Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post Browser & other programs running slo ...
Go to first new post Memory upgrade problems.
Go to first new post Computer Crime and Intellectual Property ...
Go to first new post Unable to turn on Windows Security Centr ...
Go to first new post Files keep deleting themselves! NEED HEL ...
Go to first new post Windows Update not working
Go to first new post only command prompt apears on boot
Go to first new post Please check my log...Computer running S ...
Go to first new post Browser shutdown
Go to first new post Possible Search Conduit Virus or Hijack
Go to first new post AxentraLog and FXSAPIDebugLogFile
Go to first new post Click live search redirect..........Help ...
Go to first new post Sudden failure of utilities
Go to first new post Trojan virus
Go to first new post Laptop is acting weird
Search Search
Search for:
Tech Support Guy Forums > > >

Solved: Computer booting slowly & suspicious behavior


(!)

Reply
Page 1 of 3 1 23
ryan41225's Avatar
Computer Specs
Member with 22 posts.
THREAD STARTER
  
Join Date: Jul 2012
Experience: Intermediate
02-Jul-2012, 05:50 PM #1
Computer booting slowly & suspicious behavior
Ok, so until a couple of days back, all seemed pretty ok & then I felt the PC slowing down a bit, I didn't pay attention that time but in the morning it took ages to boot the PC, so I defragmented the drives, ran error-checks on disks, did a boot-scan with Avast, ran Malwarebytes & such, then there was an episode where all the text in all the windows was gone, be it Opera, Windows Explorer & so on, CPU running at full speed & everything, I tried to access Malwarebytes & got a message that system resources were insufficient (something like that), even Avast froze, I rebooted & ran Rkill, the only process it showed was Avast so I uninstalled it (re-installed now) & ran Malwarebytes (again), Spybot S&D, I already had Spywareblaster & Spyware Guard installed, then I downloaded, installed & scanned with Superantispyware, Panda AV, Sophos rootkit tool, Emsisoft Emergency Kit, a couple of them caught some stuff but they mostly seemed like false-positives because I could recognize most of them as gamebots but I deleted them anyway.

Anyways, so PC still seems to work, it's not slow while working but the boot still takes 5-10 minutes, previously it was probably a minute or two; may be there are viruses or rootkits sitting in there

Another thing I've noticed is that a CD icon has been appearing beside the pointer/cursor sometimes when waiting for something to happen, just like you know that hourglass appears beside the pointer/cursor; if I'm not mistaken, we get that CD icon while a CD is loading or something like that so I wonder why it has been appearing so frequently in the past couple of days despite the fact that I haven't been using any CDs

Very grateful for this forum & all the help being offered. Thanks



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:15:27 AM, on 7/3/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
D:\Soft\Sandboxie\New Folder\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe
C:\WINDOWS\System32\svchost.exe
D:\Soft\Sandboxie\New Folder\SandboxieRpcSs.exe
D:\Soft\Sandboxie\New Folder\SbieCtrl.exe
D:\Soft\Sandboxie\New Folder\SandboxieDcomLaunch.exe
D:\Soft\Opera\New Folder\opera.exe
C:\Documents and Settings\sachin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - D:\Soft\KeyScrambler\New Folder\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Soft\SpywareGuard\New Folder\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Soft\SPYBOT~1\NEWFOL~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe] D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Soft\Spybot S & D\New Folder\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Soft\SuperAntiSpyware Free\New Folder\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = D:\Soft\SpywareGuard\New Folder\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download with Mipony - file://D:\Soft\MP\New Folder\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: FVDIEPlugin Add Page - res://D:\Soft\FLASHD~1\NEWFOL~1\FVDIEP~1\FVDIEPlugin_1.dll/IECONTEXT.DLL.HTM
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Soft\Paltalk\New Folder\Paltalk.exe
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\Soft\KeyScrambler\New Folder\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\Soft\KeyScrambler\New Folder\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Soft\SPYBOT~1\NEWFOL~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Soft\SPYBOT~1\NEWFOL~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1265444050937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1265444034125
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8B5D383-FAC6-4F31-A6EB-D5D28E835222}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Soft\SuperAntiSpyware Free\New Folder\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - D:\Soft\Sandboxie\New Folder\SbieSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8982 bytes




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by sachin at 1:26:42 on 2012-07-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.346 [GMT 5.5:30]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
D:\Soft\Sandboxie\New Folder\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Soft\Sandboxie\New Folder\SandboxieRpcSs.exe
D:\Soft\Sandboxie\New Folder\SbieCtrl.exe
D:\Soft\Sandboxie\New Folder\SandboxieDcomLaunch.exe
D:\Soft\Opera\New Folder\opera.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.in/
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - d:\soft\keyscrambler\new folder\keyscrambler\KeyScramblerIE.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - d:\soft\spywareguard\new folder\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\soft\spybot~1\newfol~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [d:\soft\netmeter\new folder\netmeter\netmeter.exe] d:\soft\netmeter\new folder\netmeter\NetMeter.exe
uRun: [SpybotSD TeaTimer] d:\soft\spybot s & d\new folder\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] d:\soft\superantispyware free\new folder\SUPERAntiSpyware.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [COMODO Internet Security] "d:\soft\comodo firewall\new folder\comodo\comodo internet security\cfp.exe" -h
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\sachin\startm~1\programs\startup\spywar~1.lnk - d:\soft\spywareguard\new folder\spywareguard\sgmain.exe
IE: Download with Mipony - file://d:\soft\mp\new folder\mipony\browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: FVDIEPlugin Add Page - d:\soft\flashd~1\newfol~1\fvdiep~1\FVDIEPlugin_1.dll/IECONTEXT.DLL.HTM
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - d:\soft\paltalk\new folder\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - d:\soft\keyscrambler\new folder\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\soft\spybot~1\newfol~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265444050937
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265444034125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: Interfaces\{A8B5D383-FAC6-4F31-A6EB-D5D28E835222} : NameServer = 156.154.70.22,156.154.71.22
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - d:\soft\superantispyware free\new folder\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - d:\soft\spywareguard\new folder\spywareguard\spywareguard.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\soft\superantispyware free\new folder\SASSEH.DLL
mASetup: {0C0FC00D-7248-F10D-0103-060105070400} - c:\windows\system32\scvhost.exe
mASetup: {9EC0745F-CAD3-628A-48E9-02B9AFEC8E74} - c:\windows\xplorer.exe ³―γΆμ²
mASetup: {ED794CAD-FE87-2D78-DA3B-220B92CC9877} - c:\windows\system32\win32\svchost.exe s
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sachin\application data\mozilla\firefox\profiles\2c7qxrgq.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: d:\soft\divx 7\new folder\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\soft\quicktime\new folder\plugins\npqtplugin.dll
FF - plugin: d:\soft\quicktime\new folder\plugins\npqtplugin2.dll
FF - plugin: d:\soft\quicktime\new folder\plugins\npqtplugin3.dll
FF - plugin: d:\soft\quicktime\new folder\plugins\npqtplugin4.dll
FF - plugin: d:\soft\quicktime\new folder\plugins\npqtplugin5.dll
FF - plugin: d:\soft\quicktime\new folder\plugins\npqtplugin6.dll
FF - plugin: d:\soft\quicktime\new folder\plugins\npqtplugin7.dll
FF - plugin: d:\soft\realalternative 2.2\new folder\real alternative\browser\plugins\nppl3260.dll
FF - plugin: d:\soft\realalternative 2.2\new folder\real alternative\browser\plugins\nprpjplug.dll
FF - plugin: d:\soft\vlc\new folder\vlc\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-2 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-2 353688]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 29400]
R1 SASDIFSV;SASDIFSV;d:\soft\superantispyware free\new folder\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;d:\soft\superantispyware free\new folder\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;d:\soft\superantispyware free\new folder\SASCore.exe [2011-8-12 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-2 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-2 44808]
R2 cmdAgent;COMODO Internet Security Helper Service;d:\soft\comodo firewall\new folder\comodo\comodo internet security\cmdagent.exe [2011-6-30 1793712]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2010-6-13 2560]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-11-18 225592]
R3 SbieDrv;SbieDrv;d:\soft\sandboxie\new folder\SbieDrv.sys [2011-10-12 131344]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-15 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-13 257696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-11-29 1691480]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-15 135664]
S3 skbdrv;Encassa CoDefender;c:\windows\system32\drivers\skbdrv.sys --> c:\windows\system32\drivers\skbdrv.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-02 17:39:18 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-02 17:37:32 41224 ----a-w- c:\windows\avastSS.scr
2012-07-02 17:36:55 -------- d-----w- c:\program files\AVAST Software
2012-07-02 17:36:55 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-07-02 11:49:26 -------- d-----w- c:\documents and settings\sachin\local settings\application data\panda2_0dn
2012-07-02 11:12:55 -------- d-----w- c:\documents and settings\all users\application data\Sophos
2012-07-02 11:12:11 73728 ----a-r- c:\documents and settings\sachin\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-02 11:12:11 73728 ----a-r- c:\documents and settings\sachin\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-02 11:12:11 73728 ----a-r- c:\documents and settings\sachin\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2012-07-02 09:21:05 -------- d-----w- c:\documents and settings\sachin\application data\Panda Security
2012-07-02 09:18:09 -------- d-----w- c:\program files\Panda Security
2012-07-02 09:16:43 -------- d-----w- c:\documents and settings\all users\application data\Panda Security
2012-07-02 07:56:40 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-07-02 05:55:01 -------- d-----w- c:\documents and settings\sachin\application data\SUPERAntiSpyware.com
2012-07-02 05:53:04 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-06-30 14:23:19 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-30 12:55:18 -------- d-----w- c:\windows\pss
2012-06-30 08:26:44 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-06-30 08:26:44 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-30 08:19:36 -------- d-----w- c:\windows\Paltalk Messenger
2012-06-14 05:17:35 -------- d-----w- c:\documents and settings\sachin\local settings\application data\APN
.
==================== Find3M ====================
.
2012-07-02 19:09:13 833 --sha-w- c:\windows\system32\mmf.sys
2012-06-02 09:49:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 09:49:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 09:49:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 09:49:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 09:49:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 09:48:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 09:48:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 09:48:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:27:44 1872128 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 04:02:40 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-13 04:02:40 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:24:46 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:41:08 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-08 11:34:32 833 --sha-w- c:\windows\system32\mmf(2)(14).sys
2012-04-07 08:14:02 833 --sha-w- c:\windows\system32\mmf(2)(15).sys
2012-04-07 05:28:35 833 --sha-w- c:\windows\system32\mmf(3)(9).sys
2012-04-06 05:06:24 833 --sha-w- c:\windows\system32\mmf(4)(5).sys
2012-04-05 04:58:57 833 --sha-w- c:\windows\system32\mmf(3)(8).sys
2012-04-04 10:26:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 1:27:28.93 ===============





GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-03 02:18:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16 SAMSUNG_SP0822N rev.WA100-34
Running: 7oqmz2h1.exe; Driver: C:\DOCUME~1\sachin\LOCALS~1\Temp\fwdcqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF27DF488]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF28887BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xF27DFEA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF281FB81]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF27EACCC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF27EAD18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF27EAE9A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF281F535]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF27EAC3A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF27EAD5C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF27EAC82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xF27E0098]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF27EAE54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xF27E081C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF27DF4D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF2820247]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF28204FD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF27E3E88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF28200B2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF281FF1D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF288889E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF27DF13E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF27DF524]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF27E41FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF27E11E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF27EACF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF27EAD3A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF27EAEBE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF281F891]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF27EAC60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF27E39FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF27EADDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF27EACAA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF27E3C30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF27EAE78]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF2888A1E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF281FD98]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF27E10B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF281FBEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xF27E0C5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF2894338]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF281EBA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF27DF572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF27DF5C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xF27E069C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF27DF1C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF27DF378]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF282034E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF27DF31E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xF27E097E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xF27E0ADA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF27DF3E8]
SSDT \??\D:\Soft\SuperAntiSpyware Free\New Folder\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF29EF640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xF27E051C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF27DF60E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xF27DFEE8]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF28A0744]
Code F7EC0C9C ZwRequestPort
Code F7EC0D3C ZwRequestWaitReplyPort
Code F7EC0BFC ZwTraceEvent
Code F7EC0C9B NtRequestPort
Code F7EC0D3B NtRequestWaitReplyPort
Code F7EC0BFB NtTraceEvent
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 33A 804E4B94 4 Bytes JMP F0F281FB
.text ntoskrnl.exe!ZwYieldExecution + 3C2 804E4C1C 12 Bytes [72, F5, 7D, F2, C0, F5, 7D, ...]
.text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CC4 12 Bytes [7E, 09, 7E, F2, DA, 0A, 7E, ...]
.text ntoskrnl.exe!ZwYieldExecution + 4CA 804E4D24 4 Bytes [E8, FE, 7D, F2]
PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP F289F0FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B9F4 7 Bytes JMP F28A0748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805DF6F6 5 Bytes JMP F289D61C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\DOCUME~1\sachin\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[220] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[220] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[220] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[220] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[220] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[220] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[292] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[292] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[292] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[292] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[292] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[292] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[292] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[292] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[292] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[292] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[292] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[292] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[292] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[396] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[396] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[396] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[396] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[396] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\RTHDCPL.EXE[396] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[396] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\RTHDCPL.EXE[396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\RTHDCPL.EXE[396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\RTHDCPL.EXE[396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\RTHDCPL.EXE[396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\RTHDCPL.EXE[396] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[420] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[420] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[420] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\runservice.exe[420] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[420] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\runservice.exe[420] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[420] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\runservice.exe[420] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[504] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[504] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[504] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[504] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[504] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[504] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[504] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[504] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[504] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[664] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PnkBstrA.exe[696] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PnkBstrA.exe[696] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PnkBstrA.exe[696] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrA.exe[696] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PnkBstrA.exe[696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PnkBstrA.exe[696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PnkBstrA.exe[696] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrA.exe[696] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PnkBstrA.exe[696] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\PnkBstrA.exe[696] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[752] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[752] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[764] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[784] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[784] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[784] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[784] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[784] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[784] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[784] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\ctfmon.exe[784] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[784] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[784] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\csrss.exe[812] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[840] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[840] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[884] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[884] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10028AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[884] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 10028860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[884] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[884] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[884] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[884] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[884] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[884] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[884] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[896] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[896] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[896] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[896] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[896] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[896] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[896] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[896] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[896] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1072] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1088] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1088] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1168] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1168] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe[1332] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005190B0 D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe[1332] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00531040 D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe[1332] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe[1332] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1368] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1368] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1368] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1500] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1500] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1500] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1604] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1604] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1704] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1704] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1704] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1796] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1796] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1796] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1936] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1936] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1936] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1936] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1936] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1936] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1936] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1936] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1936] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1936] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1996] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1996] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1996] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1996] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1996] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1996] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1996] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1996] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1996] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1996] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2860] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2860] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2860] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2860] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2860] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2860] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2860] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2860] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2860] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2860] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3088] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3088] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3088] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3088] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3088] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3088] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[3088] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[3088] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[3088] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[3088] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[3088] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\alg.exe[3088] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3088] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0074CB10 D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001601F8
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001603FC
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 27,295 posts.
  
Join Date: Mar 2001
Location: Bradford, England
03-Jul-2012, 04:45 PM #2
Hiya and welcome to Tech Support Guy

P2P Warning!
  • IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    ΅Torrent

    Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
    Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

    I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    Please read these short reports on the dangers of peer-2-peer programs and file sharing.

    I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.

----------------------------
Now that's out of the way, lets get started

Download Security Check from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply



--------------------

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.


  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.


  • Click the Start Scan button.


  • If a suspicious object is detected, the default action will be Skip, click on Continue.


  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.


  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply


eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
ryan41225's Avatar
Computer Specs
Member with 22 posts.
THREAD STARTER
  
Join Date: Jul 2012
Experience: Intermediate
04-Jul-2012, 06:11 AM #3
Hi Eddie, nice meeting you

About P2P, I use it very rarely & always make sure that I'm not accidentally sharing any sensitive data, & open the ports only when needed, not otherwise. Thanks for helping out here



Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Anti-Virus Free Edition 2011
avast! Antivirus
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
SpywareBlaster 4.6
SpywareGuard v2.2
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java(TM) 6 Update 29
Java version out of Date!
Adobe Flash Player 11.2.202.235
Mozilla Firefox 10.0.2 Firefox out of Date!
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````





aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-04 15:03:57
-----------------------------
15:03:57.265 OS Version: Windows 5.1.2600 Service Pack 3
15:03:57.265 Number of processors: 2 586 0x409
15:03:57.265 ComputerName: CHANGEME UserName: sachin
15:04:03.171 Initialize success
15:04:06.234 AVAST engine defs: 12070301
15:04:46.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16
15:04:46.609 Disk 0 Vendor: SAMSUNG_SP0822N WA100-34 Size: 76351MB BusType: 3
15:04:46.640 Disk 0 MBR read successfully
15:04:46.640 Disk 0 MBR scan
15:04:46.656 Disk 0 Windows XP default MBR code
15:04:46.656 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20002 MB offset 63
15:04:46.734 Disk 0 Partition - 00 0F Extended LBA 56337 MB offset 40965750
15:04:46.750 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 26340 MB offset 40965813
15:04:46.750 Disk 0 Partition - 00 05 Extended 29996 MB offset 94912020
15:04:46.765 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29996 MB offset 94912083
15:04:46.781 Disk 0 scanning sectors +156344580
15:04:46.828 Disk 0 scanning C:\WINDOWS\system32\drivers
15:04:57.609 Service scanning
15:05:12.359 Modules scanning
15:05:44.562 Disk 0 trace - called modules:
15:05:44.562 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:05:44.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86727ab8]
15:05:44.578 3 CLASSPNP.SYS[f78a3fd7] -> nt!IofCallDriver -> \Device\00000073[0x8674b9e8]
15:05:44.578 5 ACPI.sys[f781a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-16[0x86749d98]
15:05:44.890 AVAST engine scan C:\WINDOWS
15:05:50.531 AVAST engine scan C:\WINDOWS\system32
15:08:44.656 AVAST engine scan C:\WINDOWS\system32\drivers
15:08:57.625 AVAST engine scan C:\Documents and Settings\sachin
15:11:25.312 AVAST engine scan C:\Documents and Settings\All Users
15:12:38.453 Scan finished successfully
15:13:36.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\sachin\Desktop\MBR.dat"
15:13:36.156 The log file has been saved successfully to "C:\Documents and Settings\sachin\Desktop\aswMBR.txt"





