text C:\WINDOWS\eHome\ehRecvr.exe[2440] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002C0030
    .text C:\WINDOWS\eHome\ehRecvr.exe[2440] ADVAPI32.dll!CreateServiceW 77E37251 3 Bytes JMP 002C006C
    .text C:\WINDOWS\eHome\ehRecvr.exe[2440] ADVAPI32.dll!CreateServiceW + 4 77E37255 1 Byte [88]
    .text C:\WINDOWS\eHome\ehRecvr.exe[2440] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002C00A8
    .text C:\WINDOWS\eHome\ehSched.exe[2452] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00080030
    .text C:\WINDOWS\eHome\ehSched.exe[2452] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0008006C
    .text C:\WINDOWS\eHome\ehSched.exe[2452] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
    .text C:\WINDOWS\eHome\ehSched.exe[2452] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
    .text C:\WINDOWS\eHome\ehSched.exe[2452] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\eHome\ehSched.exe[2452] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
    .text C:\WINDOWS\eHome\ehSched.exe[2452] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\eHome\ehSched.exe[2452] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002C01D4
    .text C:\WINDOWS\eHome\ehSched.exe[2452] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\eHome\ehSched.exe[2452] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002C0120
    .text C:\WINDOWS\eHome\ehSched.exe[2452] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002C015C
    .text C:\WINDOWS\eHome\ehSched.exe[2452] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002C0198
    .text C:\WINDOWS\eHome\ehSched.exe[2452] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002C0030
    .text C:\WINDOWS\eHome\ehSched.exe[2452] ADVAPI32.dll!CreateServiceW 77E37251 3 Bytes JMP 002C006C
    .text C:\WINDOWS\eHome\ehSched.exe[2452] ADVAPI32.dll!CreateServiceW + 4 77E37255 1 Byte [88]
    .text C:\WINDOWS\eHome\ehSched.exe[2452] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002C00A8
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2508] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2508] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2508] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00370030
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2508] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0037006C
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2508] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003700E4
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2508] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00370120
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2508] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003700A8
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2508] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003801D4
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2508] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003800E4
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2508] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380120
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2508] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 0038015C
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2508] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380198
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2508] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 00380030
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2508] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 0038006C
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2508] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003800A8
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2544] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00150030
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2544] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0015006C
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2544] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003A01D4
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2544] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003A00E4
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2544] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003A0120
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2544] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003A015C
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2544] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003A0198
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2544] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003A0030
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2544] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003A006C
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2544] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003A00A8
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2544] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003B0030
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2544] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003B006C
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2544] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003B00E4
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2544] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 003B0120
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2544] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003B00A8
    .text C:\WINDOWS\system32\svchost.exe[2784] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
    .text C:\WINDOWS\system32\svchost.exe[2784] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A01D4
    .text C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A00E4
    .text C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0120
    .text C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A015C
    .text C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0198
    .text C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A0030
    .text C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A006C
    .text C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A00A8
    .text C:\WINDOWS\system32\svchost.exe[2784] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\svchost.exe[2784] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\svchost.exe[2784] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\svchost.exe[2784] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\svchost.exe[2784] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
    .text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe[2912] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00140030
    .text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe[2912] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0014006C
    .text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe[2912] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 00370030
    .text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe[2912] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 0037006C
    .text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe[2912] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003700E4
    .text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe[2912] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00370120
    .text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe[2912] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003700A8
    .text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe[2912] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003801D4
    .text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe[2912] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003800E4
    .text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe[2912] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380120
    .text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe[2912] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 0038015C
    .text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe[2912] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380198
    .text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe[2912] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 00380030
    .text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe[2912] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 0038006C
    .text C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe[2912] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003800A8
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3096] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00080030
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3096] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0008006C
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3096] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3096] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3096] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3096] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3096] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3096] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002C01D4
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3096] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3096] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002C0120
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3096] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002C015C
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3096] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002C0198
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3096] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002C0030
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3096] ADVAPI32.dll!CreateServiceW 77E37251 3 Bytes JMP 002C006C
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3096] ADVAPI32.dll!CreateServiceW + 4 77E37255 1 Byte [88]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3096] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002C00A8
    .text C:\WINDOWS\eHome\ehmsas.exe[3168] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00080030
    .text C:\WINDOWS\eHome\ehmsas.exe[3168] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0008006C
    .text C:\WINDOWS\eHome\ehmsas.exe[3168] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
    .text C:\WINDOWS\eHome\ehmsas.exe[3168] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
    .text C:\WINDOWS\eHome\ehmsas.exe[3168] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\eHome\ehmsas.exe[3168] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
    .text C:\WINDOWS\eHome\ehmsas.exe[3168] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\eHome\ehmsas.exe[3168] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002C01D4
    .text C:\WINDOWS\eHome\ehmsas.exe[3168] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002C00E4
    .text C:\WINDOWS\eHome\ehmsas.exe[3168] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002C0120
    .text C:\WINDOWS\eHome\ehmsas.exe[3168] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002C015C
    .text C:\WINDOWS\eHome\ehmsas.exe[3168] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002C0198
    .text C:\WINDOWS\eHome\ehmsas.exe[3168] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002C0030
    .text C:\WINDOWS\eHome\ehmsas.exe[3168] ADVAPI32.dll!CreateServiceW 77E37251 3 Bytes JMP 002C006C
    .text C:\WINDOWS\eHome\ehmsas.exe[3168] ADVAPI32.dll!CreateServiceW + 4 77E37255 1 Byte [88]
    .text C:\WINDOWS\eHome\ehmsas.exe[3168] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002C00A8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3356] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3356] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3356] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A01D4
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3356] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A00E4
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3356] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0120
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3356] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A015C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3356] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0198
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3356] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A0030
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3356] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A006C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3356] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A00A8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3356] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3356] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3356] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3356] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3356] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\system32\dllhost.exe[3788] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
    .text C:\WINDOWS\system32\dllhost.exe[3788] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
    .text C:\WINDOWS\system32\dllhost.exe[3788] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A01D4
    .text C:\WINDOWS\system32\dllhost.exe[3788] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A00E4
    .text C:\WINDOWS\system32\dllhost.exe[3788] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0120
    .text C:\WINDOWS\system32\dllhost.exe[3788] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A015C
    .text C:\WINDOWS\system32\dllhost.exe[3788] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0198
    .text C:\WINDOWS\system32\dllhost.exe[3788] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A0030
    .text C:\WINDOWS\system32\dllhost.exe[3788] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A006C
    .text C:\WINDOWS\system32\dllhost.exe[3788] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A00A8
    .text C:\WINDOWS\system32\dllhost.exe[3788] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B0030
    .text C:\WINDOWS\system32\dllhost.exe[3788] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B006C
    .text C:\WINDOWS\system32\dllhost.exe[3788] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\system32\dllhost.exe[3788] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0120
    .text C:\WINDOWS\system32\dllhost.exe[3788] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B00A8
    .text C:\WINDOWS\System32\alg.exe[4068] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00090030
    .text C:\WINDOWS\System32\alg.exe[4068] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0009006C
    .text C:\WINDOWS\System32\alg.exe[4068] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002A0030
    .text C:\WINDOWS\System32\alg.exe[4068] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002A006C
    .text C:\WINDOWS\System32\alg.exe[4068] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002A00E4
    .text C:\WINDOWS\System32\alg.exe[4068] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002A0120
    .text C:\WINDOWS\System32\alg.exe[4068] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002A00A8
    .text C:\WINDOWS\System32\alg.exe[4068] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002B01D4
    .text C:\WINDOWS\System32\alg.exe[4068] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002B00E4
    .text C:\WINDOWS\System32\alg.exe[4068] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002B0120
    .text C:\WINDOWS\System32\alg.exe[4068] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002B015C
    .text C:\WINDOWS\System32\alg.exe[4068] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002B0198
    .text C:\WINDOWS\System32\alg.exe[4068] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002B0030
    .text C:\WINDOWS\System32\alg.exe[4068] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002B006C
    .text C:\WINDOWS\System32\alg.exe[4068] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002B00A8

