[RESOLVED] Possible Malware Infection

Started By Aaron, Feb 09 2012 03:40 AM

malware spyware virus

You cannot start a new topic
You cannot reply to this topic
Go to first unread post

16 replies to this topic

#1 Aaron

Member

50 posts
Joined: October 05, 2011
3 topics
Age: 28
Local time: 05:30 PM

Zodiac:Aquarius
Gender:Male
Location:Fort Lauderdale, FL
OS:Windows XP
Country:

Offline

Time Online: 15h 51m 35s

Posted 09 February 2012 - 03:40 AM

Hi Smartest Computing Crew!,

Hope everyone is doing well! I love your forum & your great help – it is amazing! I was hoping you could help me once again… ) I have had a few weird things happening on my computer lately. I believe my problems started occurring around last month, sometime after watching videos on youtube & doing some internet browsing.

First, my internet & computer icon has been displaying activity when I believe it shouldn’t be. I only use my computer for internet access, no network but still see the computer part of the icon light up at times. Not sure, but I’m thinking it shouldn’t.?

Next, I installed windows defender a while back & have lately noticed settings being changed for unknown reasons by “legitimate programs”, according to the popup window, defender display.

Last, my internet connection speed has been very doggy at times and even so bad that I couldn’t get online, update Avast / filehippo. This was occurring even though the internet icon was connected & lighted and was “working properly”. I had to do multiple reboots, ran superantispyware (cleaned a couple things off with this & reset things using the quick fix features), used task manager to kill services I didn’t need, & did an Avast boot time scan (no malicious files found). And subsequently got the internet to work again.

I also disabled everything under wireless internet connection properties except for Internet Protocol (TCP/IP), i.e. disabled client for Microsoft networks, file & printer sharing, etc. Please let me know if this is correct for safe internet browsing (with no need for network connectivity). Still, my internet connection strength is low when I know from before that it always was high as I’m right next to the router so this is definitely strange!

I had help from Broni once before in which he helped me clean malware off the computer. Since then, I’ve added some security programs like Windows Defender, MSE, filehippo, PSI, and WOT so this has all helped. Now I want to install Comodo firewall but need to be sure that there is are no malware problems 1st.

I also scanned the computer using the process put forth by Gizmo.com but running these scanners found nothing malicious.

KillSwitch using Comodo Cleaning Essentials (CCE)
Comodo Autoruns
Kaspersky TDSSKiller
CCE Smart Scan

However, for the reasons listed above, I am concerned and don’t believe the computer to be malware free. Below are the log scans requested from “before you post”.

Malwarebytes
GMER
MBRcheck
DDS (DDS & DDS attach)
ComboFix

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.05.03

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Aaron :: ACER-C28991BD48 [administrator]