15:14:57.0078 2404 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
15:14:59.0078 2404 ============================================================
15:14:59.0078 2404 Current date / time: 2012/07/04 15:14:59.0078
15:14:59.0078 2404 SystemInfo:
15:14:59.0078 2404
15:14:59.0078 2404 OS Version: 5.1.2600 ServicePack: 3.0
15:14:59.0078 2404 Product type: Workstation
15:14:59.0078 2404 ComputerName: CHANGEME
15:14:59.0078 2404 UserName: sachin
15:14:59.0078 2404 Windows directory: C:\WINDOWS
15:14:59.0078 2404 System windows directory: C:\WINDOWS
15:14:59.0078 2404 Processor architecture: Intel x86
15:14:59.0078 2404 Number of processors: 2
15:14:59.0078 2404 Page size: 0x1000
15:14:59.0078 2404 Boot type: Normal boot
15:14:59.0078 2404 ============================================================
15:15:01.0406 2404 Drive \Device\Harddisk0\DR0 - Size: 0x12A3F92000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2605, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:15:01.0406 2404 ============================================================
15:15:01.0406 2404 \Device\Harddisk0\DR0:
15:15:01.0406 2404 MBR partitions:
15:15:01.0406 2404 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
15:15:01.0421 2404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x337275F
15:15:01.0453 2404 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5A83E53, BlocksNum 0x3A962B1
15:15:01.0453 2404 ============================================================
15:15:01.0515 2404 C: <-> \Device\Harddisk0\DR0\Partition0
15:15:01.0609 2404 D: <-> \Device\Harddisk0\DR0\Partition1
15:15:02.0406 2404 E: <-> \Device\Harddisk0\DR0\Partition2
15:15:02.0421 2404 ============================================================
15:15:02.0421 2404 Initialize success
15:15:02.0421 2404 ============================================================
15:15:23.0984 3652 ============================================================
15:15:23.0984 3652 Scan started
15:15:23.0984 3652 Mode: Manual; SigCheck; TDLFS;
15:15:23.0984 3652 ============================================================
15:15:24.0859 3652 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE
15:15:25.0093 3652 !SASCORE - ok
15:15:25.0265 3652 Aavmker4 (5803b5f166ee9865a3c763127dce02fd) C:\WINDOWS\system32\drivers\Aavmker4.sys
15:15:25.0453 3652 Aavmker4 - ok
15:15:25.0468 3652 Abiosdsk - ok
15:15:25.0500 3652 abp480n5 - ok
15:15:25.0562 3652 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:15:26.0437 3652 ACPI - ok
15:15:26.0484 3652 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:15:26.0671 3652 ACPIEC - ok
15:15:26.0796 3652 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:15:26.0906 3652 AdobeFlashPlayerUpdateSvc - ok
15:15:26.0921 3652 adpu160m - ok
15:15:26.0968 3652 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:15:27.0187 3652 aec - ok
15:15:27.0234 3652 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:15:27.0328 3652 AFD - ok
15:15:27.0343 3652 Aha154x - ok
15:15:27.0359 3652 aic78u2 - ok
15:15:27.0390 3652 aic78xx - ok
15:15:27.0421 3652 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:15:27.0640 3652 Alerter - ok
15:15:27.0671 3652 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:15:27.0765 3652 ALG - ok
15:15:27.0781 3652 AliIde - ok
15:15:28.0015 3652 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
15:15:28.0234 3652 Ambfilt - ok
15:15:28.0312 3652 amsint - ok
15:15:28.0359 3652 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:15:28.0468 3652 AppMgmt - ok
15:15:28.0484 3652 asc - ok
15:15:28.0515 3652 asc3350p - ok
15:15:28.0531 3652 asc3550 - ok
15:15:28.0609 3652 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:15:28.0640 3652 aspnet_state - ok
15:15:28.0671 3652 aswFsBlk (5679eaf49f7e2a93ceadcf0aaf6fa3a3) C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:15:28.0703 3652 aswFsBlk - ok
15:15:28.0734 3652 aswMon2 (61c194bc48521cb55be2763a33f77d44) C:\WINDOWS\system32\drivers\aswMon2.sys
15:15:28.0765 3652 aswMon2 - ok
15:15:28.0781 3652 AswRdr (b221d97841c02ae79ec5c56172724f5c) C:\WINDOWS\system32\drivers\AswRdr.sys
15:15:28.0812 3652 AswRdr - ok
15:15:28.0906 3652 aswSnx (1aee85af4b664ea9e22ebe41e8f96571) C:\WINDOWS\system32\drivers\aswSnx.sys
15:15:29.0000 3652 aswSnx - ok
15:15:29.0078 3652 aswSP (3c9d1aeb0fafa8493335503ebee9a301) C:\WINDOWS\system32\drivers\aswSP.sys
15:15:29.0140 3652 aswSP - ok
15:15:29.0156 3652 aswTdi (74f58f4adafaf50b9a09cb6e17b4ee49) C:\WINDOWS\system32\drivers\aswTdi.sys
15:15:29.0203 3652 aswTdi - ok
15:15:29.0234 3652 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:15:29.0437 3652 AsyncMac - ok
15:15:29.0484 3652 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:15:29.0703 3652 atapi - ok
15:15:29.0718 3652 Atdisk - ok
15:15:29.0781 3652 Ati HotKey Poller (60d2d92bd2390c50bce4106113f8b83b) C:\WINDOWS\system32\Ati2evxx.exe
15:15:29.0875 3652 Ati HotKey Poller - ok
15:15:29.0968 3652 ATI Smart (da05c02074349afe712042f52fec3436) C:\WINDOWS\system32\ati2sgag.exe
15:15:30.0046 3652 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
15:15:30.0046 3652 ATI Smart - detected UnsignedFile.Multi.Generic (1)
15:15:30.0218 3652 ati2mtag (1bc00580219007683339b3a78b8f2232) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:15:30.0390 3652 ati2mtag - ok
15:15:30.0437 3652 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:15:30.0640 3652 Atmarpc - ok
15:15:30.0671 3652 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:15:30.0890 3652 AudioSrv - ok
15:15:30.0921 3652 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:15:31.0140 3652 audstub - ok
15:15:31.0218 3652 avast! Antivirus (b31f785751157aa8e2a33ea1cb4dc5be) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:15:31.0250 3652 avast! Antivirus - ok
15:15:31.0281 3652 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
15:15:31.0312 3652 AVGIDSDriver - ok
15:15:31.0343 3652 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
15:15:31.0375 3652 AVGIDSEH - ok
15:15:31.0390 3652 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
15:15:31.0421 3652 AVGIDSFilter - ok
15:15:31.0437 3652 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
15:15:31.0484 3652 AVGIDSShim - ok
15:15:31.0531 3652 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
15:15:31.0562 3652 Avgldx86 - ok
15:15:31.0578 3652 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
15:15:31.0609 3652 Avgmfx86 - ok
15:15:31.0640 3652 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
15:15:31.0671 3652 Avgrkx86 - ok
15:15:31.0734 3652 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
15:15:31.0765 3652 Avgtdix - ok
15:15:31.0812 3652 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:15:32.0031 3652 Beep - ok
15:15:32.0109 3652 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:15:32.0375 3652 BITS - ok
15:15:32.0421 3652 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:15:32.0656 3652 Browser - ok
15:15:32.0671 3652 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:15:32.0890 3652 cbidf2k - ok
15:15:32.0906 3652 cd20xrnt - ok
15:15:32.0953 3652 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:15:33.0156 3652 Cdaudio - ok
15:15:33.0203 3652 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:15:33.0437 3652 Cdfs - ok
15:15:33.0468 3652 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:15:33.0687 3652 Cdrom - ok
15:15:33.0703 3652 Changer - ok
15:15:33.0734 3652 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:15:33.0937 3652 CiSvc - ok
15:15:33.0968 3652 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:15:34.0171 3652 ClipSrv - ok
15:15:34.0234 3652 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:15:34.0265 3652 clr_optimization_v2.0.50727_32 - ok
15:15:34.0343 3652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:15:34.0375 3652 clr_optimization_v4.0.30319_32 - ok
15:15:34.0640 3652 cmdAgent (43f37e8f60f3677e84c6afc70c784afd) D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe
15:15:34.0828 3652 cmdAgent - ok
15:15:34.0890 3652 cmdGuard (251f906328af49e7927a1ad12b543a2f) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
15:15:34.0937 3652 cmdGuard - ok
15:15:34.0953 3652 cmdHlp (207f06d08afcdd3bbc801eab1a845cfb) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
15:15:34.0984 3652 cmdHlp - ok
15:15:35.0000 3652 CmdIde - ok
15:15:35.0015 3652 COMSysApp - ok
15:15:35.0046 3652 Cpqarray - ok
15:15:35.0125 3652 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
15:15:35.0140 3652 cpudrv - ok
15:15:35.0187 3652 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:15:35.0390 3652 CryptSvc - ok
15:15:35.0406 3652 dac2w2k - ok
15:15:35.0421 3652 dac960nt - ok
15:15:35.0500 3652 DcomLaunch (9222562d44021b988b9f9f62207fb6f2) C:\WINDOWS\system32\rpcss.dll
15:15:35.0609 3652 DcomLaunch - ok
15:15:35.0656 3652 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:15:35.0875 3652 Dhcp - ok
15:15:35.0906 3652 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:15:36.0125 3652 Disk - ok
15:15:36.0140 3652 dmadmin - ok
15:15:36.0265 3652 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:15:36.0562 3652 dmboot - ok
15:15:36.0593 3652 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:15:36.0812 3652 dmio - ok
15:15:36.0843 3652 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:15:37.0062 3652 dmload - ok
15:15:37.0078 3652 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:15:37.0328 3652 dmserver - ok
15:15:37.0359 3652 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:15:37.0593 3652 DMusic - ok
15:15:37.0625 3652 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:15:37.0703 3652 Dnscache - ok
15:15:37.0750 3652 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:15:37.0937 3652 Dot3svc - ok
15:15:37.0953 3652 dpti2o - ok
15:15:38.0000 3652 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:15:38.0203 3652 drmkaud - ok
15:15:38.0234 3652 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:15:38.0437 3652 EapHost - ok
15:15:38.0453 3652 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:15:38.0687 3652 ERSvc - ok
15:15:38.0734 3652 Eventlog (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe
15:15:38.0781 3652 Eventlog - ok
15:15:38.0828 3652 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:15:38.0890 3652 EventSystem - ok
15:15:38.0921 3652 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:15:39.0125 3652 Fastfat - ok
15:15:39.0171 3652 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:15:39.0281 3652 FastUserSwitchingCompatibility - ok
15:15:39.0312 3652 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:15:39.0546 3652 Fdc - ok
15:15:39.0562 3652 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:15:39.0796 3652 Fips - ok
15:15:39.0828 3652 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:15:40.0031 3652 Flpydisk - ok
15:15:40.0078 3652 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:15:40.0296 3652 FltMgr - ok
15:15:40.0375 3652 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:15:40.0390 3652 FontCache3.0.0.0 - ok
15:15:40.0421 3652 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:15:40.0640 3652 Fs_Rec - ok
15:15:40.0687 3652 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:15:40.0906 3652 Ftdisk - ok
15:15:40.0953 3652 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:15:41.0171 3652 Gpc - ok
15:15:41.0281 3652 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:15:41.0312 3652 gupdate - ok
15:15:41.0312 3652 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:15:41.0343 3652 gupdatem - ok
15:15:41.0390 3652 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:15:41.0609 3652 HDAudBus - ok
15:15:41.0671 3652 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:15:41.0906 3652 helpsvc - ok
15:15:41.0921 3652 HidServ - ok
15:15:41.0953 3652 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:15:42.0171 3652 hkmsvc - ok
15:15:42.0171 3652 hpn - ok
15:15:42.0234 3652 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:15:42.0296 3652 HTTP - ok
15:15:42.0328 3652 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:15:42.0578 3652 HTTPFilter - ok
15:15:42.0593 3652 i2omgmt - ok
15:15:42.0609 3652 i2omp - ok
15:15:42.0656 3652 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:15:42.0875 3652 i8042prt - ok
15:15:43.0031 3652 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:15:43.0156 3652 idsvc - ok
15:15:43.0187 3652 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:15:43.0406 3652 Imapi - ok
15:15:43.0453 3652 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:15:43.0656 3652 ImapiService - ok
15:15:43.0671 3652 ini910u - ok
15:15:43.0734 3652 Inspect (c9953067b2c9e3d3dd44ec22d1e0815a) C:\WINDOWS\system32\DRIVERS\inspect.sys
15:15:43.0765 3652 Inspect - ok
15:15:44.0515 3652 IntcAzAudAddService (eeb7cc255dd3358215c706f6b8c6dd7f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:15:45.0171 3652 IntcAzAudAddService - ok
15:15:45.0250 3652 IntelIde - ok
15:15:45.0296 3652 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:15:45.0515 3652 intelppm - ok
15:15:45.0546 3652 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:15:45.0765 3652 Ip6Fw - ok
15:15:45.0812 3652 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:15:46.0031 3652 IpFilterDriver - ok
15:15:46.0062 3652 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:15:46.0265 3652 IpInIp - ok
15:15:46.0296 3652 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:15:46.0515 3652 IpNat - ok
15:15:46.0546 3652 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:15:46.0781 3652 IPSec - ok
15:15:46.0812 3652 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:15:46.0906 3652 IRENUM - ok
15:15:46.0953 3652 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:15:47.0140 3652 isapnp - ok
15:15:47.0281 3652 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
15:15:47.0312 3652 JavaQuickStarterService - ok
15:15:47.0343 3652 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:15:47.0578 3652 Kbdclass - ok
15:15:47.0640 3652 KeyScrambler (c719c729ce65aad98d550458220b6d15) C:\WINDOWS\system32\drivers\keyscrambler.sys
15:15:47.0687 3652 KeyScrambler - ok
15:15:47.0734 3652 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:15:47.0937 3652 kmixer - ok
15:15:47.0984 3652 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
15:15:48.0062 3652 KSecDD - ok
15:15:48.0109 3652 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:15:48.0171 3652 LanmanServer - ok
15:15:48.0218 3652 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:15:48.0312 3652 lanmanworkstation - ok
15:15:48.0328 3652 lbrtfdc - ok
15:15:48.0375 3652 LicCtrlService (29fab5363138f6e322f4cd780ed9d337) C:\WINDOWS\runservice.exe
15:15:48.0703 3652 LicCtrlService ( UnsignedFile.Multi.Generic ) - warning
15:15:48.0703 3652 LicCtrlService - detected UnsignedFile.Multi.Generic (1)
15:15:48.0750 3652 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:15:48.0953 3652 LmHosts - ok
15:15:48.0953 3652 mcdbus - ok
15:15:49.0000 3652 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:15:49.0234 3652 Messenger - ok
15:15:49.0296 3652 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:15:49.0328 3652 Microsoft Office Groove Audit Service - ok
15:15:49.0375 3652 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:15:49.0593 3652 mnmdd - ok
15:15:49.0625 3652 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:15:49.0828 3652 mnmsrvc - ok
15:15:49.0859 3652 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:15:50.0062 3652 Modem - ok
15:15:50.0250 3652 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
15:15:50.0421 3652 Monfilt - ok
15:15:50.0468 3652 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:15:50.0687 3652 Mouclass - ok
15:15:50.0718 3652 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:15:50.0953 3652 MountMgr - ok
15:15:50.0968 3652 mraid35x - ok
15:15:51.0015 3652 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:15:51.0203 3652 MRxDAV - ok