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005D0002
    IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005D0000

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Elkbd.sys (Intel Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Elkbd.sys (Intel Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    ---- EOF - GMER 1.0.15 ----
     
    BillB,
    #5
  7. 2011/05/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    There are some Norton's leftovers.
    Please, run this tool to remove them: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

    =====================================================

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ===================================================

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #6
  8. 2011/05/02
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    Successfully ran the Norton removal tool. Here are the new logs you requested;

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 53b87386f68c4cb2306da5ba771dbe8b

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...



    ComboFix 11-05-01.04 - HP_Administrator 05/02/2011 12:33:43.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.634 [GMT -4:00]
    Running from: c:\documents and settings\HP_Administrator.COMPUTER\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\docume~1\HP_ADM~1.COM\LOCALS~1\Temp\IadHide5.dll
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\HP_Administrator.COMPUTER\Local Settings\Temp\IadHide5.dll
    c:\documents and settings\HP_Administrator.COMPUTER\WINDOWS
    c:\documents and settings\HP_Administrator\WINDOWS
    c:\windows\system32\config\systemprofile\WINDOWS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-02 15:58 . 2011-05-02 15:58 -------- d-----w- c:\windows\system32\LogFiles
    2011-04-20 23:24 . 2011-04-20 23:24 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2011-04-20 23:12 . 2011-05-02 16:41 -------- d-----w- c:\documents and settings\HP_Administrator.COMPUTER
    2011-04-20 23:11 . 2010-03-03 23:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2011-04-20 23:06 . 2004-08-04 06:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2011-04-20 21:33 . 2011-04-06 17:36 -------- d-sh--r- c:\windows\system32\dllcache
    2011-04-20 12:24 . 2011-04-20 12:24 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
    2011-04-20 12:24 . 2011-04-20 12:24 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
    2011-04-20 12:24 . 2011-04-20 12:24 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
    2011-04-04 20:24 . 2011-04-07 13:38 -------- d-----w- C:\tmp
    2011-04-04 15:01 . 2011-04-04 15:12 -------- d-----w- c:\windows\system32\CatRoot_bak
    2011-04-04 14:59 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2011-04-03 15:32 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-04-03 15:32 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-04-03 15:32 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-04-03 15:32 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-04-03 15:32 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-03 15:32 . 2011-02-23 13:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-04-03 15:32 . 2011-02-23 13:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-04-03 15:32 . 2011-02-23 13:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-04-03 15:32 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
    2011-04-03 15:32 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
    2011-04-03 15:32 . 2011-04-03 15:32 -------- d-----w- c:\program files\AVAST Software
    2011-04-03 15:32 . 2011-04-03 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-04-03 15:04 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-03 15:04 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-03 15:04 . 2011-04-03 15:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-04 21:48 . 2004-08-10 04:00 456192 ------w- c:\windows\system32\encdec.dll
    2011-02-04 21:48 . 2004-08-10 04:00 291840 ----a-w- c:\windows\system32\sbe.dll
    2011-03-18 17:53 . 2011-04-07 13:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @= "{472083B0-C522-11CF-8763-00608CC02F24} "
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-29 2423752]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
    "ftutil2 "= "ftutil2.dll" [2004-06-07 106496]
    "RTHDCPL "= "RTHDCPL.EXE" [2006-06-14 16239616]
    "igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
    "igfxpers "= "c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
    "IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
    "DMAScheduler "= "c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
    "Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
    "HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
    "Reminder "= "c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
    "avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
    .
    c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
    autobahn.lnk - c:\documents and settings\HP_Administrator\Local Settings\Application Data\Autobahn\autobahn.exe [2009-6-2 710360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-7-1 2326528]
    Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-11-19 36903]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\DISC\\DISCover.exe "=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe "=
    "c:\\Program Files\\DISC\\myFTP.exe "=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe "=
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/3/2011 11:32 AM 371544]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/3/2011 11:32 AM 301528]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/3/2011 11:32 AM 19544]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
    S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 3:02 PM 287232]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 2:15 PM 12872]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    FF - ProfilePath - c:\documents and settings\HP_Administrator.COMPUTER\Application Data\Mozilla\Firefox\Profiles\529cihsk.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-PCDrProfiler - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-02 12:49
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(804)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(472)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\dllhost.exe
    c:\windows\eHome\ehmsas.exe
    c:\windows\RTHDCPL.EXE
    c:\hp\KBD\KBD.EXE
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2011-05-02 12:54:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-05-02 16:54
    .
    Pre-Run: 202,012,962,816 bytes free
    Post-Run: 201,979,105,280 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug= "do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - AD700B82C1C32281E2F7C4892EA1291D
     