2/6/2012 8:55:16 PM
mbam-log-2012-02-06 (20-55-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198934
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-08 20:24:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 HTS541010G9AT00 rev.MBZOA60A
Running: p0u0t5dq.exe; Driver: C:\DOCUME~1\Aaron\LOCALS~1\Temp\kgloqkoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB0D06FC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB0D6B510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB0D2A6A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB0D09456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB0D094AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB0D095C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB0D2A05D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB0D093AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB0D094FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB0D09400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB0D09572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB0D06FE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB0D2AD6F]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB0D2B025]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB0D09848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB0D2ABDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB0D2AA45]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB0D6B5C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB0D06DB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB0D0700C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB0D099BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB0D07AA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB0D09486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB0D094D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB0D095EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB0D2A3B9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB0D093D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB0D09680]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB0D0953E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB0D0942E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB0D09764]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB0D0959C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB0D6B658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB0D2A8C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB0D0796A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB0D2A712]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB0D739E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB0D296D0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB0D07030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB0D07054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB0D06E0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB0D06F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB0D2AE76]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB0D06F24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB0D06F6C]
SSDT \??\C:\Program Files\Spyware Protection Programs\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB0EA5640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB0D07078]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB0D7F7A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CD8 80504574 4 Bytes CALL D10115E8
.text ntkrnlpa.exe!ZwCallbackReturn + 2F31 805047CD 7 Bytes [70, D0, B0, 54, 70, D0, B0]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL B0D0800F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP B0D7C69C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP B0D7E15C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP B0D7F7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8242D4 5 Bytes JMP B0D09B9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85198B 5 Bytes JMP B0D09AD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E514 5 Bytes JMP B0D09DE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E59F 5 Bytes JMP B0D09FBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F812 5 Bytes JMP B0D09ABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873F30 5 Bytes JMP B0D09F76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89DBA0 5 Bytes JMP B0D09C0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9F7 BF8C2130 5 Bytes JMP B0D09CA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA592 5 Bytes JMP B0D09D14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA812 5 Bytes JMP B0D09D4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC297 5 Bytes JMP B0D099F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF91348A 5 Bytes JMP B0D09B56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF91405E 5 Bytes JMP B0D09C6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF9169D7 5 Bytes JMP B0D0A0D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[392] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[392] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spyware Protection Programs\SASCORE.EXE[440] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spyware Protection Programs\SASCORE.EXE[440] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[548] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[560] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[596] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[620] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[748] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[748] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[764] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Aaron\Desktop\p0u0t5dq.exe[968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Aaron\Desktop\p0u0t5dq.exe[968] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1064] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1064] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1164] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1164] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1392] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1392] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1500] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1500] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[1624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[1624] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2340] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2672] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2864] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[2864] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2952] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2952] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[3052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[3052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3124] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft Security Client\msseces.exe[3168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft Security Client\msseces.exe[3168] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtCreateKey + 6 7C90D0F4 4 Bytes [68, 01, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtCreateKey + B 7C90D0F9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtCreateMutant + 6 7C90D114 4 Bytes [28, 02, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtCreateMutant + B 7C90D119 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtCreateSection + 6 7C90D184 4 Bytes [68, 02, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtCreateSection + B 7C90D189 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtDeleteValueKey + 6 7C90D274 4 Bytes CALL 7B90E87B
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtDeleteValueKey + B 7C90D279 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes CALL 7B90EB2D
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenKey + 6 7C90D5D4 4 Bytes [A8, 01, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenKey + B 7C90D5D9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenMutant + 6 7C90D5E4 4 Bytes CALL 7B90EBEA
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenMutant + B 7C90D5E9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenProcess + 6 7C90D604 1 Byte [68]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [68, 03, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenProcessToken + 6 7C90D614 1 Byte [A8]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes [A8, 03, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [68, 04, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenSection + 6 7C90D634 4 Bytes [A8, 02, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenSection + B 7C90D639 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenThread + 6 7C90D664 1 Byte [28]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [28, 03, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [28, 04, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes [A8, 04, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 1 Byte [E8]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes CALL 7B90F2BC
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [28, 05, 16, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002C00B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002C00F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] kernel32.dll!CreateEventW 7C80A749 5 Bytes JMP 002C0030
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 002C0170
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] kernel32.dll!OpenEventW 7C8131E0 5 Bytes JMP 002C0070
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!RegisterClipboardFormatA 7E418E28 5 Bytes JMP 003B02F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!RegisterClipboardFormatW 7E41AF34 5 Bytes JMP 003B02B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!RegisterClassExA 7E427C39 5 Bytes JMP 003B0530
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!ActivateKeyboardLayout 7E428673 5 Bytes JMP 003B04F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!IsClipboardFormatAvailable 7E42F166 5 Bytes JMP 003B00F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!GetClipboardSequenceNumber 7E42F17A 2 Bytes JMP 003B0330
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!GetClipboardSequenceNumber + 3 7E42F17D 2 Bytes [F8, 81]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!CloseClipboard 7E430265 5 Bytes JMP 003B00B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!OpenClipboard 7E430277 5 Bytes JMP 003B0070
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!SetClipboardViewer 7E430473 5 Bytes JMP 003B04B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!ChangeClipboardChain 7E430487 5 Bytes JMP 003B0430
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!EmptyClipboard 7E430D96 5 Bytes JMP 003B0130
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!GetClipboardOwner 7E430DA8 5 Bytes JMP 003B0370
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 003B0030
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 003B0170
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!GetClipboardFormatNameA 7E431290 5 Bytes JMP 003B0270
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!CountClipboardFormats 7E43167F 5 Bytes JMP 003B01F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!GetOpenClipboardWindow 7E431691 5 Bytes JMP 003B03F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!EnumClipboardFormats 7E43E53D 5 Bytes JMP 003B01B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!GetClipboardFormatNameW 7E45957F 5 Bytes JMP 003B0230
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!GetClipboardViewer 7E46CB94 5 Bytes JMP 003B0470
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] USER32.dll!GetPriorityClipboardFormat 7E46CC96 5 Bytes JMP 003B03B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!GetDeviceCaps 77F15A71 5 Bytes JMP 003C0370
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!SelectObject 77F15B70 5 Bytes JMP 003C05B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!SetTextColor 77F15D77 5 Bytes JMP 003C0970
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!SetBkMode 77F15EDB 5 Bytes JMP 003C0830
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!IntersectClipRect 77F16A56 5 Bytes JMP 003C03B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!GetClipBox 77F16AA1 5 Bytes JMP 003C0330
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!DeleteObject 77F16BFA 5 Bytes JMP 003C01B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 003C0170
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!ExtSelectClipRgn 77F17874 5 Bytes JMP 003C02F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!SelectClipRgn 77F17AA0 5 Bytes JMP 003C0570
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!GetTextMetricsW 77F17DB9 5 Bytes JMP 003C0D30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 003C08B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!SetStretchBltMode 77F18597 5 Bytes JMP 003C05F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!RestoreDC 77F18B28 5 Bytes JMP 003C04F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!SaveDC 77F18BEE 5 Bytes JMP 003C0530
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!SetTextAlign 77F18C8B 5 Bytes JMP 003C0930
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!MoveToEx 77F1A21A 5 Bytes JMP 003C0430
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!GetTextFaceW 77F1A5CB 5 Bytes JMP 003C0C70
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!StretchDIBits 77F1B0AE 2 Bytes JMP 003C06B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!StretchDIBits + 3 77F1B0B1 2 Bytes [4A, 88]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!SetWorldTransform 77F1B457 5 Bytes JMP 003C0630
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 003C00B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 003C00F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!ExtEscape 77F1C3CC 5 Bytes JMP 003C02B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 003C0870
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!LineTo 77F1D997 5 Bytes JMP 003C03F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!GetTextMetricsA 77F1DF45 5 Bytes JMP 003C0CF0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!SetICMMode 77F1E868 5 Bytes JMP 003C0CB0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!Rectangle 77F1E9BE 5 Bytes JMP 003C08F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!GetFontData 77F1F314 5 Bytes JMP 003C0BB0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!GetTextFaceA 77F1F365 5 Bytes JMP 003C0C30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!SetPolyFillMode 77F20817 5 Bytes JMP 003C0A70
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!SetMiterLimit 77F20E8E 5 Bytes JMP 003C0AB0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!Escape 77F26F5A 5 Bytes JMP 003C0270
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!ResetDCW 77F2B9AF 5 Bytes JMP 003C09F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!CreateICW 77F2C813 5 Bytes JMP 003C0130
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!BeginPath 77F2D4B0 5 Bytes JMP 003C0770
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!EndPath 77F2D530 5 Bytes JMP 003C09B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!SelectClipPath 77F2D5B7 5 Bytes JMP 003C0A30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!EndPage 77F2DC61 5 Bytes JMP 003C0230
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!EndDoc 77F2DEF1 5 Bytes JMP 003C01F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!PolyBezierTo 77F2EBD1 5 Bytes JMP 003C0470
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!PolylineTo 77F2EC7E 5 Bytes JMP 003C04B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!CloseFigure 77F2ED1A 5 Bytes JMP 003C0070
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!StartPage 77F2F49E 5 Bytes JMP 003C0670
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!RemoveFontResourceW 77F3D07C 5 Bytes JMP 003C0B70
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!GetGlyphOutlineW 77F3E6D1 5 Bytes JMP 003C0BF0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!AddFontResourceW 77F3FFAB 5 Bytes JMP 003C0B30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!CreateScalableFontResourceW 77F40160 5 Bytes JMP 003C0AF0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!AbortDoc 77F44CD2 5 Bytes JMP 003C0030
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 003C0730
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!StrokePath 77F460B7 5 Bytes JMP 003C06F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!FillPath 77F46144 5 Bytes JMP 003C07B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] GDI32.dll!PolyDraw 77F4667B 5 Bytes JMP 003C07F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] ole32.dll!OleSetClipboard 77547808 5 Bytes JMP 003E0030
.text C:\WINDOWS\System32\alg.exe[3372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3372] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3552] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Secunia\PSI\sua.exe[3992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Secunia\PSI\sua.exe[3992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[748] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[748] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
IAT C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 002C0110
IAT C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CryptReleaseContext] 003D0090
IAT C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CryptAcquireContextW] 003D0050
IAT C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptAcquireContextW] 003D0050
IAT C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptGenRandom] 003D01D0
IAT C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptReleaseContext] 003D0090
IAT C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CryptAcquireContextW] 003D0050
IAT C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CryptGenRandom] 003D01D0
IAT C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CryptReleaseContext] 003D0090
IAT C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[3180] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 002C0110

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.SYS (NT File System Driver/Microsoft Corporation)
Device Fastfat.sys (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 EUBKMON.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 EUBKMON.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 EUBKMON.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage
File C:\## aswSnx private storage\snx_rhive
File C:\## aswSnx private storage\snx_rhive.LOG
File C:\## aswSnx private storage\webStorage
File C:\## aswSnx private storage\webStorage\image
File C:\## aswSnx private storage\webStorage\attrib
File C:\## aswSnx private storage\webStorage\snx_fs.dat

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-08 20:36:04
-----------------------------
20:36:04.094 OS Version: Windows 5.1.2600 Service Pack 3
20:36:04.094 Number of processors: 2 586 0x4802
20:36:04.094 ComputerName: ACER-C28991BD48 UserName: Aaron
20:36:04.610 Initialize success
20:36:04.719 AVAST engine defs: 12020801
20:36:08.548 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:36:08.548 Disk 0 Vendor: HTS541010G9AT00 MBZOA60A Size: 95396MB BusType: 3
20:36:08.579 Disk 0 MBR read successfully
20:36:08.594 Disk 0 MBR scan
20:36:08.594 Disk 0 Windows XP default MBR code
20:36:08.610 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 4996 MB offset 63
20:36:08.626 Disk 0 Partition 2 80 (A) 0C FAT32 LBA MSWIN4.1 44947 MB offset 10233405
20:36:08.657 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 45449 MB offset 102285855
20:36:08.673 Disk 0 scanning sectors +195366465
20:36:08.719 Disk 0 scanning C:\WINDOWS\system32\drivers
20:36:20.094 Service scanning
20:36:22.235 Modules scanning
20:36:28.141 Disk 0 trace - called modules:
20:36:28.157 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:36:28.157 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aca3ab8]
20:36:28.157 3 CLASSPNP.SYS[ba188fd7] -> nt!IofCallDriver -> \Device\000000b6[0x8acb89e8]
20:36:28.157 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8acc4940]
20:36:28.782 AVAST engine scan C:\WINDOWS
20:36:37.719 AVAST engine scan C:\WINDOWS\system32
20:38:37.813 AVAST engine scan C:\WINDOWS\system32\drivers
20:38:46.782 AVAST engine scan C:\Documents and Settings\Aaron
20:40:38.891 AVAST engine scan C:\Documents and Settings\All Users
20:40:58.813 Scan finished successfully
20:41:29.626 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Aaron\Desktop\MBR.dat"
20:41:29.673 The log file has been saved successfully to "C:\Documents and Settings\Aaron\Desktop\aswMBR.txt"