15:15:51.0281 3652 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:15:51.0375 3652 MRxSmb - ok
15:15:51.0406 3652 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:15:51.0625 3652 MSDTC - ok
15:15:51.0671 3652 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:15:51.0921 3652 Msfs - ok
15:15:51.0921 3652 MSIServer - ok
15:15:51.0968 3652 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:15:52.0140 3652 MSKSSRV - ok
15:15:52.0171 3652 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:15:52.0375 3652 MSPCLOCK - ok
15:15:52.0390 3652 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:15:52.0609 3652 MSPQM - ok
15:15:52.0656 3652 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:15:52.0859 3652 mssmbios - ok
15:15:52.0906 3652 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:15:52.0984 3652 Mup - ok
15:15:53.0046 3652 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:15:53.0250 3652 napagent - ok
15:15:53.0296 3652 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:15:53.0531 3652 NDIS - ok
15:15:53.0562 3652 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:15:53.0640 3652 NdisTapi - ok
15:15:53.0671 3652 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:15:53.0906 3652 Ndisuio - ok
15:15:53.0937 3652 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:15:54.0125 3652 NdisWan - ok
15:15:54.0171 3652 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:15:54.0250 3652 NDProxy - ok
15:15:54.0281 3652 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:15:54.0484 3652 NetBIOS - ok
15:15:54.0531 3652 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:15:54.0750 3652 NetBT - ok
15:15:54.0781 3652 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:15:55.0015 3652 NetDDE - ok
15:15:55.0031 3652 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:15:55.0234 3652 NetDDEdsdm - ok
15:15:55.0281 3652 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:15:55.0500 3652 Netlogon - ok
15:15:55.0546 3652 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:15:55.0750 3652 Netman - ok
15:15:55.0828 3652 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:15:55.0859 3652 NetTcpPortSharing - ok
15:15:55.0921 3652 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:15:55.0984 3652 Nla - ok
15:15:56.0015 3652 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:15:56.0203 3652 Npfs - ok
15:15:56.0296 3652 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:15:56.0578 3652 Ntfs - ok
15:15:56.0593 3652 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:15:56.0812 3652 NtLmSsp - ok
15:15:56.0890 3652 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:15:57.0109 3652 NtmsSvc - ok
15:15:57.0140 3652 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:15:57.0359 3652 Null - ok
15:15:57.0390 3652 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:15:57.0578 3652 NwlnkFlt - ok
15:15:57.0609 3652 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:15:57.0812 3652 NwlnkFwd - ok
15:15:57.0937 3652 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:15:58.0015 3652 odserv - ok
15:15:58.0062 3652 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:15:58.0093 3652 ose - ok
15:15:58.0125 3652 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:15:58.0343 3652 Parport - ok
15:15:58.0359 3652 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:15:58.0593 3652 PartMgr - ok
15:15:58.0640 3652 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:15:58.0828 3652 ParVdm - ok
15:15:58.0859 3652 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:15:59.0062 3652 PCI - ok
15:15:59.0078 3652 PCIDump - ok
15:15:59.0109 3652 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:15:59.0312 3652 PCIIde - ok
15:15:59.0343 3652 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:15:59.0578 3652 Pcmcia - ok
15:15:59.0593 3652 PDCOMP - ok
15:15:59.0609 3652 PDFRAME - ok
15:15:59.0625 3652 PDRELI - ok
15:15:59.0640 3652 PDRFRAME - ok
15:15:59.0671 3652 perc2 - ok
15:15:59.0687 3652 perc2hib - ok
15:15:59.0765 3652 PlugPlay (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe
15:15:59.0796 3652 PlugPlay - ok
15:15:59.0843 3652 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\WINDOWS\system32\PnkBstrA.exe
15:15:59.0875 3652 PnkBstrA - ok
15:15:59.0906 3652 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:16:00.0093 3652 PolicyAgent - ok
15:16:00.0125 3652 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:16:00.0343 3652 PptpMiniport - ok
15:16:00.0359 3652 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:16:00.0578 3652 ProtectedStorage - ok
15:16:00.0593 3652 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:16:00.0796 3652 PSched - ok
15:16:00.0828 3652 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:16:01.0078 3652 Ptilink - ok
15:16:01.0109 3652 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:16:01.0140 3652 PxHelp20 - ok
15:16:01.0140 3652 ql1080 - ok
15:16:01.0171 3652 Ql10wnt - ok
15:16:01.0187 3652 ql12160 - ok
15:16:01.0203 3652 ql1240 - ok
15:16:01.0218 3652 ql1280 - ok
15:16:01.0250 3652 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:16:01.0406 3652 RasAcd - ok
15:16:01.0453 3652 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:16:01.0656 3652 RasAuto - ok
15:16:01.0687 3652 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:16:01.0906 3652 Rasl2tp - ok
15:16:01.0953 3652 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:16:02.0140 3652 RasMan - ok
15:16:02.0156 3652 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:16:02.0375 3652 RasPppoe - ok
15:16:02.0406 3652 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:16:02.0609 3652 Raspti - ok
15:16:02.0671 3652 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:16:02.0859 3652 Rdbss - ok
15:16:02.0875 3652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:16:03.0125 3652 RDPCDD - ok
15:16:03.0187 3652 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:16:03.0375 3652 rdpdr - ok
15:16:03.0437 3652 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
15:16:03.0531 3652 RDPWD - ok
15:16:03.0562 3652 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:16:03.0781 3652 RDSessMgr - ok
15:16:03.0828 3652 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:16:04.0046 3652 redbook - ok
15:16:04.0078 3652 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:16:04.0281 3652 RemoteAccess - ok
15:16:04.0312 3652 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:16:04.0546 3652 RemoteRegistry - ok
15:16:04.0578 3652 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:16:04.0765 3652 RpcLocator - ok
15:16:04.0812 3652 RpcSs (9222562d44021b988b9f9f62207fb6f2) C:\WINDOWS\system32\rpcss.dll
15:16:04.0890 3652 RpcSs - ok
15:16:04.0937 3652 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:16:05.0187 3652 RSVP - ok
15:16:05.0234 3652 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
15:16:05.0375 3652 RTL8023xp - ok
15:16:05.0390 3652 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:16:05.0578 3652 rtl8139 - ok
15:16:05.0609 3652 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:16:05.0828 3652 SamSs - ok
15:16:05.0859 3652 SASDIFSV (39763504067962108505bff25f024345) D:\Soft\SuperAntiSpyware Free\New Folder\SASDIFSV.SYS
15:16:05.0875 3652 SASDIFSV - ok
15:16:05.0937 3652 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) D:\Soft\SuperAntiSpyware Free\New Folder\SASKUTIL.SYS
15:16:06.0000 3652 SASKUTIL - ok
15:16:06.0078 3652 SbieDrv (1a62c808cda47b11005b77ee15e40483) D:\Soft\Sandboxie\New Folder\SbieDrv.sys
15:16:06.0109 3652 SbieDrv - ok
15:16:06.0140 3652 SbieSvc (bbc0a1a0ba299c595305316952b94d46) D:\Soft\Sandboxie\New Folder\SbieSvc.exe
15:16:06.0171 3652 SbieSvc - ok
15:16:06.0218 3652 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:16:06.0406 3652 SCardSvr - ok
15:16:06.0453 3652 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:16:06.0671 3652 Schedule - ok
15:16:06.0687 3652 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:16:06.0781 3652 Secdrv - ok
15:16:06.0812 3652 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:16:07.0000 3652 seclogon - ok
15:16:07.0015 3652 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:16:07.0281 3652 SENS - ok
15:16:07.0296 3652 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:16:07.0500 3652 serenum - ok
15:16:07.0531 3652 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:16:07.0750 3652 Serial - ok
15:16:07.0812 3652 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:16:08.0000 3652 Sfloppy - ok
15:16:08.0062 3652 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:16:08.0296 3652 SharedAccess - ok
15:16:08.0328 3652 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:16:08.0375 3652 ShellHWDetection - ok
15:16:08.0390 3652 Simbad - ok
15:16:08.0406 3652 skbdrv - ok
15:16:08.0437 3652 Sparrow - ok
15:16:08.0484 3652 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:16:08.0703 3652 splitter - ok
15:16:08.0734 3652 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:16:08.0796 3652 Spooler - ok
15:16:08.0843 3652 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:16:08.0953 3652 sr - ok
15:16:08.0984 3652 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:16:09.0078 3652 srservice - ok
15:16:09.0140 3652 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:16:09.0234 3652 Srv - ok
15:16:09.0281 3652 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:16:09.0390 3652 SSDPSRV - ok
15:16:09.0453 3652 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:16:09.0640 3652 stisvc - ok
15:16:09.0671 3652 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:16:09.0906 3652 swenum - ok
15:16:09.0953 3652 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:16:10.0187 3652 swmidi - ok
15:16:10.0187 3652 SwPrv - ok
15:16:10.0218 3652 symc810 - ok
15:16:10.0234 3652 symc8xx - ok
15:16:10.0250 3652 sym_hi - ok
15:16:10.0265 3652 sym_u3 - ok
15:16:10.0312 3652 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:16:10.0515 3652 sysaudio - ok
15:16:10.0562 3652 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:16:10.0765 3652 SysmonLog - ok
15:16:10.0796 3652 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
15:16:10.0828 3652 taphss - ok
15:16:10.0875 3652 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:16:11.0093 3652 TapiSrv - ok
15:16:11.0156 3652 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:16:11.0234 3652 Tcpip - ok
15:16:11.0281 3652 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:16:11.0500 3652 TDPIPE - ok
15:16:11.0515 3652 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:16:11.0718 3652 TDTCP - ok
15:16:11.0750 3652 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:16:11.0921 3652 TermDD - ok
15:16:11.0984 3652 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:16:12.0203 3652 TermService - ok
15:16:12.0218 3652 TfFsMon - ok
15:16:12.0234 3652 TfNetMon - ok
15:16:12.0250 3652 TfSysMon - ok
15:16:12.0296 3652 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:16:12.0343 3652 Themes - ok
15:16:12.0390 3652 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:16:12.0484 3652 TlntSvr - ok
15:16:12.0500 3652 TosIde - ok
15:16:12.0531 3652 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:16:12.0750 3652 TrkWks - ok
15:16:12.0781 3652 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:16:13.0000 3652 Udfs - ok
15:16:13.0015 3652 ultra - ok
15:16:13.0093 3652 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:16:13.0328 3652 Update - ok
15:16:13.0375 3652 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:16:13.0484 3652 upnphost - ok
15:16:13.0515 3652 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:16:13.0718 3652 UPS - ok
15:16:13.0765 3652 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:16:13.0921 3652 usbehci - ok
15:16:13.0953 3652 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:16:14.0156 3652 usbhub - ok
15:16:14.0187 3652 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:16:14.0390 3652 usbohci - ok
15:16:14.0421 3652 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:16:14.0640 3652 USBSTOR - ok
15:16:14.0687 3652 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:16:14.0859 3652 VgaSave - ok
15:16:14.0875 3652 ViaIde - ok
15:16:14.0921 3652 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:16:15.0171 3652 VolSnap - ok
15:16:15.0218 3652 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:16:15.0343 3652 VSS - ok
15:16:15.0390 3652 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:16:15.0593 3652 W32Time - ok
15:16:15.0625 3652 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:16:15.0859 3652 Wanarp - ok
15:16:15.0984 3652 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
15:16:16.0062 3652 Wdf01000 - ok
15:16:16.0078 3652 WDICA - ok
15:16:16.0125 3652 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:16:16.0328 3652 wdmaud - ok
15:16:16.0359 3652 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:16:16.0578 3652 WebClient - ok
15:16:16.0656 3652 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:16:16.0843 3652 winmgmt - ok
15:16:16.0906 3652 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:16:17.0000 3652 WmdmPmSN - ok
15:16:17.0093 3652 Wmi (c8a6c82f90b055149925dc7526b2d78c) C:\WINDOWS\System32\advapi32.dll
15:16:17.0203 3652 Wmi - ok
15:16:17.0265 3652 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:16:17.0468 3652 WmiApSrv - ok
15:16:17.0625 3652 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:16:17.0765 3652 WMPNetworkSvc - ok
15:16:17.0828 3652 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:16:17.0875 3652 WpdUsb - ok
15:16:18.0062 3652 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:16:18.0156 3652 WPFFontCache_v0400 - ok
15:16:18.0203 3652 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:16:18.0390 3652 WS2IFSL - ok
15:16:18.0437 3652 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:16:18.0640 3652 wscsvc - ok
15:16:18.0671 3652 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:16:18.0906 3652 wuauserv - ok
15:16:18.0953 3652 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:16:19.0015 3652 WudfPf - ok
15:16:19.0046 3652 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:16:19.0093 3652 WudfRd - ok
15:16:19.0125 3652 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:16:19.0171 3652 WudfSvc - ok
15:16:19.0265 3652 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:16:19.0500 3652 WZCSVC - ok
15:16:19.0531 3652 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:16:19.0765 3652 xmlprov - ok
15:16:19.0906 3652 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
15:16:19.0984 3652 YahooAUService - ok
15:16:20.0031 3652 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:16:20.0578 3652 \Device\Harddisk0\DR0 - ok
15:16:20.0578 3652 Boot (0x1200) (04f984d9cdf1dc835f5d18363656bc5f) \Device\Harddisk0\DR0\Partition0
15:16:20.0578 3652 \Device\Harddisk0\DR0\Partition0 - ok
15:16:20.0625 3652 Boot (0x1200) (d3727f0cd59520205c6c1c0ee1361e4c) \Device\Harddisk0\DR0\Partition1
15:16:20.0625 3652 \Device\Harddisk0\DR0\Partition1 - ok
15:16:20.0640 3652 Boot (0x1200) (a32971bf56aa47892367364b4bd0d077) \Device\Harddisk0\DR0\Partition2
15:16:20.0640 3652 \Device\Harddisk0\DR0\Partition2 - ok
15:16:20.0640 3652 ============================================================
15:16:20.0640 3652 Scan finished
15:16:20.0640 3652 ============================================================
15:16:20.0781 2680 Detected object count: 2
15:16:20.0781 2680 Actual detected object count: 2
15:17:01.0921 2680 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
15:17:01.0921 2680 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:17:01.0937 2680 LicCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
15:17:01.0937 2680 LicCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:18:28.0859 3356 Deinitialize success
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 27,295 posts.
  