    BillB,
    #7
  9. 2011/05/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Combofix log looks good now.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    winlogon.exe
    explorer.exe
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #8
  10. 2011/05/02
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    Here are the new logs;

    OTL logfile created on: 5/2/2011 1:54:07 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 624.00 Mb Available Physical Memory | 61.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 224.22 Gb Total Space | 188.12 Gb Free Space | 83.90% Space Free | Partition Type: NTFS
    Drive D: | 8.64 Gb Total Space | 0.40 Gb Free Space | 4.58% Space Free | Partition Type: FAT32

    Computer Name: COMPUTER | User Name: HP_Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/02 13:52:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\OTL.exe
    PRC - [2011/02/23 10:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2008/07/01 10:34:48 | 002,326,528 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    PRC - [2006/11/19 04:11:25 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    PRC - [2006/06/02 03:25:00 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
    PRC - [2006/04/13 13:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    PRC - [2006/04/07 04:51:18 | 001,073,152 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
    PRC - [2006/04/07 04:50:22 | 000,065,536 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
    PRC - [2006/04/07 04:50:22 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
    PRC - [2006/02/21 19:59:00 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2006/02/21 19:58:34 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2004/08/10 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/02 13:52:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\OTL.exe
    MOD - [2004/08/10 07:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2006/06/02 03:25:00 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel(R)
    SRV - [2006/02/21 19:58:34 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/02/23 09:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/02/23 09:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2010/02/17 14:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2007/12/28 15:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
    DRV - [2006/06/14 14:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/05/10 02:36:44 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
    DRV - [2006/05/10 02:36:42 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
    DRV - [2006/05/10 02:36:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
    DRV - [2006/05/10 02:36:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
    DRV - [2006/05/10 02:36:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
    DRV - [2005/12/12 20:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
    DRV - [2005/12/06 14:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2005/12/06 14:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
    DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
    DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-233256551-1038185515-1646970571-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome "
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/03 11:32:25 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/07 09:39:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2006/11/19 03:53:14 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2006/11/19 03:53:14 | 000,000,000 | ---D | M]

    [2011/04/07 09:39:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Mozilla\Extensions
    [2011/04/07 09:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    File not found (No name found) --
    [2011/04/03 11:32:25 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/05/02 12:44:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
    O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
    O3 - HKU\S-1-5-21-233256551-1038185515-1646970571-1007\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-233256551-1038185515-1646970571-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
    O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
    O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
    O4 - HKU\S-1-5-21-233256551-1038185515-1646970571-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
    O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\autobahn.lnk = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Autobahn\autobahn.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-233256551-1038185515-1646970571-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-233256551-1038185515-1646970571-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-233256551-1038185515-1646970571-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-233256551-1038185515-1646970571-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/11/19 04:07:06 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (54619756233228288)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/02 13:52:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\OTL.exe
    [2011/05/02 13:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\My Documents\Downloads
    [2011/05/02 12:54:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/05/02 12:30:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/05/02 12:26:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/05/02 12:26:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/05/02 12:26:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/05/02 12:26:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/05/02 12:26:35 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/02 12:14:42 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\Norton_Removal_Tool(2).exe
    [2011/05/02 12:14:18 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\remover.exe
    [2011/05/02 11:58:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2011/04/29 13:30:48 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\TFC.exe
    [2011/04/21 17:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\SUPERAntiSpyware.com
    [2011/04/21 17:02:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
    [2011/04/20 19:28:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\UserData
    [2011/04/20 19:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\HPQ
    [2011/04/20 19:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\My Documents\Symantec
    [2011/04/20 19:18:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Recent
    [2011/04/20 19:12:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft
    [2011/04/20 19:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Real
    [2011/04/20 19:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Intuit
    [2011/04/20 19:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Identities
    [2011/04/20 19:12:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\SendTo
    [2011/04/20 19:12:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data
    [2011/04/20 19:12:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Start Menu\Programs\Startup
    [2011/04/20 19:12:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\My Documents\My Videos
    [2011/04/20 19:12:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\My Documents\My Pictures
    [2011/04/20 19:12:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\My Documents\My Music
    [2011/04/20 19:12:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\My Documents
    [2011/04/20 19:12:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Favorites
    [2011/04/20 19:12:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Start Menu\Programs\Administrative Tools
    [2011/04/20 19:12:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Start Menu\Programs\Accessories
    [2011/04/20 19:12:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\IETldCache
    [2011/04/20 19:12:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Cookies
    [2011/04/20 19:12:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\PrintHood
    [2011/04/20 19:12:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\NetHood
    [2011/04/20 19:12:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings
    [2011/04/20 19:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\Wildtangent
    [2011/04/20 19:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Start Menu\Programs\Online Services
    [2011/04/20 19:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\Microsoft
    [2011/04/20 19:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop
    [2011/04/20 19:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\ApplicationHistory
    [2011/04/20 19:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
    [2011/04/20 19:12:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Start Menu
    [2011/04/20 19:12:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Templates
    [2011/04/20 17:33:21 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
    [2011/04/07 09:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\Mozilla
    [2011/04/07 09:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Mozilla
    [2011/04/07 09:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2011/04/05 10:55:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
    [2011/04/04 16:24:14 | 000,000,000 | ---D | C] -- C:\tmp
    [2011/04/04 14:43:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
    [2011/04/04 14:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Macromedia
    [2011/04/04 11:01:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
    [2011/04/04 10:48:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
    [2011/04/04 09:33:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
    [2011/04/03 11:32:42 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/04/03 11:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2011/04/03 11:32:41 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/04/03 11:32:39 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/04/03 11:32:39 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/04/03 11:32:38 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/04/03 11:32:37 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/04/03 11:32:37 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/04/03 11:32:36 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/04/03 11:32:23 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/04/03 11:32:22 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/04/03 11:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/04/03 11:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/04/03 11:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Malwarebytes
    [2011/04/03 11:04:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/04/03 11:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/04/03 11:04:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/04/03 11:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