.
DDS (Ver_2011-06-23.01) - FAT32x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Aaron at 21:20:58 on 2012-02-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2686.1893 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
SVCHOST.EXE
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Protection Programs\SASCORE.EXE
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Aaron\Desktop\PC Advanced Managers\procexp.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = hxxp://www/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SUPERAntiSpyware] c:\program files\spyware protection programs\SUPERAntiSpyware.exe
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\outloo~1\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} - hxxp://acer.custhelp.com/euf/assets/activex/snret.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\spyware protection programs\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\spyware protection programs\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\aaron\application data\mozilla\firefox\profiles\hfztfa89.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.src=ym|http://www.facebook.com/aaron.sorenson1
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-11-17 38920]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-11-17 42376]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-11 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-11 314456]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-11-17 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-11-17 184072]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 SASDIFSV;SASDIFSV;c:\program files\spyware protection programs\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\spyware protection programs\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\spyware protection programs\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-11 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-11 44768]
R2 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2011-11-25 60552]
R2 Guard Agent;Guard Agent;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2011-11-25 23176]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-21 652360]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-21 20464]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S1 MpKsl96138663;MpKsl96138663;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb6678f9-71ed-4423-95ea-11ce230176d7}\mpksl96138663.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb6678f9-71ed-4423-95ea-11ce230176d7}\MpKsl96138663.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\elock2burnerlockdriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\elock2fsctldriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-11-21 23456]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-10-22 12984]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-02-09 02:18:30 -------- d--h--w- c:\windows\PIF
2012-02-09 01:47:53 -------- d-sh--w- C:\Recycled
2012-02-09 00:58:19 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{8cd6af05-c435-4ed7-862e-753f261e9093}\mpengine.dll
2012-02-09 00:55:34 -------- d-----w- c:\documents and settings\aaron\local settings\application data\PCHealth
2012-02-07 22:42:13 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ef3b81f6-9a5d-471a-8194-240e34d6414d}\mpengine.dll
2012-02-07 03:04:38 98816 ----a-w- c:\windows\sed.exe
2012-02-07 03:04:38 518144 ----a-w- c:\windows\SWREG.exe
2012-02-07 03:04:38 256000 ----a-w- c:\windows\PEV.exe
2012-02-07 03:04:38 208896 ----a-w- c:\windows\MBR.exe
2012-02-05 22:04:54 -------- d-----w- C:\AV-CLS
2012-01-31 01:06:36 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-01-29 15:45:52 -------- d-----w- C:\FOUND.004
2012-01-29 15:24:27 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-17 01:42:16 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-01-17 01:42:16 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2012-01-17 00:32:44 -------- d-----w- C:\FOUND.003
.
==================== Find3M ====================
.
2012-01-31 12:44:06 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-23 18:54:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-23 18:54:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 20:24:44 360448 --sha-w- C:\EUMONBMP.SYS
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01:26 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 17:53:54 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-25 21:57:20 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-22 04:54:44 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-13 22:12:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-08 06:07:16 446464 ----a-w- c:\program files\TFC.exe
.
============= FINISH: 21:22:36.34 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/20/2011 1:41:11 PM
System Uptime: 2/8/2012 7:49:56 PM (2 hours ago)
.
Motherboard: Acer | | Navarro
Processor: AMD Turion™ 64 X2 Mobile Technology TL-50 | Socket M2/S1G1 | 1595/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 44 GiB total, 9.311 GiB free.
D: is FIXED (NTFS) - 44 GiB total, 44.256 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP188: 1/17/2012 7:03:26 AM - Software Distribution Service 3.0
RP189: 1/20/2012 6:11:02 PM - Software Distribution Service 3.0
RP190: 1/24/2012 9:27:32 PM - Software Distribution Service 3.0
RP191: 1/27/2012 8:40:05 PM - Software Distribution Service 3.0
RP192: 1/29/2012 12:14:51 PM - Software Distribution Service 3.0
RP193: 1/30/2012 8:06:09 PM - Software Distribution Service 3.0
RP194: 1/31/2012 8:25:25 PM - Software Distribution Service 3.0
RP195: 1/31/2012 8:30:03 PM - Software Distribution Service 3.0
RP196: 2/2/2012 1:15:49 AM - Software Distribution Service 3.0
RP197: 2/3/2012 8:11:07 PM - Windows Defender Checkpoint
RP198: 2/4/2012 8:58:45 AM - Software Distribution Service 3.0
RP199: 2/4/2012 9:03:54 AM - Software Distribution Service 3.0
RP200: 2/5/2012 12:46:57 AM - Removed Skype™ 5.5
RP201: 2/5/2012 12:47:16 AM - Installed Skype™ 5.8
RP202: 2/5/2012 1:10:48 AM - Software Distribution Service 3.0
RP203: 2/5/2012 11:44:26 AM - Software Distribution Service 3.0
RP204: 2/5/2012 3:04:42 PM - Software Distribution Service 3.0
RP205: 2/6/2012 9:18:21 PM - Windows Defender Checkpoint
RP206: 2/6/2012 9:26:13 PM - Windows Defender Checkpoint
RP207: 2/7/2012 5:36:27 PM - Software Distribution Service 3.0
RP208: 2/7/2012 5:42:10 PM - Software Distribution Service 3.0
RP209: 2/7/2012 6:16:30 PM - Removed TuneUp Utilities 2012
RP210: 2/7/2012 6:17:12 PM - Removed TuneUp Utilities Language Pack (en-US)
RP211: 2/8/2012 7:58:09 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
4300
4300_Help
4300Trb
7-Zip 9.20
Acer OrbiCam
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
AiO_Scan_CDA
AiOSoftwareNPI
AMD Catalyst Install Manager
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
AutoCAD 2008 - English
Autodesk DWF Viewer 7
avast! Free Antivirus
BufferChm
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Clownfish for Skype
Compatibility Pack for the 2007 Office system
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
CueTour
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DocProc
DocumentViewer
DocumentViewerQFolder
DriverAgent by eSupport.com
EaseUS Todo Backup Free 3.5
eSupportQFolder
EULAlyzer 2.1
Fax_CDA
FileHippo.com Update Checker
FullDPAppQFolder
GemMaster Mystic
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Document Viewer 6.1
HP Imaging Device Functions 6.1
HP Photosmart Premier Software 6.1
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 6.1.A
HP Solution Center and Imaging Support Tools 6.1
HP Update
HPProductAssistant
InstantShareAlert
InstantShareDevices
Internet Explorer (Enable DEP)
Java Auto Updater
Java™ 6 Update 29
Launch Manager
LightScribe 1.4.74.1
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 2.2
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 10.0 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NewCopy_CDA
NTI Backup NOW! 4
NTI CD & DVD-Maker
Otto
PanoStandAlone
PDFCreator
PhotoGallery
PowerDVD
PowerProducer
ProductContextNPI
RandMap
Readme
Realtek High Definition Audio Driver
Revo Uninstaller 1.93
Scan
ScannerCopy
Secunia PSI (2.0.0.3003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Segoe UI
Service Studio
SkinsHP1
Skype Click to Call
Skype™ 5.8
SMSC IrCC V5.1.3600.7
Soft Data Fax Modem with SmartCP
SolutionCenter
Sonic Encoders
Sonic_PrimoSDK
SpywareBlaster 4.5
Status
SUPERAntiSpyware
Toolbox
TrayApp
TuneUp Utilities 2007
TweakMCE
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VBA (2627.01)
WebFldrs XP
WebReg
Windows Defender
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
2/8/2012 8:00:47 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1486.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/8/2012 12:10:20 AM, error: Server [2505] - The server could not bind to the transport \Device\NwlnkNb because another computer on the network has the same name. The server could not start.
2/8/2012 12:07:52 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
2/7/2012 11:10:22 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
2/6/2012 9:45:38 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 3 time(s).
2/6/2012 9:45:23 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
2/6/2012 9:34:15 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1358.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/6/2012 9:24:54 PM, error: Service Control Manager [7001] - The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/6/2012 9:24:54 PM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/6/2012 9:24:54 PM, error: Service Control Manager [7000] - The eLock2FSCTLDriver service failed to start due to the following error: The system cannot find the file specified.
2/6/2012 9:24:54 PM, error: Service Control Manager [7000] - The eLock2BurnerLockDriver service failed to start due to the following error: The system cannot find the file specified.
2/6/2012 8:25:22 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1358.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/6/2012 8:20:46 PM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
2/6/2012 8:20:33 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
2/6/2012 8:18:18 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
2/6/2012 8:18:12 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
2/6/2012 8:17:38 PM, error: Service Control Manager [7034] - The Secunia Update Agent service terminated unexpectedly. It has done this 2 time(s).
2/6/2012 8:17:30 PM, error: Service Control Manager [7034] - The EaseUS Agent service terminated unexpectedly. It has done this 1 time(s).
2/6/2012 8:17:26 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
2/6/2012 8:17:19 PM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
2/6/2012 8:17:07 PM, error: Service Control Manager [7034] - The Guard Agent service terminated unexpectedly. It has done this 1 time(s).
2/6/2012 8:16:59 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
2/6/2012 8:16:53 PM, error: Service Control Manager [7034] - The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).
2/6/2012 8:16:48 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
2/6/2012 8:16:46 PM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
2/6/2012 8:16:10 PM, error: Service Control Manager [7034] - The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).
2/6/2012 8:16:04 PM, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 1 time(s).
2/6/2012 8:16:03 PM, error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
2/6/2012 8:16:03 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
2/6/2012 8:16:03 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2/6/2012 8:13:23 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
2/6/2012 8:13:23 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
2/6/2012 8:08:37 PM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
2/6/2012 7:55:42 PM, error: Service Control Manager [7034] - The EaseUS Agent service terminated unexpectedly. It has done this 2 time(s).
2/6/2012 7:54:56 PM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a8a9308, parameter3 8a8a947c, parameter4 805d29b4.
2/6/2012 7:52:55 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000098' while processing the file 'change.log' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
2/6/2012 6:17:25 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1358.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/6/2012 6:07:38 PM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
2/6/2012 6:07:27 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Microsoft Antimalware Service service, but this action failed with the following error: An instance of the service is already running.
2/6/2012 6:07:12 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
2/6/2012 6:01:56 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1358.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/6/2012 10:13:57 PM, error: Service Control Manager [7034] - The EaseUS Agent service terminated unexpectedly. It has done this 7 time(s).
2/6/2012 10:12:28 PM, error: Service Control Manager [7034] - The EaseUS Agent service terminated unexpectedly. It has done this 6 time(s).
2/6/2012 10:07:52 PM, error: Service Control Manager [7034] - The EaseUS Agent service terminated unexpectedly. It has done this 5 time(s).
2/6/2012 10:06:26 PM, error: Service Control Manager [7034] - The EaseUS Agent service terminated unexpectedly. It has done this 4 time(s).
2/6/2012 10:05:58 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.119.1358.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8001.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/6/2012 10:04:08 PM, error: Service Control Manager [7034] - The EaseUS Agent service terminated unexpectedly. It has done this 3 time(s).
.