Join Date: Mar 2001
Location: Bradford, England
04-Jul-2012, 02:07 PM #4
Okay, but as long as you don't use it whilst we're clearing the malware out, then that's fine

Now, you have two antivirus's running. Whilst it may seem a good idea for double the protection, this can slow systems down, and give conflicting results. I would advise you to get rid of one. I prefer Avast over AVG myself, but its entirely up to you.

Also, unless its the paid version of Spybot, I would remove this, as there are other programs that are more up to date (MBAM for example), and you do have SpywareBlaster/Guard running.

-------

Your Java is out of date, so lets get that sorted next:


Upgrade Java : (32 bits)
  • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 5 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Accept License Agreement.[/b]".
  • Click on the link to download Windows Offline Installation 32 bit ( jre-7u5-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u5-windows-i586.exe and select "Run as an Administrator.")



After doing the above, for the remains of the Java, can you do this:

Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

Make sure both of these options are checked:
  • Applications and Applets
  • Trace and Log Files
OK out of all the screens.

------

Plus, your Firefox needs updating. To do that, open Firefox as normal, then at the top in the menu's, select Help and then About Firefox. This will say its updating


------------

Delete any copies of Combofix that you have.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
ryan41225's Avatar
Computer Specs
Member with 22 posts.
THREAD STARTER
  
Join Date: Jul 2012
Experience: Intermediate
04-Jul-2012, 05:24 PM #5
I only have Avast installed but as you would likely know, AVG is quite clingy so even though it was uninstalled ages ago, some of its remnants are still on the system, that's why it is showing up in the logs.

I had Spybot mainly for its TeaTimer as additional active-protection but it has been uninstalled nonetheless.

New versions of Firefox & Java have been installed.





ComboFix 12-07-04.04 - sachin 07/05/2012 2:21.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.428 [GMT 5.5:30]
Running from: c:\documents and settings\sachin\Desktop\username123.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\00000001.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\sachin\My Documents\~WRL3991.tmp
c:\windows\system\WING32.DLL
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\win32
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 18:21 . 2012-07-04 18:21 -------- d-----w- c:\documents and settings\sachin\Local Settings\Application Data\Sun
2012-07-04 18:16 . 2012-07-04 18:16 -------- d--h--w- c:\windows\PIF
2012-07-04 15:38 . 2012-07-04 15:38 -------- d-----w- c:\program files\Common Files\Java
2012-07-04 15:37 . 2012-07-04 15:36 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-04 15:37 . 2012-07-04 15:36 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-04 14:59 . 2012-07-04 14:59 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-02 17:39 . 2012-06-28 12:52 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-02 17:39 . 2012-06-28 12:52 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-02 17:39 . 2012-06-28 12:52 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-02 17:39 . 2012-06-28 12:52 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-02 17:39 . 2012-06-28 12:52 97352 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-02 17:39 . 2012-06-28 12:52 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-02 17:39 . 2012-06-28 12:52 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-02 17:39 . 2012-06-28 12:52 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-02 17:37 . 2012-06-28 12:52 41224 ----a-w- c:\windows\avastSS.scr
2012-07-02 17:37 . 2012-06-28 12:51 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-02 17:36 . 2012-07-02 17:36 -------- d-----w- c:\program files\AVAST Software
2012-07-02 17:36 . 2012-07-02 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-07-02 11:49 . 2012-07-02 11:49 -------- d-----w- c:\documents and settings\sachin\Local Settings\Application Data\panda2_0dn
2012-07-02 11:12 . 2012-07-02 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2012-07-02 11:12 . 2012-07-02 11:12 73728 ----a-r- c:\documents and settings\sachin\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-02 11:12 . 2012-07-02 11:12 73728 ----a-r- c:\documents and settings\sachin\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-02 11:12 . 2012-07-02 11:12 73728 ----a-r- c:\documents and settings\sachin\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-07-02 10:39 . 2012-07-02 10:39 -------- d-----w- c:\documents and settings\Administrator
2012-07-02 09:21 . 2012-07-02 09:21 -------- d-----w- c:\documents and settings\sachin\Application Data\Panda Security
2012-07-02 09:18 . 2012-07-02 11:02 -------- d-----w- c:\program files\Panda Security
2012-07-02 09:16 . 2012-07-02 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2012-07-02 07:56 . 2012-07-02 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-07-02 05:55 . 2012-07-02 05:55 -------- d-----w- c:\documents and settings\sachin\Application Data\SUPERAntiSpyware.com
2012-07-02 05:53 . 2012-07-02 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-06-30 14:23 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-30 08:26 . 2012-06-30 08:26 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-30 08:19 . 2012-06-30 08:19 -------- d-----w- c:\windows\Paltalk Messenger
2012-06-30 05:29 . 2012-06-30 05:29 -------- d-----w- c:\documents and settings\sachin1\Local Settings\Application Data\Mozilla
2012-06-14 05:17 . 2012-06-14 05:17 -------- d-----w- c:\documents and settings\sachin\Local Settings\Application Data\APN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-04 15:36 . 2011-09-09 10:06 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 09:49 . 2008-04-14 12:00 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 09:49 . 2009-09-12 08:53 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 09:49 . 2009-09-12 08:53 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 09:49 . 2009-09-12 08:53 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 09:49 . 2008-04-14 12:00 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 09:49 . 2009-11-17 08:30 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 09:49 . 2009-09-12 08:53 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 09:49 . 2009-09-12 08:53 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 09:49 . 2008-11-09 20:20 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 09:49 . 2008-11-09 20:20 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 09:49 . 2008-04-14 12:00 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 09:49 . 2009-09-12 08:53 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 09:49 . 2009-09-12 08:53 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 09:48 . 2010-11-25 15:45 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 09:48 . 2010-11-25 15:45 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 09:48 . 2008-12-06 12:14 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2009-06-09 19:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:27 . 2009-06-09 19:33 1872128 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 04:02 . 2012-05-13 04:02 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-13 04:02 . 2011-11-27 10:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-11 14:42 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2009-06-09 19:33 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:24 . 2009-06-09 19:32 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:41 . 2009-02-06 10:30 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2009-09-12 08:50 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-06-28 12:51 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"d:\soft\NetMeter\New Folder\NetMeter\NetMeter.exe"="d:\soft\NetMeter\New Folder\NetMeter\NetMeter.exe" [2007-08-11 331264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"COMODO Internet Security"="d:\soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-06-28 4273976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\documents and settings\sachin\Start Menu\Programs\Startup\
SpywareGuard.lnk - d:\soft\SpywareGuard\New Folder\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\soft\SuperAntiSpyware Free\New Folder\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- d:\soft\SuperAntiSpyware Free\New Folder\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^sachin^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\sachin\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-13 15:35 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-04-13 00:37 69632 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 20:24 417792 ----a-w- d:\soft\QuickTime\New Folder\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-09-14 12:30 19576424 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2011-10-12 14:11 438544 ----a-w- d:\soft\Sandboxie\New Folder\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- d:\soft\Xvid\New Folder\CheckUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Soft\\Paltalk\\New Folder\\paltalk.exe"=
"d:\\Soft\\UTorrent\\New Folder\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Soft\\MT5\\New Folder\\metatester.exe"=
"d:\\Soft\\Opera\\New Folder\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Soft\\Opera\\New Folder\\pluginwrapper\\opera_plugin_wrapper.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"41111:TCP"= 41111:TCP:eMule_TCP
"42222:UDP"= 42222:UDP:eMule_UDP
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/2/2012 11:09 PM 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/2/2012 11:09 PM 353688]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/9/2010 10:20 PM 297168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/30/2011 9:38 AM 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/30/2011 9:38 AM 29400]
R1 SASDIFSV;SASDIFSV;d:\soft\SuperAntiSpyware Free\New Folder\sasdifsv.sys [7/22/2011 9:57 PM 12880]
R1 SASKUTIL;SASKUTIL;d:\soft\SuperAntiSpyware Free\New Folder\SASKUTIL.SYS [7/13/2011 3:25 AM 67664]
R2 !SASCORE;SAS Core Service;d:\soft\SuperAntiSpyware Free\New Folder\SASCore.exe [8/12/2011 5:08 AM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/2/2012 11:09 PM 21256]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [11/18/2011 4:43 PM 225592]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/15/2009 3:46 PM 135664]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [6/13/2010 2:51 PM 2560]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/13/2012 9:32 AM 257696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/29/2011 9:27 PM 1691480]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 27216]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/15/2009 3:46 PM 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/4/2012 8:29 PM 113120]
S3 skbdrv;Encassa CoDefender;c:\windows\system32\DRIVERS\skbdrv.sys --> c:\windows\system32\DRIVERS\skbdrv.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:04]
.
2012-07-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-02 12:51]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 10:16]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 10:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.in/
IE: Download with Mipony - file://d:\soft\MP\New Folder\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: FVDIEPlugin Add Page - d:\soft\FLASHD~1\NEWFOL~1\FVDIEP~1\FVDIEPlugin_1.dll/IECONTEXT.DLL.HTM
TCP: Interfaces\{A8B5D383-FAC6-4F31-A6EB-D5D28E835222}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\sachin\Application Data\Mozilla\Firefox\Profiles\qoz4grox.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM_ActiveSetup-{0C0FC00D-7248-F10D-0103-060105070400} - c:\windows\system32\scvhost.exe
HKLM_ActiveSetup-{9EC0745F-CAD3-628A-48E9-02B9AFEC8E74} - c:\windows\xplorer.exe
HKLM_ActiveSetup-{ED794CAD-FE87-2D78-DA3B-220B92CC9877} - c:\windows\system32\win32\svchost.exe
AddRemove-InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA} - c:\program files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe
AddRemove-{55BABDA1-8A1C-49BB-83B1-7B57B3C81B31} - c:\program files\InstallShield Installation Information\{55BABDA1-8A1C-49BB-83B1-7B57B3C81B31}\setup.exe
AddRemove-{5A36F069-42F7-4EAF-9389-1AB34DC7EFE1} - c:\program files\InstallShield Installation Information\{5A36F069-42F7-4EAF-9389-1AB34DC7EFE1}\setup.exe
AddRemove-{494367EC-82A9-4C0D-A788-74A967998E8C} - c:\documents and settings\sachin\Local Settings\Application Data\{CC503FA3-32DE-442D-9DE2-0628DCA6E1F6}\TS2Install.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-05 02:29
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1644491937-1229272821-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \9A6A5634BD3048B3]
"1"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,b0,17,3e,13,b8,98,f 9,
10,0a,f2,16,5c,a8,1c,4f,a3
"2"=hex:e7,27,cf,42,f4,44,fe,c6,d8,f2,16,d1,8e,4d,81,a5,c1,5f,93,ef,b5,cb,1 d,
04,36,ee,2f,8d,a7,5c,96,01
"3"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,7c,ee,b3,94,39,1d,b b,
5e,97,e6,9e,cf,eb,f2,94,ca,73,e6,d4,34,53,90,04,70,e8,7f,25,57,05,a4,49,dd, \
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \9A6A5634BD3048B3\B7DAAD172AA12168E008FD873A1BED58]
"1"=hex:15,c0,1b,ee,a2,cd,62,4d,d2,23,38,04,69,c0,07,cb,be,7f,03,af,a5,f1,0 5,
d0,1a,47,b5,40,b3,3c,2a,70,56,10,ce,bb,de,cc,2b,9c
"2"=hex:be,2d,29,99,fc,30,0c,1b
"3"=hex:29,7b,b7,71,e8,34,fd,0e,17,20,80,b4,66,51,ab,05,18,e5,e9,94,ee,4a,d d,
c6,04,6a,40,dd,8a,66,e3,be,f6,6f,79,9d,9e,71,bb,e8,7a,e9,27,2a,4f,96,1e,7b, \
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,5 5,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae, \
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f 4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,3f,f3,42,c6,c3,65,0 2,
28,73,ee,9e,5f,dc,e9,7b,7f,2e,33,55,23,c0,bf,6f,0f,06,ce,de,e3,81,cf,0f,34, \
"8"=hex:58,09,79,bb,e0,33,eb,62,6e,93,f8,df,aa,24,d5,10,78,4b,d7,90,cd,1a,c 5,
ba,06,7c,c4,8e,ab,ad,11,2c,5e,75,3c,99,a3,a3,ca,86,f7,f4,5b,af,35,d2,4a,18
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:0f,1f,9e,11,ed,e3,a4,c9
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\guard32.dll
d:\soft\SuperAntiSpyware Free\New Folder\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(888)
c:\windows\system32\guard32.dll
.
Completion time: 2012-07-05 02:32:58
ComboFix-quarantined-files.txt 2012-07-04 21:02
.
Pre-Run: 7,261,249,536 bytes free
Post-Run: 7,787,352,064 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=AlwaysOff
.
- - End Of File - - BD2F0AD943C27B11C0AE49AB83AA555F
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 27,295 posts.
  