    ========== Files - Modified Within 30 Days ==========

    [2011/05/02 13:52:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\OTL.exe
    [2011/05/02 12:55:15 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
    [2011/05/02 12:44:13 | 000,000,435 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
    [2011/05/02 12:44:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/05/02 12:43:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/05/02 12:43:51 | 1063,739,392 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/02 12:30:15 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/05/02 11:54:42 | 004,335,166 | R--- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\ComboFix.exe
    [2011/05/02 07:52:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/04/21 17:48:08 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
    [2011/04/20 19:23:34 | 000,001,803 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
    [2011/04/20 19:23:34 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG111v3 Smart Wizard.lnk
    [2011/04/20 19:19:04 | 000,000,281 | ---- | M] () -- C:\Boot.bak
    [2011/04/20 19:18:49 | 000,001,879 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
    [2011/04/20 19:16:21 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
    [2011/04/20 19:16:17 | 000,001,894 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_RC655AA-ABA a1620n_YC_0Pavi_QMXX650_E64NAemMPA7_48_ILEUCITE3_SASUSTek Computer INC._V2.00_B3.18_T061110_WXP2_L409_M1015_J250_7Intel_8Pentium D_93_#070106_N808627DC_Z14F12F20_G80862772.MRK
    [2011/04/20 19:11:34 | 000,001,111 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
    [2011/04/18 09:47:08 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\dds.scr
    [2011/04/18 09:47:02 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\MBRCheck.exe
    [2011/04/18 09:46:54 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\1cis8g68.exe
    [2011/04/18 09:46:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\TFC.exe
    [2011/04/07 09:39:35 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/04/07 09:39:35 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/04/06 13:35:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/04/05 10:59:32 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/04/05 10:39:58 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/04/05 10:39:58 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/04/04 13:56:49 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2011/04/04 13:55:20 | 000,184,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/04/03 11:32:42 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/04/03 11:32:37 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/04/03 11:13:08 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/03 11:04:15 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/04/03 10:56:04 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

    ========== Files Created - No Company Name ==========

    [2011/05/02 12:26:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/05/02 12:26:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/05/02 12:26:59 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/05/02 12:26:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/05/02 12:26:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/05/02 12:14:08 | 004,335,166 | R--- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\ComboFix.exe
    [2011/04/29 13:31:19 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\MBRCheck.exe
    [2011/04/29 13:31:16 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\dds.scr
    [2011/04/29 13:31:16 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\1cis8g68.exe
    [2011/04/29 13:31:15 | 000,879,028 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\SecurityCheck.exe
    [2011/04/20 19:18:49 | 000,001,879 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
    [2011/04/20 19:16:14 | 000,001,894 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_RC655AA-ABA a1620n_YC_0Pavi_QMXX650_E64NAemMPA7_48_ILEUCITE3_SASUSTek Computer INC._V2.00_B3.18_T061110_WXP2_L409_M1015_J250_7Intel_8Pentium D_93_#070106_N808627DC_Z14F12F20_G80862772.MRK
    [2011/04/20 19:13:07 | 000,002,138 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\My HP Games.lnk
    [2011/04/20 19:13:07 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Browser.lnk
    [2011/04/20 19:13:07 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
    [2011/04/20 19:13:07 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\DISCover My Gamesâ„¢.lnk
    [2011/04/20 19:13:07 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/04/20 19:13:06 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
    [2011/04/20 19:13:06 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
    [2011/04/20 19:13:06 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2011/04/20 19:13:03 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\fusioncache.dat
    [2011/04/20 19:12:59 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Start Menu\Programs\Remote Assistance.lnk
    [2011/04/20 19:12:59 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Start Menu\Programs\Internet Explorer.lnk
    [2011/04/20 19:12:59 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Start Menu\Programs\Windows Media Player.lnk
    [2011/04/20 19:12:59 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Start Menu\Programs\Outlook Express.lnk
    [2011/04/20 19:11:17 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
    [2011/04/20 19:00:51 | 1063,739,392 | -HS- | C] () -- C:\hiberfil.sys
    [2011/04/07 09:39:35 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/04/07 09:39:35 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/04/07 09:39:35 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/04/03 11:32:42 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/04/03 11:04:15 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/29 20:03:43 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/02/19 18:35:21 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hpapuligejopevo.dat
    [2010/02/19 18:35:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Uqebo.bin
    [2007/08/06 18:34:58 | 000,001,790 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/06/14 17:42:43 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2007/02/07 20:58:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/01/23 16:31:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
    [2007/01/12 02:38:15 | 000,000,033 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
    [2007/01/10 09:12:47 | 000,117,024 | ---- | C] () -- C:\WINDOWS\HPHins10.dat
     