==== End Of File ===========================

ComboFix 12-02-06.02 - Aaron 02/06/2012 22:06:46.9.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2686.2016 [GMT -5:00]
Running from: c:\documents and settings\Aaron\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\5C321E34.TMP
c:\documents and settings\All Users\Application Data\TEMP\84098FD3.TMP
.
.
((((((((((((((((((((((((( Files Created from 2012-01-07 to 2012-02-07 )))))))))))))))))))))))))))))))
.
.
2012-02-07 02:30 . 2012-02-07 02:30 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{6B08100D-F752-46CB-9B09-D21F3083BCE5}\offreg.dll
2012-02-06 23:07 . 2012-01-17 09:39 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B1B5B8C8-E94F-4B0E-AFAA-56659032F9A2}\mpengine.dll
2012-02-05 22:04 . 2012-02-05 22:04 -------- d-----w- C:\AV-CLS
2012-02-05 05:47 . 2012-02-05 05:47 -------- d-----w- c:\program files\Common Files\Skype
2012-02-04 13:58 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{6B08100D-F752-46CB-9B09-D21F3083BCE5}\mpengine.dll
2012-01-31 01:06 . 2012-01-17 09:39 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-29 15:45 . 2012-01-29 15:45 -------- d-----w- C:\FOUND.004
2012-01-29 15:24 . 2012-01-29 15:24 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-17 01:42 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-01-17 01:42 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2012-01-17 00:32 . 2012-01-17 00:32 -------- d-----w- C:\FOUND.003
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2011-10-03 18:40 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 04:19 . 2011-10-23 19:02 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-12-23 18:54 . 2011-12-23 18:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-23 18:54 . 2011-12-23 18:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 20:24 . 2011-09-21 17:51 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 18:01 . 2011-10-10 02:31 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-10-12 04:38 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-10-12 04:38 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-10-12 04:38 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-10-12 04:38 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-10-12 04:38 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-10-12 04:38 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:52 . 2011-10-12 04:38 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-10-12 04:38 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-10-12 04:38 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-25 21:57 . 2004-08-11 01:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-11 01:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-22 04:54 . 2011-11-22 04:54 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-11-18 13:37 . 2011-10-22 20:42 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-11-18 13:37 . 2011-11-29 15:12 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2011-11-18 12:35 . 2004-08-11 01:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-11 01:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-11 01:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-13 22:12 . 2011-09-24 16:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-08 06:07 . 2011-10-08 06:07 446464 ----a-w- c:\program files\TFC.exe
2012-02-04 03:46 . 2011-11-13 21:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\Spyware Protection Programs\SUPERAntiSpyware.exe" [2012-02-04 4617600]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\Spyware Protection Programs\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 18:54 551296 ------w- c:\program files\Spyware Protection Programs\SASWINLO.DLL
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype"="c:\program files\Skype\Phone\Skype.exe" /minimized /regrun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"ehTray"=c:\windows\ehome\ehtray.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"LManager"=c:\progra~1\LAUNCH~1\LManager.exe
"ntiMUI"=c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
"AzMixerSel"=c:\program files\Realtek\InstallShield\AzMixerSel.exe
"RTHDCPL"=RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\Outlook2007\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\BIN\\Agent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\av-cls\\wget.exe"= c:\\AV-CLS\\WGET.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [11/17/2011 10:07 AM 38920]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [11/17/2011 10:07 AM 42376]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/11/2011 11:38 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/11/2011 11:38 PM 314456]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [11/17/2011 10:07 AM 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [11/17/2011 10:07 AM 184072]
R1 SASDIFSV;SASDIFSV;c:\program files\Spyware Protection Programs\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\Spyware Protection Programs\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\Spyware Protection Programs\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/11/2011 11:38 PM 20568]
R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [11/25/2011 10:34 PM 60552]
R2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [11/25/2011 10:34 PM 23176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/21/2011 12:51 PM 652360]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 2:44 AM 399416]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [11/18/2011 8:37 AM 1510720]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/21/2011 12:51 PM 20464]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10/20/2011 11:48 AM 10064]
S1 MpKsl96138663;MpKsl96138663;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FB6678F9-71ED-4423-95EA-11CE230176D7}\MpKsl96138663.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FB6678F9-71ED-4423-95EA-11CE230176D7}\MpKsl96138663.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [11/21/2011 11:54 PM 23456]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [10/22/2011 4:48 PM 12984]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/10/2004 8:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\User_Feed_Synchronization-{B28F93DA-5DC2-40F3-B308-83679A11E00B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
2011-12-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 11:51]
.
2012-02-07 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2012-02-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 205.152.144.23 205.152.132.23
DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} - hxxp://acer.custhelp.com/euf/assets/activex/snret.cab
FF - ProfilePath - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\hfztfa89.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?.intl=us&.src=ym|http://www.facebook.com/aaron.sorenson1
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-06 22:16
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(2004)
c:\program files\Spyware Protection Programs\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
.
Completion time: 2012-02-06 22:20:06
ComboFix-quarantined-files.txt 2012-02-07 03:20
.
Pre-Run: 9,802,448,896 bytes free
Post-Run: 9,841,115,136 bytes free
.
- - End Of File - - FFC9E670681B7F72EF54C68E7B9ED1AA