Join Date: Mar 2001
Location: Bradford, England
05-Jul-2012, 04:50 PM #6
Okay, for the AVG try this:

Download AppRemover and run it.

Click Next >>



Ensure "Remove Security Application" is collected and click Next >>



AppRemover will scan all the security applications on your PC


Select Any AVG entries from the applications offered and click Next >> twice.


Follow any further on-screen instructions. If asked to reboot,please do so.


---------------

Then, can you run this tool:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

    Code:
    netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\Installer\*.*
%windir%\system32\tasks\*.*
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
runservice.exe
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
ryan41225's Avatar
Computer Specs
Member with 22 posts.
THREAD STARTER
  
Join Date: Jul 2012
Experience: Intermediate
06-Jul-2012, 07:14 AM #7
Upon trying to download AppRemover, I realized that I already had it but downloaded it again & ran it but as expected, AVG didn't show up there; initial list showed Spywareblaster, Malwarebytes & Avast, additional list showed Avast, SuperAntiSpyware & Comodo.

Just as an update on the situation, since the morning, boot-times seem to have returned to par - taking about a minute or so but the system keeps acting up at regular intervals, regular episodes of missing text in open windows/programs, insufficient resources error-messages, unable to launch programs (at times some programs won't even close), then I have to reboot & everything seems to go back to normal........for a while that is.

I've been scanning with the security-programs in the hopes that new definitions might catch something useful but all in vain




OTL logfile created on: 7/6/2012 4:08:12 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\sachin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 617.59 Mb Available Physical Memory | 64.43% Memory free
1.97 Gb Paging File | 1.50 Gb Available in Paging File | 76.21% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 6.51 Gb Free Space | 33.34% Space Free | Partition Type: NTFS
Drive D: | 25.72 Gb Total Space | 14.14 Gb Free Space | 54.96% Space Free | Partition Type: NTFS
Drive E: | 29.29 Gb Total Space | 19.70 Gb Free Space | 67.25% Space Free | Partition Type: NTFS

Computer Name: CHANGEME | User Name: sachin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/06 15:32:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sachin\Desktop\OTL.exe
PRC - [2012/07/04 21:06:48 | 000,161,776 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/07/03 21:51:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 21:51:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/12 19:41:24 | 000,438,544 | ---- | M] (SANDBOXIE L.T.D) -- D:\Soft\Sandboxie\New Folder\SbieCtrl.exe
PRC - [2011/10/12 19:41:22 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) -- D:\Soft\Sandboxie\New Folder\SbieSvc.exe
PRC - [2011/08/12 05:08:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- D:\Soft\SuperAntiSpyware Free\New Folder\SASCore.exe
PRC - [2011/06/30 09:37:28 | 001,793,712 | ---- | M] (COMODO) -- D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/06/30 09:37:06 | 002,554,696 | ---- | M] (COMODO) -- D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/06/13 14:51:35 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
PRC - [2008/11/10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 17:30:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/11 19:20:00 | 000,331,264 | ---- | M] () -- D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- D:\Soft\SpywareGuard\New Folder\SpywareGuard\sgbhp.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/06 00:44:14 | 001,781,248 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12070501\algo.dll
MOD - [2010/06/13 14:51:46 | 000,126,976 | ---- | M] () -- C:\WINDOWS\lcmmfu.cpl
MOD - [2010/06/13 14:51:37 | 000,048,640 | ---- | M] () -- C:\WINDOWS\mmfs.dll
MOD - [2010/06/13 14:51:35 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
MOD - [2009/08/16 20:36:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/08/11 19:20:00 | 000,331,264 | ---- | M] () -- D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- D:\Soft\SpywareGuard\New Folder\SpywareGuard\sgbhp.exe
MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- D:\Soft\SpywareGuard\New Folder\SpywareGuard\spywareguard.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/07/04 21:06:48 | 000,161,776 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/03 21:51:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/06/15 03:50:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/13 09:32:40 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/10/12 19:41:22 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Soft\Sandboxie\New Folder\SbieSvc.exe -- (SbieSvc)
SRV - [2011/08/12 05:08:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- D:\Soft\SuperAntiSpyware Free\New Folder\SASCore.exe -- (!SASCORE)
SRV - [2011/06/30 09:37:28 | 001,793,712 | ---- | M] (COMODO) [Auto | Running] -- D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/06/13 14:51:35 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2008/11/10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\skbdrv.sys -- (skbdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\sachin\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/07/03 21:51:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 21:51:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 21:51:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 21:51:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 21:51:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 21:51:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 21:51:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/10/12 19:41:20 | 000,131,344 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Soft\Sandboxie\New Folder\SbieDrv.sys -- (SbieDrv)
DRV - [2011/09/14 19:28:10 | 000,225,592 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2011/07/22 21:57:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Soft\SuperAntiSpyware Free\New Folder\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 03:25:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Soft\SuperAntiSpyware Free\New Folder\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/30 09:38:16 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2011/06/30 09:38:14 | 000,242,600 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/06/30 09:38:14 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/25 05:10:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/14 18:00:32 | 006,143,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/04/14 01:35:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2005/08/31 11:12:36 | 001,333,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\SearchScopes,DefaultScope = {741D0FA0-C629-4D31-94DB-70D17669409A}
IE - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" =
IE - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\SearchScopes\{741D0FA0-C629-4D31-94DB-70D17669409A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\SearchScopes\{89EE36E5-5532-4949-ACD7-E042B38ED4D1}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Soft\DivX 7\New Folder\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: D:\Soft\RealAlternative 2.2\New Folder\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: D:\Soft\RealAlternative 2.2\New Folder\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: D:\Soft\VLC\New Folder\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/06 09:37:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Soft\Firefox\New Folder\components [2012/07/04 20:29:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Soft\Firefox\New Folder\plugins
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@interne tdownloadmanager.com: C:\Documents and Settings\sachin\Application Data\IDM\idmmzcc3

[2012/07/04 20:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sachin\Application Data\Mozilla\Extensions
[2012/07/05 20:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sachin\Application Data\Mozilla\Firefox\Profiles\qoz4grox.default\extensions

O1 HOSTS File: ([2012/07/05 02:29:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - D:\Soft\KeyScrambler\New Folder\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Soft\SpywareGuard\New Folder\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003..\Run: [D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe] D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe ()
O4 - Startup: C:\Documents and Settings\sachin\Start Menu\Programs\Startup\SpywareGuard.lnk = D:\Soft\SpywareGuard\New Folder\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with Mipony - D:\Soft\MP\New Folder\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: FVDIEPlugin Add Page - res://D:\Soft\FLASHD~1\NEWFOL~1\FVDIEP~1\FVDIEPlugin_1.dll/IECONTEXT.DLL.HTM File not found
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Soft\Paltalk\New Folder\paltalk.exe (AVM Software Inc.)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\Soft\KeyScrambler\New Folder\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/micr...?1265444050937 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1265444034125 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8B5D383-FAC6-4F31-A6EB-D5D28E835222}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (D:\Soft\SuperAntiSpyware Free\New Folder\SASWINLO.DLL) - D:\Soft\SuperAntiSpyware Free\New Folder\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\sachin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\sachin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Soft\SuperAntiSpyware Free\New Folder\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - D:\Soft\SpywareGuard\New Folder\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/10 20:26:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

MsConfig - StartUpFolder: C:^Documents and Settings^sachin^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - D:\Soft\QuickTime\New Folder\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SandboxieControl - hkey= - key= - D:\Soft\Sandboxie\New Folder\SbieCtrl.exe (SANDBOXIE L.T.D)
MsConfig - StartUpReg: Xvid - hkey= - key= - D:\Soft\Xvid\New Folder\CheckUpdate.exe ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/06 15:31:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sachin\Desktop\OTL.exe
[2012/07/06 10:54:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\sachin\Recent
[2012/07/06 09:43:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/05 02:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/07/05 02:20:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/05 02:14:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/05 02:14:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/05 02:14:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/05 02:14:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/05 02:14:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/05 02:14:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/05 01:25:10 | 004,571,247 | R--- | C] (Swearware) -- C:\Documents and Settings\sachin\Desktop\username123.exe
[2012/07/04 23:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sachin\Local Settings\Application Data\Sun
[2012/07/04 23:46:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/07/04 21:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/04 20:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sachin\Application Data\Mozilla
[2012/07/04 20:29:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/07/04 20:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/04 15:00:38 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\sachin\Desktop\tdsskiller.exe
[2012/07/04 11:59:10 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\sachin\Desktop\aswMBR.exe
[2012/07/03 23:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2012/07/02 23:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/07/02 23:09:23 | 000,353,688 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/07/02 23:09:23 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/07/02 23:09:20 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/07/02 23:09:19 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/07/02 23:09:18 | 000,721,000 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/07/02 23:09:18 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/07/02 23:09:18 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/07/02 23:09:17 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/07/02 23:07:32 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/07/02 23:07:30 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/07/02 23:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/02 23:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/07/02 17:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sachin\Local Settings\Application Data\panda2_0dn
[2012/07/02 17:08:54 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\sachin\Desktop\HijackThis.exe
[2012/07/02 16:52:58 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\sachin\Desktop\dds.scr
[2012/07/02 16:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/07/02 16:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sachin\Start Menu\Programs\Sophos
[2012/07/02 14:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sachin\Application Data\Panda Security
[2012/07/02 14:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012/07/02 14:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012/07/02 13:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/07/02 11:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sachin\Application Data\SUPERAntiSpyware.com
[2012/07/02 11:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/07/02 11:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/06/30 18:25:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/06/30 13:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Paltalk Messenger
[2012/06/30 13:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sachin\Start Menu\Programs\Paltalk Messenger
[2012/06/14 10:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sachin\Local Settings\Application Data\APN
[2012/06/12 13:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HotForex MetaTrader