    BillB,
    #9
  11. 2011/05/02
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    [2007/01/10 09:12:47 | 000,002,314 | ---- | C] () -- C:\WINDOWS\hphmdl10.dat
    [2007/01/06 16:46:37 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2007/01/06 16:46:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2006/11/19 04:37:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/11/19 04:16:01 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
    [2006/11/19 04:11:22 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
    [2006/11/19 04:10:31 | 000,014,318 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
    [2006/11/19 04:10:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
    [2006/11/19 04:07:21 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2006/11/19 03:53:59 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2006/11/19 03:53:18 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
    [2006/11/19 03:53:18 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
    [2006/11/19 03:48:23 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
    [2006/11/19 03:47:17 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2006/11/19 03:43:25 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2006/11/19 03:43:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Elusetup.exe
    [2006/11/19 03:20:19 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
    [2006/11/19 03:20:19 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
    [2006/11/19 03:19:59 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
    [2006/06/16 14:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/08/31 00:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2005/08/31 00:07:46 | 000,382,022 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2005/08/31 00:07:46 | 000,053,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2005/08/31 00:05:30 | 000,184,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2005/08/31 00:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/30 23:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2005/08/06 01:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/09/16 23:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
    [2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/10 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/10 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/10 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/10 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/10 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/10 00:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
    [2004/08/10 00:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2004/08/10 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2001/08/23 11:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001/08/23 11:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

    ========== LOP Check ==========

    [2011/04/03 11:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2008/10/22 07:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
    [2010/01/27 09:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Crystal Office
    [2006/11/19 03:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
    [2007/06/14 17:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
    [2007/01/11 11:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
    [2008/10/16 07:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2011/04/20 14:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2008/12/06 02:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2006/11/19 03:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2009/07/01 15:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/01/31 19:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/01/31 16:38:26 | 000,000,444 | ---- | M] () -- C:\aaw7boot.log
    [2006/11/19 04:07:06 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/04/20 19:19:04 | 000,000,281 | ---- | M] () -- C:\Boot.bak
    [2011/05/02 12:30:15 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2004/08/09 17:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/05/02 12:54:55 | 000,010,519 | ---- | M] () -- C:\ComboFix.txt
    [2005/08/31 00:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/05/02 12:43:51 | 1063,739,392 | -HS- | M] () -- C:\hiberfil.sys
    [2006/11/19 04:14:51 | 000,000,051 | ---- | M] () -- C:\hpWebHelper.log
    [2005/08/31 00:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/12/06 02:16:28 | 000,001,978 | -H-- | M] () -- C:\IPH.PH
    [2009/08/27 22:03:35 | 000,100,849 | ---- | M] () -- C:\logfile
    [2005/08/31 00:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2009/11/25 10:19:11 | 000,001,100 | ---- | M] () -- C:\net_save.dna
    [2004/08/09 17:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2004/08/09 17:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2011/05/02 12:43:50 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
    [2010/01/31 11:08:42 | 000,002,991 | ---- | M] () -- C:\rapport.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >
    [2006/02/19 14:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

    < %systemroot%\Fonts\*.ini >
    [2005/08/31 00:01:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/02/23 10:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005/08/30 16:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2005/08/30 16:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2005/08/30 16:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2005/08/31 00:02:10 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/04/20 19:18:41 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2005/08/31 00:06:40 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/04/18 09:46:54 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\1cis8g68.exe
    [2011/05/02 11:54:42 | 004,335,166 | R--- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\ComboFix.exe
    [2010/04/26 12:57:49 | 753,387,136 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\en_office_professional_plus_2010_w64_x16-32213.exe
    [2011/04/18 09:47:02 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\MBRCheck.exe
    [2010/10/20 16:11:50 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\Norton_Removal_Tool(2).exe
    [2011/05/02 13:52:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\OTL.exe
    [2010/09/01 15:33:50 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\remover.exe
    [2011/02/05 16:08:50 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\SecurityCheck.exe
    [2011/04/18 09:46:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/10 00:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/04/20 19:16:31 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Favorites\Desktop.ini
    [2006/11/19 04:18:34 | 000,001,914 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Favorites\eBay.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/04/29 13:13:43 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Cookies\desktop.ini
    [2011/05/02 13:55:22 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/08/10 00:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2004/08/10 00:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 03:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 03:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2004/08/04 03:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2004/10/13 19:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 03:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 03:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 03:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 03:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 03:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [1998/05/07 12:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < MD5 for: EXPLORER.EXE >
    [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
    [2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    [2004/08/09 17:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    [2004/08/10 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ERDNT\cache\explorer.exe
    [2004/08/10 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
    [2004/08/10 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe

    < MD5 for: WINLOGON.EXE >
    [2004/08/09 17:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2004/08/10 00:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
    [2004/08/10 00:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
    [2004/08/10 00:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
    [2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4295826c
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:dfc5a2b2
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62aed3d0

    < End of report >
     
    BillB,
    #10
  12. 2011/05/02
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    Had to add the extras file as an attachment, kept getting errors trying to post saying that I had images in it, but couldn't find any images.
     