Back to top

#2 Broni Re: [RESOLVED] Possible Malware Infection

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:30 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 12h 19m 13s

Posted 09 February 2012 - 03:54 AM

I don't see much there.

However you're running two AV programs, Avast and MSE.
One of them has to go.
Your choice.

When done.....

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Back to top

#3 Aaron Re: [RESOLVED] Possible Malware Infection

Member

50 posts
Joined: October 05, 2011
3 topics
Age: 28
Local time: 05:30 PM

Zodiac:Aquarius
Gender:Male
Location:Fort Lauderdale, FL
OS:Windows XP
Country:

Offline

Time Online: 15h 51m 35s

Posted 09 February 2012 - 05:06 AM

Thanks Broni,

Here are the logs!OTL logfile created on: 2/8/2012 11:53:29 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Aaron\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.62 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 65.55% Memory free
4.47 Gb Paging File | 3.70 Gb Available in Paging File | 82.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 43.88 Gb Total Space | 9.58 Gb Free Space | 21.82% Space Free | Partition Type: FAT32
Drive D: | 44.38 Gb Total Space | 44.26 Gb Free Space | 99.71% Space Free | Partition Type: NTFS

Computer Name: ACER-C28991BD48 | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/08 23:27:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aaron\Desktop\OTL.exe
PRC - [2012/02/03 22:46:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:24 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/21 22:47:12 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
PRC - [2011/10/21 22:47:04 | 000,060,552 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
PRC - [2011/08/11 19:38:08 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\Spyware Protection Programs\SASCore.exe
PRC - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/08 14:30:14 | 001,691,136 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12020801\algo.dll
MOD - [2012/02/03 22:46:24 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/13 17:12:34 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/04 09:54:16 | 000,930,304 | ---- | M] () -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\hfztfa89.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/21 22:46:20 | 000,088,712 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll
MOD - [2011/10/21 22:46:20 | 000,064,648 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
MOD - [2011/10/21 22:46:14 | 000,243,336 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll
MOD - [2011/10/21 22:46:14 | 000,074,376 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSize.dll
MOD - [2011/10/21 22:46:14 | 000,069,768 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
MOD - [2011/10/21 22:46:12 | 000,051,848 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/11/25 17:18:00 | 001,291,264 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll
MOD - [2008/04/13 20:12:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/10/19 10:17:58 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
MOD - [2004/10/05 03:08:00 | 000,055,808 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/28 13:01:24 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/21 22:47:12 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2011/10/21 22:47:04 | 000,060,552 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2011/09/25 11:44:28 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011/08/11 19:38:08 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\Spyware Protection Programs\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/28 12:53:54 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:36 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:20 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 12:48:50 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/11/21 23:54:44 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2011/10/22 16:48:18 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2011/10/21 22:46:56 | 000,184,072 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV - [2011/10/21 22:46:52 | 000,042,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2011/10/21 22:46:48 | 000,016,008 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/10/21 22:46:46 | 000,038,920 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/07/22 12:27:04 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\Spyware Protection Programs\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:24 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\Spyware Protection Programs\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/05/12 13:49:38 | 000,806,272 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2006/05/10 11:27:00 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/27 09:46:50 | 001,540,096 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/23 09:59:00 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/03/23 09:59:00 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/03/23 09:59:00 | 000,037,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/03/16 13:24:06 | 004,249,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/25 10:44:52 | 000,488,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/12/23 16:13:06 | 000,013,184 | ---- | M] (Dritek System Inc.) [Kernel | Auto | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2004/12/09 14:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004/08/10 20:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 20:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4073655993-2245335686-3873283291-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://login.yahoo.com/config/login_verify2?.intl=us&.src=ym|http://www.facebook.com/aaron.sorenson1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/10/11 23:38:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/13 16:49:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/25 21:54:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Extensions
[2011/10/29 08:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\hfztfa89.default\extensions
[2012/01/07 23:41:06 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\hfztfa89.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/01/20 18:07:42 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\hfztfa89.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/11/19 09:51:06 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\hfztfa89.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/01/28 09:29:06 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\hfztfa89.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/01/26 18:21:52 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\hfztfa89.default\extensions\firefox@ghostery.com
[2011/12/25 18:05:20 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\hfztfa89.default\extensions\foxyproxy@eric.h.jung
[2011/12/18 10:25:46 | 000,000,000 | ---D | M] (Rapportive) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\hfztfa89.default\extensions\rapportive@rapportive.com
[2012/01/20 18:07:32 | 000,000,000 | ---D | M] (Super Start) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\hfztfa89.default\extensions\superstart@enjoyfreeware.org
[2011/12/12 19:51:02 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\hfztfa89.default\extensions\support@lastpass.com
[2011/11/13 16:49:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AARON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HFZTFA89.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AARON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HFZTFA89.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AARON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HFZTFA89.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AARON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HFZTFA89.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AARON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HFZTFA89.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AARON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HFZTFA89.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AARON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HFZTFA89.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AARON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HFZTFA89.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AARON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HFZTFA89.DEFAULT\EXTENSIONS\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AARON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HFZTFA89.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AARON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HFZTFA89.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AARON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HFZTFA89.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\AARON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HFZTFA89.DEFAULT\EXTENSIONS\SPAM@TRASHMAIL.NET.XPI
[2011/10/11 23:38:20 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/02/03 22:46:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/04 22:44:20 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/11/04 22:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:44:20 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/11/04 22:44:20 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/11/04 22:44:20 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/02/06 22:15:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-4073655993-2245335686-3873283291-1005\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-4073655993-2245335686-3873283291-1005..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-4073655993-2245335686-3873283291-1005..\Run: [SUPERAntiSpyware] C:\Program Files\Spyware Protection Programs\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4073655993-2245335686-3873283291-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4073655993-2245335686-3873283291-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4073655993-2245335686-3873283291-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4073655993-2245335686-3873283291-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Outlook2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} http://acer.custhelp...tivex/snret.cab (SNRet Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.144.23 205.152.132.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DBE8E25-9033-43E7-A6A2-23328E4C2F20}: DhcpNameServer = 205.152.144.23 205.152.132.23
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\Spyware Protection Programs\SASWINLO.DLL) - C:\Program Files\Spyware Protection Programs\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\Spyware Protection Programs\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/01 16:56:28 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/08 23:27:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aaron\Desktop\OTL.exe
[2012/02/08 22:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aaron\Desktop\Smartest Computing
[2012/02/08 22:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aaron\Desktop\Smartest Computing logs & soft - junk
[2012/02/08 21:18:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/02/08 20:47:53 | 000,000,000 | -HSD | C] -- C:\Recycled
[2012/02/08 19:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aaron\Local Settings\Application Data\PCHealth
[2012/02/07 23:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aaron\Desktop\Gizmo - how to det if infected Installer Files
[2012/02/07 22:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aaron\Desktop\Gizmo - Computer Malware Cleaners
[2012/02/07 21:49:21 | 085,868,856 | ---- | C] (COMODO) -- C:\Documents and Settings\Aaron\Desktop\ComodoFirewall-Installer.exe
[2012/02/06 22:04:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/06 22:04:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/06 22:04:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/06 22:04:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/06 20:46:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/05 17:04:54 | 000,000,000 | ---D | C] -- C:\AV-CLS
[2012/02/05 16:13:15 | 000,023,040 | ---- | C] (Foundstone Inc.) -- C:\Documents and Settings\Aaron\Desktop\DSScan.exe
[2012/02/05 01:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aaron\Desktop\PC Backup
[2012/02/05 00:55:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aaron\Desktop\Junk
[2012/02/05 00:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/02/05 00:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/02/05 00:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aaron\Desktop\PC Advanced Managers
[2012/02/05 00:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aaron\Desktop\Internet & Social
[2012/01/29 10:45:52 | 000,000,000 | ---D | C] -- C:\FOUND.004
[2012/01/16 19:32:44 | 000,000,000 | ---D | C] -- C:\FOUND.003
[2011/10/15 16:55:53 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[2011/10/08 01:07:11 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Program Files\TFC.exe
[2006/01/19 18:19:06 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe

========== Files - Modified Within 30 Days ==========

[2012/02/08 23:57:02 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B28F93DA-5DC2-40F3-B308-83679A11E00B}.job
[2012/02/08 23:28:04 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/02/08 23:27:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aaron\Desktop\OTL.exe
[2012/02/08 19:50:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/08 19:50:20 | 2816,651,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/07 22:01:46 | 085,868,856 | ---- | M] (COMODO) -- C:\Documents and Settings\Aaron\Desktop\ComodoFirewall-Installer.exe
[2012/02/05 15:04:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/05 13:50:54 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/05 12:34:02 | 000,302,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/05 00:29:12 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Aaron\Desktop\Shortcut to Alt Energy.lnk
[2012/02/05 00:23:50 | 000,000,607 | ---- | M] () -- C:\Documents and Settings\Aaron\Desktop\Shortcut to Diet, Nutrition, etc.lnk
[2012/02/05 00:23:22 | 000,000,579 | ---- | M] () -- C:\Documents and Settings\Aaron\Desktop\Shortcut to Facebook.lnk
[2012/01/17 18:34:08 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk

========== Files Created - No Company Name ==========

[2012/02/06 22:04:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/06 22:04:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/06 22:04:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/06 22:04:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/06 22:04:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/06 21:01:00 | 000,002,625 | ---- | C] () -- C:\WINDOWS\System32\config.bak
[2012/02/06 21:01:00 | 000,001,789 | ---- | C] () -- C:\WINDOWS\System32\autoexec.bak
[2012/02/05 17:03:36 | 002,437,120 | ---- | C] () -- C:\Documents and Settings\Aaron\Desktop\Multi_AV.exe
[2012/02/05 00:29:11 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Aaron\Desktop\Shortcut to Alt Energy.lnk
[2012/02/05 00:23:48 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Aaron\Desktop\Shortcut to Diet, Nutrition, etc.lnk
[2012/02/05 00:23:21 | 000,000,579 | ---- | C] () -- C:\Documents and Settings\Aaron\Desktop\Shortcut to Facebook.lnk
[2011/11/17 10:07:17 | 000,042,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2011/10/22 16:48:17 | 000,012,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/10/16 17:41:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2011/10/04 11:01:16 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Aaron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/25 14:18:44 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/09/24 22:20:00 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2011/09/24 19:53:18 | 000,109,164 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2011/09/24 19:53:18 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2011/09/22 10:17:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/09/20 13:42:08 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Aaron\Local Settings\Application Data\fusioncache.dat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/06/01 18:31:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/01 18:30:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/01 18:19:44 | 000,302,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/01 16:56:54 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/06/01 16:55:56 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006/06/01 16:55:56 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006/06/01 16:55:56 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006/06/01 16:55:56 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006/06/01 16:51:58 | 000,508,792 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/01 16:51:58 | 000,089,638 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/01 16:25:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/01 16:22:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/05/12 13:50:28 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini
[2006/04/24 16:48:58 | 000,127,619 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/03/10 14:15:44 | 000,036,404 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/01/07 02:39:20 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\RtkHDAud.dat
[2005/10/31 18:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/15 16:48:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/03/28 15:45:26 | 000,000,085 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/12/17 16:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/10 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/10 20:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/02/13 13:49:00 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2002/05/24 16:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/26 17:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/26 17:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/09/21 10:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/21 12:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/09/25 11:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/10/22 14:50:26 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/10/29 17:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/09/21 12:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\TuneUp Software
[2011/09/22 11:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Windows Desktop Search
[2011/09/23 09:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Javacool Software
[2011/09/25 11:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Autodesk
[2011/09/25 14:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\pdfforge
[2011/09/25 19:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Windows Search
[2011/09/26 11:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\Gridgistics
[2011/10/22 22:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aaron\Application Data\ElevatedDiagnostics
[2012/02/08 23:57:02 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B28F93DA-5DC2-40F3-B308-83679A11E00B}.job
[2011/12/30 17:16:14 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/02/08 19:50:18 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/09/22 10:57:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2004/08/10 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2006/06/01 16:25:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/06/01 16:56:28 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/06/01 16:25:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/06/01 16:25:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/06/01 16:42:38 | 000,000,519 | ---- | M] () -- C:\RHDSetup.log
[2011/12/29 21:19:30 | 000,000,337 | -HS- | M] () -- C:\boot.ini
[2006/06/01 18:35:14 | 000,000,081 | ---- | M] () -- C:\Preload.aaa
[2012/02/08 19:50:20 | 2816,651,264 | -HS- | M] () -- C:\hiberfil.sys
[1999/11/11 00:17:54 | 000,000,049 | ---- | M] () -- C:\MCE.TAG
[2011/10/09 01:30:52 | 000,001,861 | ---- | M] () -- C:\rescue-system_scan.log
[2011/10/11 23:11:42 | 000,000,044 | ---- | M] () -- C:\xxx.ini
[2012/02/08 00:27:50 | 000,015,057 | ---- | M] () -- C:\ComboFix.txt
[2011/12/10 15:24:44 | 000,360,448 | -HS- | M] () -- C:\EUMONBMP.SYS
[2011/12/10 16:13:04 | 000,364,032 | -HS- | M] () -- C:\{5C81E26E-E0E1-4E32-9C8A-0DA9DEDAEC0D}.CBM
[2011/12/10 16:13:04 | 000,004,096 | -HS- | M] () -- C:\{284CF245-4B0E-4B7C-8741-ABC8D8E36F22}.CBM
[2012/02/07 23:21:24 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.7.9.0_07.02.2012_23.21.12_log.txt
[2012/02/07 23:26:24 | 000,069,174 | ---- | M] () -- C:\TDSSKiller.2.7.10.0_07.02.2012_23.23.04_log.txt
[2011/09/25 14:24:44 | 000,000,007 | ---- | M] () -- C:\ISACER.id
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/09/21 11:13:00 | 000,000,221 | ---- | M] () -- C:\Boot.bak
[2011/10/22 12:57:46 | 000,000,601 | ---- | M] () -- C:\rkill.log

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2005/12/15 12:03:40 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2006/06/01 16:25:06 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/10/14 22:41:46 | 000,072,192 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/11/28 13:01:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2011/10/08 01:07:16 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Program Files\TFC.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/06/01 16:15:22 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2006/06/01 16:15:22 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/06/01 16:15:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/09/22 11:03:16 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/09/20 13:43:18 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/06/01 16:32:04 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/02/08 23:27:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aaron\Desktop\OTL.exe
[2004/04/13 18:18:00 | 000,023,040 | ---- | M] (Foundstone Inc.) -- C:\Documents and Settings\Aaron\Desktop\DSScan.exe
[2012/01/06 22:51:40 | 002,437,120 | ---- | M] () -- C:\Documents and Settings\Aaron\Desktop\Multi_AV.exe
[2012/02/07 22:01:46 | 085,868,856 | ---- | M] (COMODO) -- C:\Documents and Settings\Aaron\Desktop\ComodoFirewall-Installer.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2006/05/12 13:50:30 | 000,013,448 | ---- | M] () -- C:\WINDOWS\M2000Twn.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2011/10/07 19:29:50 | 000,000,698 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/10 20:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/09/20 13:43:18 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Aaron\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/02/08 23:52:20 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\Aaron\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
[2008/04/13 20:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2008/05/02 10:01:50 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/12/25 08:15:38 | 000,345,983 | ---- | M] () -- C:\WINDOWS\system\RCDsetup.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-02-07 22:36:41

< End of report >

--------------------------------------------------------------------------------

OTL Extras logfile created on: 2/8/2012 11:53:29 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Aaron\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.62 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 65.55% Memory free
4.47 Gb Paging File | 3.70 Gb Available in Paging File | 82.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 43.88 Gb Total Space | 9.58 Gb Free Space | 21.82% Space Free | Partition Type: FAT32
Drive D: | 44.38 Gb Total Space | 44.26 Gb Free Space | 99.71% Space Free | Partition Type: NTFS

Computer Name: ACER-C28991BD48 | User Name: Aaron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-4073655993-2245335686-3873283291-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Outlook2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Outlook2007\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Outlook2007\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\NewTech Infosystems\LiveUpdate\LiveUpdate.exe" = C:\Program Files\Common Files\NewTech Infosystems\LiveUpdate\LiveUpdate.exe:*:Enabled:LiveUpdate -- (Newtech Infosystems, Inc.)
"C:\Program Files\EaseUS\Todo Backup\BIN\Agent.exe" = C:\Program Files\EaseUS\Todo Backup\BIN\Agent.exe:*:Enabled:Agent.exe -- (CHENGDU YIWO Tech Development Co., Ltd)
"C:\av-cls\wget.exe" = C:\AV-CLS\WGET.EXE:*:Enabled:WGET.EXE -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{13CD417D-F1F1-4AC4-945D-FDDEB884756F}" = Microsoft Baseline Security Analyzer 2.2
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.8
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Acer OrbiCam
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{61B1A9C8-B2AD-4F54-B916-388FFD07BDE7}" = 4300
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7DEF17DA-2FBD-457F-8550-68A116B7ACD9}" = WOT for Internet Explorer
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{88119CBB-EEE8-4D68-9B78-6E9B660D75C2}" = ATI Catalyst Control Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D5AC6EF-B91C-4E03-99DE-C72536BB381F}" = TweakMCE
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKSTD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKSTD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKSTD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKSTD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00E0-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-00E0-0000-0000-0000000FF1CE}_OUTLOOKSTD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKSTD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A744C7C3-76F5-42F5-9E15-497A3DFBC709}" = 4300Trb
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CA9D7B35-C22D-4002-A836-78BC141F69F1}" = Service Studio
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1
"{D9CC869F-DA2B-3E9B-EF47-29F831A41619}" = AMD Catalyst Install Manager
"{DA1CD94B-826A-4bba-AC46-EF352F47BC81}" = InstantShareDevices
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E769999E-D0D9-4D51-AEFE-1BD44289E550}" = 4300_Help
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.7
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"7-Zip" = 7-Zip 9.20
"9E140F48C9836B9B78539C08FB2B17146BDB3F65" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"avast" = avast! Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Clownfish" = Clownfish for Skype
"CNXT_MODEM_PCI_VEN_14F1&DEV_2BFA&SUBSYS_1025009F" = Soft Data Fax Modem with SmartCP
"CSCLIB" = Canon Camera Support Core Library
"DriverAgent.exe" = DriverAgent by eSupport.com
"EaseUS Todo Backup Free 3.5_is1" = EaseUS Todo Backup Free 3.5
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"EULAlyzer_is1" = EULAlyzer 2.1
"FileHippo.com" = FileHippo.com Update Checker
"HP Document Viewer" = HP Document Viewer 6.1
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Photo & Imaging" = HP Photosmart Premier Software 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 10.0 (x86 en-GB)" = Mozilla Firefox 10.0 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OUTLOOKSTD" = Microsoft Office Outlook 2007
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.93
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"SpywareBlaster_is1" = SpywareBlaster 4.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/6/2012 7:01:56 PM | Computer Name = ACER-C28991BD48 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 2/6/2012 7:17:26 PM | Computer Name = ACER-C28991BD48 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 2/6/2012 8:41:00 PM | Computer Name = ACER-C28991BD48 | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code 1. The machine must now be restarted.

Error - 2/6/2012 8:45:47 PM | Computer Name = ACER-C28991BD48 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2/6/2012 9:08:45 PM | Computer Name = ACER-C28991BD48 | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code 1. The machine must now be restarted.

Error - 2/6/2012 9:25:23 PM | Computer Name = ACER-C28991BD48 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 2/6/2012 10:34:16 PM | Computer Name = ACER-C28991BD48 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 2/6/2012 11:05:59 PM | Computer Name = ACER-C28991BD48 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 2/8/2012 8:55:34 PM | Computer Name = ACER-C28991BD48 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 2/8/2012 9:00:48 PM | Computer Name = ACER-C28991BD48 | Source = MPSampleSubmission | ID = 5000
Description =

[ System Events ]
Error - 2/8/2012 10:13:39 AM | Computer Name = ACER-C28991BD48 | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 2/8/2012 10:21:05 AM | Computer Name = ACER-C28991BD48 | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 2/8/2012 10:21:05 AM | Computer Name = ACER-C28991BD48 | Source = Service Control Manager | ID = 7000
Description = The eLock2BurnerLockDriver service failed to start due to the following
error: %%2

Error - 2/8/2012 10:21:05 AM | Computer Name = ACER-C28991BD48 | Source = Service Control Manager | ID = 7000
Description = The eLock2FSCTLDriver service failed to start due to the following
error: %%2

Error - 2/8/2012 10:21:05 AM | Computer Name = ACER-C28991BD48 | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 2/8/2012 8:51:03 PM | Computer Name = ACER-C28991BD48 | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 2/8/2012 8:51:03 PM | Computer Name = ACER-C28991BD48 | Source = Service Control Manager | ID = 7000
Description = The eLock2BurnerLockDriver service failed to start due to the following
error: %%2

Error - 2/8/2012 8:51:03 PM | Computer Name = ACER-C28991BD48 | Source = Service Control Manager | ID = 7000
Description = The eLock2FSCTLDriver service failed to start due to the following
error: %%2

Error - 2/8/2012 8:51:03 PM | Computer Name = ACER-C28991BD48 | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 2/8/2012 9:00:47 PM | Computer Name = ACER-C28991BD48 | Source = Microsoft Antimalware | ID = 2001
Description =

< End of report >

Back to top

#4 Broni Re: [RESOLVED] Possible Malware Infection

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:30 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 12h 19m 13s

Posted 09 February 2012 - 05:53 AM

Those are clean.

1. Update your Java version here: http://www.java.com/...d/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

===========================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Back to top

#5 Aaron Re: [RESOLVED] Possible Malware Infection

Member

50 posts
Joined: October 05, 2011
3 topics
Age: 28
Local time: 05:30 PM

Zodiac:Aquarius
Gender:Male
Location:Fort Lauderdale, FL
OS:Windows XP
Country:

Offline

Time Online: 15h 51m 35s

Posted 10 February 2012 - 08:17 AM

Hi Broni,

Here are the scan logs. The ESET scanner got some stuff and my wireless signal connection is again good! My wireless signal only comes on when I bring up / refresh a page; still, the computer portion of the wireless signal icon lights up sometimes as well... is that normal?