    Attached Files:

    BillB,
    #11
  13. 2011/05/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ====================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O3 - HKU\S-1-5-21-233256551-1038185515-1646970571-1007\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-233256551-1038185515-1646970571-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
[2008/12/06 02:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4295826c
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:dfc5a2b2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62aed3d0

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #12
  14. 2011/05/02
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    Here are the new logs;

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-233256551-1038185515-1646970571-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
    Registry value HKEY_USERS\S-1-5-21-233256551-1038185515-1646970571-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:4295826c deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:dfc5a2b2 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:62aed3d0 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: HP_Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: HP_Administrator.COMPUTER
    ->Temp folder emptied: 19454955 bytes
    ->Temporary Internet Files folder emptied: 182552 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 46319705 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65536 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 63.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: HP_Administrator
    ->Flash cache emptied: 0 bytes

    User: HP_Administrator.COMPUTER
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 05022011_143546

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...



    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 2
    Out of date service pack!!
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    avast! Free Antivirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 25
    Out of date Java installed!
    Adobe Reader 7.0.5
    Out of date Adobe Reader installed!
    Mozilla Firefox (x86 en-US..) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    ``````````End of Log````````````


    From Eset scan;

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip Win32/Bagle.gen.zip worm
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip Win32/Bagle.gen.zip worm
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip Win32/Bagle.gen.zip worm
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip Win32/Bagle.gen.zip worm
    C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0000515.exe a variant of Win32/Toolbar.MyWebSearch application
    D:\I386\APPS\APP27717\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application
    D:\I386\APPS\APP27717\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application
     
    BillB,
    #13
  15. 2011/05/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ===================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL

:Services

:Reg

:Files
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip 
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip 
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip 
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip 
D:\I386\APPS\APP27717\src\CompaqPresario_Spring06.exe 
D:\I386\APPS\APP27717\src\HPPavillion_Spring06.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    =====================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current (including Service Pack 3 installation and updating Internet Explorer to version 8!)

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
    broni,
    #14
  16. 2011/05/03
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    Here are the new OTL logs. The computer seems to be doing better, however, IE still refuses to run. It just flashes and goes away. IE7 is currently installed.

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip moved successfully.
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip moved successfully.
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip moved successfully.
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFakeAlertttam.zip moved successfully.
    D:\I386\APPS\APP27717\src\CompaqPresario_Spring06.exe moved successfully.
    D:\I386\APPS\APP27717\src\HPPavillion_Spring06.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: HP_Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: HP_Administrator.COMPUTER
    ->Temp folder emptied: 613766 bytes
    ->Temporary Internet Files folder emptied: 184978 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 46005381 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16384 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 45.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: HP_Administrator
    ->Flash cache emptied: 0 bytes

    User: HP_Administrator.COMPUTER
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 05032011_082943

    Files\Folders moved on Reboot...
    C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Temp\IadHide5.dll moved successfully.

    Registry entries deleted on Reboot...
     
    BillB,
    #15
  17. 2011/05/03
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    OTL logfile created on: 5/3/2011 8:34:21 AM - Run 2
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 626.00 Mb Available Physical Memory | 62.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 224.22 Gb Total Space | 187.89 Gb Free Space | 83.80% Space Free | Partition Type: NTFS
    Drive D: | 8.64 Gb Total Space | 0.40 Gb Free Space | 4.58% Space Free | Partition Type: FAT32

    Computer Name: COMPUTER | User Name: HP_Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/02 13:52:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\OTL.exe
    PRC - [2011/02/23 10:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2008/07/01 10:34:48 | 002,326,528 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    PRC - [2006/11/19 04:11:25 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    PRC - [2006/06/02 03:25:00 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
    PRC - [2006/04/13 13:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    PRC - [2006/04/07 04:51:18 | 001,073,152 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
    PRC - [2006/04/07 04:50:22 | 000,065,536 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
    PRC - [2006/04/07 04:50:22 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
    PRC - [2006/02/21 19:59:00 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2006/02/21 19:58:34 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2004/08/10 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/05/02 13:52:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\OTL.exe
    MOD - [2006/11/19 04:11:22 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\temp\IadHide5.dll
    MOD - [2004/08/10 07:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2006/06/02 03:25:00 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel(R)
    SRV - [2006/02/21 19:58:34 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/02/23 09:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/02/23 09:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2010/02/17 14:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2007/12/28 15:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
    DRV - [2006/06/14 14:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/05/10 02:36:44 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
    DRV - [2006/05/10 02:36:42 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
    DRV - [2006/05/10 02:36:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
    DRV - [2006/05/10 02:36:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
    DRV - [2006/05/10 02:36:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
    DRV - [2005/12/12 20:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
    DRV - [2005/12/06 14:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2005/12/06 14:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
    DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
    DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome "
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/04/03 11:32:25 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/07 09:39:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2006/11/19 03:53:14 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2006/11/19 03:53:14 | 000,000,000 | ---D | M]

    [2011/04/07 09:39:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Mozilla\Extensions
    [2011/05/02 14:32:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/05/02 14:30:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/05/02 14:32:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    File not found (No name found) --
    [2011/04/03 11:32:25 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2011/05/02 14:29:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/05/02 12:44:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
    O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
    O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
    O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/11/19 04:07:06 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/02 14:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/05/02 14:35:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/05/02 14:35:46 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/05/02 14:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Sun
    [2011/05/02 13:52:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\OTL.exe
    [2011/05/02 13:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\My Documents\Downloads
    [2011/05/02 12:54:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/05/02 12:30:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/05/02 12:26:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/05/02 12:26:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/05/02 12:26:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/05/02 12:26:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/05/02 12:26:35 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/02 12:14:42 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\Norton_Removal_Tool(2).exe
    [2011/05/02 12:14:18 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\remover.exe
    [2011/05/02 11:58:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2011/04/29 13:30:48 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\TFC.exe
    [2011/04/21 17:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\SUPERAntiSpyware.com
    [2011/04/21 17:02:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
    [2011/04/20 19:28:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\UserData
    [2011/04/20 19:28:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\HPQ
    [2011/04/20 19:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\My Documents\Symantec
    [2011/04/20 19:18:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Recent
    [2011/04/20 19:12:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft
    [2011/04/20 19:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Real
    [2011/04/20 19:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Intuit
    [2011/04/20 19:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Identities
    [2011/04/20 19:12:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\SendTo
    [2011/04/20 19:12:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data
    [2011/04/20 19:12:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Start Menu\Programs\Startup
    [2011/04/20 19:12:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\My Documents\My Videos
    [2011/04/20 19:12:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\My Documents\My Pictures
    [2011/04/20 19:12:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\My Documents\My Music
    [2011/04/20 19:12:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\My Documents
    [2011/04/20 19:12:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Favorites
    [2011/04/20 19:12:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Start Menu\Programs\Administrative Tools
    [2011/04/20 19:12:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Start Menu\Programs\Accessories
    [2011/04/20 19:12:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\IETldCache
    [2011/04/20 19:12:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Cookies
    [2011/04/20 19:12:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\PrintHood
    [2011/04/20 19:12:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\NetHood
    [2011/04/20 19:12:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings
    [2011/04/20 19:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\Wildtangent
    [2011/04/20 19:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Start Menu\Programs\Online Services
    [2011/04/20 19:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\Microsoft
    [2011/04/20 19:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop
    [2011/04/20 19:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\ApplicationHistory
    [2011/04/20 19:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
    [2011/04/20 19:12:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Start Menu
    [2011/04/20 19:12:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Templates
    [2011/04/20 17:33:21 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
    [2011/04/07 09:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\Mozilla
    [2011/04/07 09:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Mozilla
    [2011/04/07 09:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2011/04/05 10:55:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
    [2011/04/04 16:24:14 | 000,000,000 | ---D | C] -- C:\tmp
    [2011/04/04 14:43:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
    [2011/04/04 14:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Macromedia
    [2011/04/04 11:01:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
    [2011/04/04 10:48:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
    [2011/04/04 09:33:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
    [2011/04/03 11:32:42 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/04/03 11:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2011/04/03 11:32:41 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/04/03 11:32:39 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/04/03 11:32:39 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/04/03 11:32:38 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/04/03 11:32:37 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/04/03 11:32:37 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/04/03 11:32:36 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/04/03 11:32:23 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/04/03 11:32:22 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/04/03 11:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/04/03 11:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/04/03 11:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Malwarebytes
    [2011/04/03 11:04:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/04/03 11:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/04/03 11:04:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/04/03 11:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

    ========== Files - Modified Within 30 Days ==========

    [2011/05/03 08:32:44 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
    [2011/05/03 08:31:12 | 000,000,434 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
    [2011/05/03 08:30:51 | 1063,739,392 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/03 08:30:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/05/02 13:52:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\OTL.exe
    [2011/05/02 12:44:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/05/02 12:30:15 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/05/02 11:54:42 | 004,335,166 | R--- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\ComboFix.exe
    [2011/05/02 07:52:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/04/21 17:48:08 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
    [2011/04/20 19:23:34 | 000,001,803 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
    [2011/04/20 19:23:34 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WG111v3 Smart Wizard.lnk
    [2011/04/20 19:19:04 | 000,000,281 | ---- | M] () -- C:\Boot.bak
    [2011/04/20 19:18:49 | 000,001,879 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
    [2011/04/20 19:16:21 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
    [2011/04/20 19:16:17 | 000,001,894 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_RC655AA-ABA a1620n_YC_0Pavi_QMXX650_E64NAemMPA7_48_ILEUCITE3_SASUSTek Computer INC._V2.00_B3.18_T061110_WXP2_L409_M1015_J250_7Intel_8Pentium D_93_#070106_N808627DC_Z14F12F20_G80862772.MRK
    [2011/04/20 19:11:34 | 000,001,111 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
    [2011/04/18 09:47:08 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\dds.scr
    [2011/04/18 09:47:02 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\MBRCheck.exe
    [2011/04/18 09:46:54 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\1cis8g68.exe
    [2011/04/18 09:46:32 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\TFC.exe
    [2011/04/07 09:39:35 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/04/07 09:39:35 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/04/06 13:35:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/04/05 10:59:32 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/04/05 10:39:58 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/04/05 10:39:58 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/04/04 13:56:49 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2011/04/04 13:55:20 | 000,184,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/04/03 11:32:42 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/04/03 11:32:37 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/04/03 11:13:08 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/03 11:04:15 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/04/03 10:56:04 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