Security Check

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
SpywareBlaster 4.5
SUPERAntiSpyware
Windows Defender
Secunia PSI (2.0.0.3003)
TuneUp Utilities 2007
Java™ 6 Update 30
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-GB..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Windows Defender MsMpEng.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

FSS

Farbar Service Scanner Version: 08-02-2012
Ran by Aaron (administrator) on 09-02-2012 at 22:09:47
Running from "C:\Documents and Settings\Aaron\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(9) Gpc(7) IPSec(5) irda(3) NetBT(6) NwlnkIpx(10) NwlnkNb(11) PSched(8) Tcpip(4)
0x0C0000000500000001000000020000000300000004000000090000000600000007000000080000000A0000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****

ESET Scan

C:\Documents and Settings\Aaron\My Documents\Downloads\BestVideoDownloaderSetup-TurboUpgrade.exe probably a variant of Win32/Adware.DWTYODG application cleaned by deleting - quarantined
C:\Documents and Settings\Aaron\Desktop\Junk\Program Setups\UBCD4WinV360.exe.vir Win32/PrcView application deleted - quarantined
C:\Documents and Settings\Aaron\Desktop\Junk\Program Setups\PDFCreator-1_2_3_setup.exe multiple threats deleted - quarantined
C:\Documents and Settings\Aaron\Desktop\Junk\Program Setups\UBCD4WinV360.exe Win32/PrcView application deleted - quarantined
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\Program Files\TuneUp Utilities 2012\keygen.exe a variant of Win32/Keygen.BU application cleaned by deleting - quarantined
C:\System Volume Information\_restore{099D30DC-C26B-4E90-9285-C34D0601D32B}\RP203\A0056007.exe probably a variant of Win32/Adware.DWTYODG application cleaned by deleting - quarantined
C:\System Volume Information\_restore{099D30DC-C26B-4E90-9285-C34D0601D32B}\RP215\A0062425.exe multiple threats deleted - quarantined
C:\System Volume Information\_restore{099D30DC-C26B-4E90-9285-C34D0601D32B}\RP215\A0062426.exe Win32/PrcView application deleted - quarantined
C:\System Volume Information\_restore{099D30DC-C26B-4E90-9285-C34D0601D32B}\RP215\A0062427.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\System Volume Information\_restore{099D30DC-C26B-4E90-9285-C34D0601D32B}\RP215\A0062428.exe a variant of Win32/Keygen.BU application cleaned by deleting - quarantined

Back to top

#6 Broni Re: [RESOLVED] Possible Malware Infection

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:30 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 12h 19m 13s

Posted 10 February 2012 - 03:34 PM

Quote

My wireless signal only comes on when I bring up / refresh a page; still, the computer portion of the wireless signal icon lights up sometimes as wel

I'm not sure what you're saying....

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/v...ning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingc.../topic2520.html

13. Please, let me know, how your computer is doing.

Back to top

#7 Aaron Re: [RESOLVED] Possible Malware Infection

Member

50 posts
Joined: October 05, 2011
3 topics
Age: 28
Local time: 05:30 PM

Zodiac:Aquarius
Gender:Male
Location:Fort Lauderdale, FL
OS:Windows XP
Country:

Offline

Time Online: 15h 51m 35s

Posted 11 February 2012 - 12:57 AM

Thanks Broni!,

I will post the log here shortly. Also, when I booted this evening, I got the attached error messages. I thought the one may have been due to malware bytes so changed the service startup from automatic to manual. The next is Javascript related.

Attached Files

SC - Error Msgs.doc 267K 4 downloads

Back to top

#8 Broni Re: [RESOLVED] Possible Malware Infection

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:30 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 12h 19m 13s

Posted 11 February 2012 - 01:01 AM

Disable jusched.exe as a startup: http://www.howtogeek...-is-it-running/

Back to top

#9 Aaron Re: [RESOLVED] Possible Malware Infection

Member

50 posts
Joined: October 05, 2011
3 topics
Age: 28
Local time: 05:30 PM

Zodiac:Aquarius
Gender:Male
Location:Fort Lauderdale, FL
OS:Windows XP
Country:

Offline

Time Online: 15h 51m 35s

Posted 11 February 2012 - 01:17 AM

As far as the icon that I have concerns about, you can see the computer monitor part of the icon lit up in the attached doc. I know the wireless portion with the green parenthesis bracket is normal when accessing the net but I'm not sure on the computer monitor part... Is the light up monitor normal?

Here is the OTL log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 2968 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Aaron
->Temp folder emptied: 434401 bytes
->Temporary Internet Files folder emptied: 15557376 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 29413460 bytes
->Flash cache emptied: 485 bytes

User: Aaron S
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30504 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 446464 bytes

Total Files Cleaned = 44.00 mb

[EMPTYFLASH]

User: Default User
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService

User: LocalService

User: Administrator

User: Aaron
->Flash cache emptied: 0 bytes

User: Aaron S

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Administrator

User: Aaron
->Java cache emptied: 0 bytes

User: Aaron S

Total Java Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 02102012_195942

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Attached Files

SC - Wireless Sym.doc 231.5K 3 downloads

Back to top

#10 Broni Re: [RESOLVED] Possible Malware Infection

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:30 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 12h 19m 13s

Posted 11 February 2012 - 01:25 AM

That kind of icon will look very different on different computers or even with different wireless adapter chip but I don't think you have anything to worry about.

Quote

13. Please, let me know, how your computer is doing.

Whenever ready....

Back to top

#11 Aaron Re: [RESOLVED] Possible Malware Infection

Member

50 posts
Joined: October 05, 2011
3 topics
Age: 28
Local time: 05:30 PM

Zodiac:Aquarius
Gender:Male
Location:Fort Lauderdale, FL
OS:Windows XP
Country:

Offline

Time Online: 15h 51m 35s

Posted 11 February 2012 - 01:28 AM

Broni,

Here is another interesting screenshot of my scheduled tasks. I unchecked my auto update for Java as you suggested (I tried this when I first installed it but the update tab was not available) and then went to set up an auto update in scheduler as suggested by how to geek. I found a couple of tasks I don't recall ever setting up in there... the MP & User Feed tasks. Looks suspicious?...

Attached Files

SC - Scheduled Task suspicion.doc 87.5K 4 downloads

Back to top

#12 Aaron Re: [RESOLVED] Possible Malware Infection

Member

50 posts
Joined: October 05, 2011
3 topics
Age: 28
Local time: 05:30 PM

Zodiac:Aquarius
Gender:Male
Location:Fort Lauderdale, FL
OS:Windows XP
Country:

Offline

Time Online: 15h 51m 35s

Posted 11 February 2012 - 01:31 AM

Broni, on 11 February 2012 - 01:25 AM, said:

That kind of icon will look very different on different computers or even with different wireless adapter chip but I don't think you have anything to worry about.

Thanks, sounds good!

Whenever ready....

Computer seems to be working just fine now.

Back to top

#13 Broni Re: [RESOLVED] Possible Malware Infection

Malware Annihilator

24,883 posts
Joined: October 04, 2004
1,860 topics
Age: 57
Skin: IPBoard wide
Local time: 03:30 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 57d 12h 19m 13s

Posted 11 February 2012 - 01:44 AM

Here are your tasks:

Quote

Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\User_Feed_Synchronization-{B28F93DA-5DC2-40F3-B308-83679A11E00B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
2011-12-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 11:51]
.
2012-02-07 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2012-02-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]

All safe.
I'd probably uninstall TuneUp Utilities 2007 as it most likely deals with registry.