    ========== Files Created - No Company Name ==========

    [2011/05/02 12:26:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/05/02 12:26:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/05/02 12:26:59 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/05/02 12:26:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/05/02 12:26:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/05/02 12:14:08 | 004,335,166 | R--- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\ComboFix.exe
    [2011/04/29 13:31:19 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\MBRCheck.exe
    [2011/04/29 13:31:16 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\dds.scr
    [2011/04/29 13:31:16 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\1cis8g68.exe
    [2011/04/29 13:31:15 | 000,879,028 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Desktop\SecurityCheck.exe
    [2011/04/20 19:18:49 | 000,001,879 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
    [2011/04/20 19:16:14 | 000,001,894 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_RC655AA-ABA a1620n_YC_0Pavi_QMXX650_E64NAemMPA7_48_ILEUCITE3_SASUSTek Computer INC._V2.00_B3.18_T061110_WXP2_L409_M1015_J250_7Intel_8Pentium D_93_#070106_N808627DC_Z14F12F20_G80862772.MRK
    [2011/04/20 19:13:07 | 000,002,138 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\My HP Games.lnk
    [2011/04/20 19:13:07 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Browser.lnk
    [2011/04/20 19:13:07 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
    [2011/04/20 19:13:07 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\DISCover My Gamesâ„¢.lnk
    [2011/04/20 19:13:07 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/04/20 19:13:06 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
    [2011/04/20 19:13:06 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
    [2011/04/20 19:13:06 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2011/04/20 19:13:03 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\fusioncache.dat
    [2011/04/20 19:12:59 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Start Menu\Programs\Remote Assistance.lnk
    [2011/04/20 19:12:59 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Start Menu\Programs\Internet Explorer.lnk
    [2011/04/20 19:12:59 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Start Menu\Programs\Windows Media Player.lnk
    [2011/04/20 19:12:59 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Start Menu\Programs\Outlook Express.lnk
    [2011/04/20 19:11:17 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
    [2011/04/20 19:00:51 | 1063,739,392 | -HS- | C] () -- C:\hiberfil.sys
    [2011/04/07 09:39:35 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/04/07 09:39:35 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/04/07 09:39:35 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/04/03 11:32:42 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/04/03 11:04:15 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/29 20:03:43 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/02/19 18:35:21 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hpapuligejopevo.dat
    [2010/02/19 18:35:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Uqebo.bin
    [2007/08/06 18:34:58 | 000,001,790 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/06/14 17:42:43 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2007/02/07 20:58:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/01/23 16:31:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
    [2007/01/12 02:38:15 | 000,000,033 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
    [2007/01/10 09:12:47 | 000,117,024 | ---- | C] () -- C:\WINDOWS\HPHins10.dat
    [2007/01/10 09:12:47 | 000,002,314 | ---- | C] () -- C:\WINDOWS\hphmdl10.dat
    [2007/01/06 16:46:37 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2007/01/06 16:46:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2006/11/19 04:37:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/11/19 04:16:01 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
    [2006/11/19 04:11:22 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
    [2006/11/19 04:10:31 | 000,014,318 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
    [2006/11/19 04:10:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
    [2006/11/19 04:07:21 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2006/11/19 03:53:59 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2006/11/19 03:53:18 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
    [2006/11/19 03:53:18 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
    [2006/11/19 03:48:23 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
    [2006/11/19 03:47:17 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2006/11/19 03:43:25 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2006/11/19 03:43:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Elusetup.exe
    [2006/11/19 03:20:19 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
    [2006/11/19 03:20:19 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
    [2006/11/19 03:19:59 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
    [2006/06/16 14:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/08/31 00:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2005/08/31 00:07:46 | 000,382,022 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2005/08/31 00:07:46 | 000,053,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2005/08/31 00:05:30 | 000,184,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2005/08/31 00:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/30 23:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2005/08/06 01:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/09/16 23:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
    [2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/10 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/10 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/10 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/10 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/10 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/10 00:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
    [2004/08/10 00:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2004/08/10 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2001/08/23 11:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001/08/23 11:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

    ========== LOP Check ==========

    [2011/04/03 11:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2008/10/22 07:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
    [2010/01/27 09:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Crystal Office
    [2006/11/19 03:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
    [2007/06/14 17:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
    [2007/01/11 11:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
    [2008/10/16 07:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2011/04/20 14:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2006/11/19 03:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2009/07/01 15:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/01/31 19:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

    ========== Purity Check ==========



    < End of report >
     
    BillB,
    #16
  18. 2011/05/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    .....
     
    broni,
    #17
  19. 2011/05/04
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    Here's the last OTL log. I'm going to update to SP3, and try the update to IE8, but from what I've read about this problem with IE, the update isn't going to help. Not sure what is going on, but was hoping it was malware related.

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: HP_Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: HP_Administrator.COMPUTER
    ->Temp folder emptied: 611681 bytes
    ->Temporary Internet Files folder emptied: 184978 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 13716019 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 14.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: HP_Administrator
    ->Flash cache emptied: 0 bytes

    User: HP_Administrator.COMPUTER
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.22.3 log created on 05042011_082207

    Files\Folders moved on Reboot...
    C:\Documents and Settings\HP_Administrator.COMPUTER\Local Settings\Temp\IadHide5.dll moved successfully.

    Registry entries deleted on Reboot...
     
    BillB,
    #18
  20. 2011/05/04
    BillB Lifetime Subscription

    BillB Well-Known Member Thread Starter

    Joined:
    2003/03/18
    Messages:
    750
    Likes Received:
    0
    I've applied SP3 and all updates and have now updated to IE8. Looks like that resolved the problem, I'm using IE8 to post this. Looks like everything is working fine now, I appreciate the help.
     
    BillB,
    #19
  21. 2011/05/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good job :)

    Good luck and stay safe :)
     
    broni,
    #20

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...