========== Files - Modified Within 30 Days ==========

[2012/07/06 16:00:31 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/06 15:49:24 | 000,059,684 | ---- | M] () -- C:\Documents and Settings\sachin\My Documents\AR.JPG
[2012/07/06 15:48:10 | 001,157,346 | ---- | M] () -- C:\Documents and Settings\sachin\My Documents\AR.bmp
[2012/07/06 15:32:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sachin\Desktop\OTL.exe
[2012/07/06 11:59:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/06 10:58:05 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/06 10:56:47 | 000,000,833 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2012/07/06 10:56:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/06 09:37:08 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/07/05 02:29:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/05 02:20:11 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2012/07/05 01:42:25 | 000,002,405 | ---- | M] () -- C:\Documents and Settings\sachin\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/05 01:26:20 | 004,571,247 | R--- | M] (Swearware) -- C:\Documents and Settings\sachin\Desktop\username123.exe
[2012/07/04 23:47:30 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\sachin\Desktop\Shortcut to rkill.pif
[2012/07/04 20:29:41 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/04 15:14:10 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/07/04 15:13:36 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\sachin\Desktop\MBR.dat
[2012/07/04 15:03:31 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\sachin\Desktop\tdsskiller.exe
[2012/07/04 12:26:21 | 000,136,192 | ---- | M] () -- C:\Documents and Settings\sachin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/04 12:01:31 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\sachin\Desktop\aswMBR.exe
[2012/07/04 11:53:51 | 000,881,475 | ---- | M] () -- C:\Documents and Settings\sachin\Desktop\SecurityCheck.exe
[2012/07/04 00:43:46 | 000,001,436 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012/07/03 23:22:48 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\sachin\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/07/03 21:51:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/07/03 21:51:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/07/03 21:51:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/07/03 21:51:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/07/03 21:51:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/07/03 21:51:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/07/03 21:51:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/07/03 21:51:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/07/03 21:51:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/07/03 21:51:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/07/02 23:09:24 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/07/02 21:00:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/02 17:09:33 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe
[2012/07/02 17:09:01 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\sachin\Desktop\HijackThis.exe
[2012/07/02 16:53:53 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\sachin\Desktop\dds.scr
[2012/07/02 16:28:47 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/07/02 13:05:26 | 000,001,214 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/07/02 11:23:12 | 000,000,843 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/01 17:09:37 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera 12.00 1467.lnk
[2012/06/30 20:37:54 | 000,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/30 20:30:57 | 000,664,602 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/30 20:30:57 | 000,139,666 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/30 14:02:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/29 12:54:04 | 000,003,924 | ---- | M] () -- C:\Documents and Settings\sachin\My Documents\IND_Monitoring-Spread.ex4
[2012/06/29 12:41:46 | 000,002,777 | ---- | M] () -- C:\Documents and Settings\sachin\My Documents\IND_Monitoring-Spread.mq4
[2012/06/12 13:21:39 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HotForex MetaTrader.lnk

========== Files Created - No Company Name ==========

[2012/07/06 15:49:24 | 000,059,684 | ---- | C] () -- C:\Documents and Settings\sachin\My Documents\AR.JPG
[2012/07/06 15:48:10 | 001,157,346 | ---- | C] () -- C:\Documents and Settings\sachin\My Documents\AR.bmp
[2012/07/05 02:20:11 | 000,000,215 | ---- | C] () -- C:\Boot.bak
[2012/07/05 02:20:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/07/05 02:14:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/05 02:14:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/05 02:14:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/05 02:14:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/05 02:14:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/04 23:47:30 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\sachin\Desktop\Shortcut to rkill.pif
[2012/07/04 20:29:41 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/04 20:29:41 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/04 15:13:36 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\sachin\Desktop\MBR.dat
[2012/07/04 11:51:41 | 000,881,475 | ---- | C] () -- C:\Documents and Settings\sachin\Desktop\SecurityCheck.exe
[2012/07/03 23:25:30 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\sachin\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/07/03 23:25:27 | 000,001,436 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/07/03 00:45:40 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/02 23:09:24 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/07/02 17:09:26 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe
[2012/07/02 16:42:09 | 000,002,405 | ---- | C] () -- C:\Documents and Settings\sachin\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/02 16:28:46 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/07/02 11:23:12 | 000,000,843 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/01 17:09:37 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera 12.00 1467.lnk
[2012/07/01 17:09:37 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera 12.00 1467.lnk
[2012/06/29 12:49:27 | 000,003,924 | ---- | C] () -- C:\Documents and Settings\sachin\My Documents\IND_Monitoring-Spread.ex4
[2012/06/29 12:41:46 | 000,002,777 | ---- | C] () -- C:\Documents and Settings\sachin\My Documents\IND_Monitoring-Spread.mq4
[2012/06/12 13:21:39 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HotForex MetaTrader.lnk
[2012/05/14 19:39:39 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/05/14 19:39:38 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/02/16 23:29:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/02 09:40:30 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\sachin\Local Settings\Application Data\WebpageIcons.db
[2011/10/01 18:18:13 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/09/29 22:28:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011/09/25 09:27:03 | 000,001,214 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(6).sys
[2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(5).sys
[2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(9).sys
[2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(8).sys
[2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(7).sys
[2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(6).sys
[2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(9).sys
[2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(15).sys
[2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(14).sys
[2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(13).sys
[2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(12).sys
[2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(11).sys
[2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(10).sys
[2011/04/12 18:02:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/08 00:47:34 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(8).sys
[2011/03/31 13:13:36 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(5)(4).sys
[2011/03/31 13:13:36 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(4).sys
[2011/03/31 13:13:36 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(2).sys
[2011/03/31 13:13:36 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(5).sys
[2011/03/31 13:13:36 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(4).sys
[2011/03/31 13:13:36 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(2).sys
[2011/03/31 13:13:36 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(5).sys
[2011/03/31 13:13:36 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(3).sys
[2011/03/31 13:13:36 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(2).sys
[2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(9)(2).sys
[2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(8)(2).sys
[2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(6)(3).sys
[2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(6)(2).sys
[2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(5)(3).sys
[2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(5)(2).sys
[2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(3).sys
[2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(3).sys
[2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(7).sys
[2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(6).sys
[2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(4).sys
[2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(12)(2).sys
[2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(10)(2).sys
[2010/07/15 17:31:08 | 000,137,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/09/12 13:13:05 | 000,136,192 | ---- | C] () -- C:\Documents and Settings\sachin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/07/02 16:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011/11/30 15:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2012/07/02 23:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/11/26 11:12:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/02 16:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2011/10/01 18:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/10/27 17:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MetaQuotes
[2011/05/13 18:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012/07/02 16:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/09/16 17:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2012/07/02 16:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/07/06 15:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/02 13:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2009/09/13 10:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/06/13 14:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\Childish Things
[2011/09/02 18:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\DMCache
[2009/11/21 19:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\eSobi
[2011/10/27 15:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\FVDIEPlugin
[2011/11/18 16:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\IObit
[2011/11/27 17:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\LimeWire
[2012/04/09 19:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\MetaQuotes
[2011/07/24 19:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\Mipony
[2011/05/13 18:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\Nitro PDF
[2012/07/01 17:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\Opera
[2009/10/20 16:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\Paltalk
[2012/07/02 14:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\Panda Security
[2010/12/25 23:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\ProgSense
[2011/09/16 17:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\QFX Software
[2011/10/19 08:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\SystemRequirementsLab
[2009/12/22 22:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\TeamViewer
[2012/07/02 16:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\uTorrent
[2012/07/06 10:58:05 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/07/05 02:20:11 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2012/07/04 21:08:14 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2012/07/02 16:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2011/09/22 15:15:25 | 000,000,000 | ---D | M] -- C:\Downloads
[2009/09/17 00:10:02 | 000,000,000 | ---D | M] -- C:\Dů
[2012/07/02 11:40:52 | 000,000,000 | ---D | M] -- C:\Extracted
[2011/10/19 11:29:08 | 000,000,000 | ---D | M] -- C:\Hotspot Shield
[2009/09/12 15:12:50 | 000,000,000 | R--D | M] -- C:\MSOCache
[2012/07/04 20:29:38 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/07/05 02:33:02 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/07/06 09:43:50 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011/09/30 22:12:27 | 000,000,000 | R--D | M] -- C:\Sandbox
[2011/10/29 21:26:52 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/07/02 14:46:26 | 000,000,000 | ---D | M] -- C:\temp
[2011/10/30 19:38:02 | 000,000,000 | ---D | M] -- C:\TempEI4
[2012/07/06 15:44:30 | 000,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA

< %windir%\Installer\*.* >
[2011/10/19 08:59:09 | 000,031,232 | ---- | M] () -- C:\WINDOWS\Installer\108b03.msi
[2011/03/29 13:52:01 | 000,005,120 | ---- | M] () -- C:\WINDOWS\Installer\1096378.ipi
[2011/01/11 17:53:56 | 001,763,328 | ---- | M] () -- C:\WINDOWS\Installer\10d65b2.msp
[2009/09/12 15:19:34 | 000,061,952 | ---- | M] () -- C:\WINDOWS\Installer\10d65b3.mst
[2011/02/16 13:54:08 | 004,992,000 | R--- | M] () -- C:\WINDOWS\Installer\10d65cd.msp
[2010/09/24 15:35:07 | 012,126,208 | ---- | M] () -- C:\WINDOWS\Installer\123efc0.msi
[2012/04/10 10:45:12 | 001,160,192 | ---- | M] () -- C:\WINDOWS\Installer\124051.msi
[2011/06/16 15:14:16 | 000,467,456 | ---- | M] () -- C:\WINDOWS\Installer\130d9ff.msi
[2011/04/29 12:33:30 | 008,173,568 | R--- | M] () -- C:\WINDOWS\Installer\130da16.msp
[2011/06/16 15:16:44 | 000,223,744 | ---- | M] () -- C:\WINDOWS\Installer\130da1f.msi
[2011/04/29 12:28:40 | 001,995,264 | R--- | M] () -- C:\WINDOWS\Installer\130da36.msp
[2011/04/29 12:31:46 | 009,006,080 | R--- | M] () -- C:\WINDOWS\Installer\130da4e.msp
[2011/03/17 20:03:50 | 000,308,736 | R--- | M] () -- C:\WINDOWS\Installer\130da65.msp
[2010/02/04 17:24:30 | 009,122,304 | R--- | M] () -- C:\WINDOWS\Installer\134e144.msp
[2010/02/21 01:00:02 | 008,480,768 | R--- | M] () -- C:\WINDOWS\Installer\134e15c.msp
[2010/03/22 16:03:14 | 011,732,992 | R--- | M] () -- C:\WINDOWS\Installer\134e174.msp
[2010/03/11 23:59:18 | 005,031,424 | R--- | M] () -- C:\WINDOWS\Installer\134e18c.msp
[2010/02/21 01:03:34 | 004,472,832 | R--- | M] () -- C:\WINDOWS\Installer\134e1aa.msp
[2010/02/21 01:02:24 | 004,195,840 | R--- | M] () -- C:\WINDOWS\Installer\134e1c2.msp
[2012/07/02 16:42:09 | 000,693,248 | ---- | M] () -- C:\WINDOWS\Installer\13cdb6.msi
[2010/12/28 18:27:43 | 001,572,352 | ---- | M] () -- C:\WINDOWS\Installer\161a4c6.msi
[2011/04/28 05:42:32 | 004,990,976 | R--- | M] () -- C:\WINDOWS\Installer\16beafd.msp
[2011/04/29 12:27:04 | 004,158,464 | R--- | M] () -- C:\WINDOWS\Installer\16beb15.msp
[2011/04/22 19:41:34 | 011,507,712 | R--- | M] () -- C:\WINDOWS\Installer\16beb31.msp
[2010/12/21 13:06:38 | 011,570,688 | R--- | M] () -- C:\WINDOWS\Installer\195111.msp
[2010/12/17 00:17:02 | 003,362,304 | R--- | M] () -- C:\WINDOWS\Installer\195129.msp
[2011/03/10 17:53:31 | 001,615,360 | ---- | M] () -- C:\WINDOWS\Installer\1c5fafe.msi
[2010/08/04 16:51:39 | 003,443,712 | ---- | M] () -- C:\WINDOWS\Installer\1c9289d.msi
[2011/03/12 17:17:16 | 001,615,360 | ---- | M] () -- C:\WINDOWS\Installer\1cd8068.msi
[2010/08/04 17:05:15 | 000,088,576 | ---- | M] () -- C:\WINDOWS\Installer\1d33a56.msi
[2008/07/29 17:31:06 | 006,083,072 | R--- | M] () -- C:\WINDOWS\Installer\1d33a57.msp
[2008/07/29 17:37:12 | 000,911,360 | R--- | M] () -- C:\WINDOWS\Installer\1d33a58.msp
[2008/07/29 17:33:08 | 000,506,368 | R--- | M] () -- C:\WINDOWS\Installer\1d33a59.msp
[2008/07/29 17:43:22 | 001,013,248 | R--- | M] () -- C:\WINDOWS\Installer\1d33a5a.msp
[2008/07/29 17:35:10 | 000,553,472 | R--- | M] () -- C:\WINDOWS\Installer\1d33a5b.msp
[2008/07/29 17:39:14 | 003,403,264 | R--- | M] () -- C:\WINDOWS\Installer\1d33a5c.msp
[2008/07/29 17:41:16 | 006,487,040 | R--- | M] () -- C:\WINDOWS\Installer\1d33a5d.msp
[2008/07/29 17:29:04 | 002,926,080 | R--- | M] () -- C:\WINDOWS\Installer\1d33a5e.msp
[2008/07/29 17:45:28 | 002,543,616 | R--- | M] () -- C:\WINDOWS\Installer\1d33a5f.msp
[2010/07/24 18:27:30 | 000,228,352 | ---- | M] () -- C:\WINDOWS\Installer\1d35385.msi
[2010/08/04 17:08:13 | 000,137,728 | ---- | M] () -- C:\WINDOWS\Installer\1d882e4.msi
[2008/07/29 21:07:20 | 000,023,040 | R--- | M] () -- C:\WINDOWS\Installer\1d882e5.msp
[2008/07/29 19:18:48 | 003,376,640 | R--- | M] () -- C:\WINDOWS\Installer\1d882e6.msp
[2008/07/29 20:22:42 | 004,137,984 | R--- | M] () -- C:\WINDOWS\Installer\1d882e7.msp
[2008/07/29 19:34:28 | 001,448,448 | R--- | M] () -- C:\WINDOWS\Installer\1d882e8.msp
[2008/07/29 21:15:12 | 003,697,664 | R--- | M] () -- C:\WINDOWS\Installer\1d882e9.msp
[2008/07/29 19:40:38 | 000,291,840 | R--- | M] () -- C:\WINDOWS\Installer\1d882ea.msp
[2008/07/29 20:37:56 | 002,679,808 | R--- | M] () -- C:\WINDOWS\Installer\1d882eb.msp
[2008/07/29 21:28:10 | 000,278,016 | R--- | M] () -- C:\WINDOWS\Installer\1d882ec.msp
[2008/07/29 19:26:26 | 001,043,456 | R--- | M] () -- C:\WINDOWS\Installer\1d882ed.msp
[2008/07/29 21:23:12 | 000,250,880 | R--- | M] () -- C:\WINDOWS\Installer\1d882ee.msp
[2010/08/04 17:09:49 | 000,648,192 | ---- | M] () -- C:\WINDOWS\Installer\1da901f.msi
[2008/12/13 09:57:24 | 008,397,824 | R--- | M] () -- C:\WINDOWS\Installer\1da902f.msp
[2011/03/08 18:14:23 | 001,615,360 | ---- | M] () -- C:\WINDOWS\Installer\1e2ce05.msi
[2011/07/14 10:40:30 | 003,489,280 | ---- | M] () -- C:\WINDOWS\Installer\1e3235.msi
[2011/04/14 18:22:32 | 003,446,272 | ---- | M] () -- C:\WINDOWS\Installer\1f17527.msi
[2010/08/04 20:35:56 | 019,210,240 | R--- | M] () -- C:\WINDOWS\Installer\1f60a0.msp
[2009/03/20 11:48:56 | 000,183,808 | R--- | M] () -- C:\WINDOWS\Installer\1f60ab.msp
[2010/08/04 20:39:43 | 000,195,584 | ---- | M] () -- C:\WINDOWS\Installer\1f60b3.msi
[2009/08/14 20:32:40 | 011,110,912 | R--- | M] () -- C:\WINDOWS\Installer\1f60bd.msp
[2010/04/11 22:17:10 | 004,210,688 | R--- | M] () -- C:\WINDOWS\Installer\1f60ca.msp
[2010/04/11 22:17:08 | 002,607,104 | R--- | M] () -- C:\WINDOWS\Installer\1f60cb.msp
[2010/04/11 22:17:12 | 014,599,680 | R--- | M] () -- C:\WINDOWS\Installer\1f60db.msp
[2010/02/25 00:14:38 | 000,543,232 | R--- | M] () -- C:\WINDOWS\Installer\1f60e4.msp
[2010/05/20 19:58:28 | 012,114,432 | R--- | M] () -- C:\WINDOWS\Installer\1f6104.msp
[2010/06/11 11:03:22 | 005,021,184 | R--- | M] () -- C:\WINDOWS\Installer\1f611c.msp
[2010/05/20 19:57:12 | 005,907,456 | R--- | M] () -- C:\WINDOWS\Installer\1f613c.msp
[2010/05/20 19:57:18 | 004,989,952 | R--- | M] () -- C:\WINDOWS\Installer\1f613d.msp
[2009/11/09 00:25:26 | 001,935,360 | R--- | M] () -- C:\WINDOWS\Installer\1f615a.msp
[2010/03/31 01:23:04 | 015,638,528 | R--- | M] () -- C:\WINDOWS\Installer\1f6168.msp
[2011/03/11 18:41:29 | 001,615,360 | ---- | M] () -- C:\WINDOWS\Installer\2100641.msi
[2011/03/09 19:03:18 | 001,615,360 | ---- | M] () -- C:\WINDOWS\Installer\213e98e.msi
[2011/03/31 11:34:38 | 000,005,632 | ---- | M] () -- C:\WINDOWS\Installer\21a972.ipi
[2009/09/12 14:32:16 | 000,264,704 | ---- | M] () -- C:\WINDOWS\Installer\223ef.msi
[2011/11/11 16:16:20 | 008,458,240 | R--- | M] () -- C:\WINDOWS\Installer\22f0612.msp
[2011/11/11 16:15:00 | 001,795,584 | R--- | M] () -- C:\WINDOWS\Installer\22f062a.msp
[2011/11/01 13:34:30 | 002,531,840 | R--- | M] () -- C:\WINDOWS\Installer\22f0642.msp
[2011/11/01 13:34:58 | 004,225,536 | R--- | M] () -- C:\WINDOWS\Installer\22f065f.msp
[2011/11/11 16:14:40 | 009,096,192 | R--- | M] () -- C:\WINDOWS\Installer\22f0677.msp
[2011/11/01 13:34:28 | 002,247,168 | R--- | M] () -- C:\WINDOWS\Installer\22f068f.msp
[2011/11/01 13:34:56 | 004,250,112 | R--- | M] () -- C:\WINDOWS\Installer\22f06a7.msp
[2012/03/25 21:04:50 | 000,005,120 | ---- | M] () -- C:\WINDOWS\Installer\22f19e7.ipi
[2010/01/14 21:26:08 | 005,027,840 | R--- | M] () -- C:\WINDOWS\Installer\231171.msp
[2009/10/16 07:08:48 | 002,237,952 | R--- | M] () -- C:\WINDOWS\Installer\235e68.msp
[2010/05/18 23:35:24 | 005,023,744 | R--- | M] () -- C:\WINDOWS\Installer\235e80.msp
[2010/04/24 17:05:14 | 004,199,424 | R--- | M] () -- C:\WINDOWS\Installer\235e98.msp
[2010/04/24 17:07:58 | 004,667,392 | R--- | M] () -- C:\WINDOWS\Installer\235eb0.msp
[2010/03/24 18:54:54 | 002,516,992 | R--- | M] () -- C:\WINDOWS\Installer\235ecd.msp
[2010/03/24 18:54:48 | 003,126,272 | R--- | M] () -- C:\WINDOWS\Installer\235ece.msp
[2010/04/24 17:08:48 | 009,129,984 | R--- | M] () -- C:\WINDOWS\Installer\235ee7.msp
[2010/04/24 17:09:46 | 011,750,912 | R--- | M] () -- C:\WINDOWS\Installer\235eff.msp
[2010/04/24 17:07:04 | 010,118,144 | R--- | M] () -- C:\WINDOWS\Installer\235f18.msp
[2010/04/24 17:10:46 | 008,486,400 | R--- | M] () -- C:\WINDOWS\Installer\235f30.msp
[2010/11/26 10:57:41 | 000,219,648 | ---- | M] () -- C:\WINDOWS\Installer\238f2a.msi
[2011/07/27 07:39:50 | 009,892,352 | R--- | M] () -- C:\WINDOWS\Installer\25f1d2a.msp
[2011/07/27 07:37:28 | 011,592,192 | R--- | M] () -- C:\WINDOWS\Installer\25f1d49.msp
[2011/09/06 21:48:02 | 008,181,248 | R--- | M] () -- C:\WINDOWS\Installer\25f1d61.msp
[2011/07/21 12:34:34 | 003,456,000 | R--- | M] () -- C:\WINDOWS\Installer\25f1d6e.msp
[2011/08/10 17:42:04 | 007,070,208 | R--- | M] () -- C:\WINDOWS\Installer\25f1d85.msp
[2011/08/24 06:37:22 | 004,985,856 | R--- | M] () -- C:\WINDOWS\Installer\25f1d9d.msp
[2011/06/21 11:59:26 | 001,764,352 | R--- | M] () -- C:\WINDOWS\Installer\25f1db6.msp
[2011/09/06 21:46:22 | 009,006,080 | R--- | M] () -- C:\WINDOWS\Installer\25f1dce.msp
[2011/08/10 17:43:30 | 003,795,968 | R--- | M] () -- C:\WINDOWS\Installer\25f1de6.msp
[2012/02/17 08:45:24 | 002,299,392 | R--- | M] () -- C:\WINDOWS\Installer\2621175.msp
[2012/04/28 21:43:58 | 008,459,264 | R--- | M] () -- C:\WINDOWS\Installer\262118d.msp
[2012/03/15 02:24:28 | 001,795,584 | R--- | M] () -- C:\WINDOWS\Installer\26211a5.msp
[2011/12/15 13:40:40 | 023,374,336 | R--- | M] () -- C:\WINDOWS\Installer\26211bb.msp
[2012/04/06 03:13:32 | 016,527,872 | R--- | M] () -- C:\WINDOWS\Installer\26211c8.msp
[2012/04/04 22:38:16 | 003,620,864 | R--- | M] () -- C:\WINDOWS\Installer\26211e0.msp
[2012/04/30 14:38:28 | 005,011,456 | R--- | M] () -- C:\WINDOWS\Installer\26211f8.msp
[2012/04/28 21:44:02 | 009,586,176 | R--- | M] () -- C:\WINDOWS\Installer\2621211.msp
[2012/01/19 13:37:24 | 008,999,936 | R--- | M] () -- C:\WINDOWS\Installer\262121d.msp
[2012/01/04 02:25:14 | 017,751,552 | R--- | M] () -- C:\WINDOWS\Installer\262122b.msp
[2011/12/22 16:50:54 | 000,256,000 | R--- | M] () -- C:\WINDOWS\Installer\2621234.msp
[2012/04/06 02:12:34 | 015,709,696 | R--- | M] () -- C:\WINDOWS\Installer\262123d.msp
[2012/04/28 21:44:02 | 009,101,824 | R--- | M] () -- C:\WINDOWS\Installer\2621255.msp
[2012/04/04 22:38:44 | 002,831,360 | R--- | M] () -- C:\WINDOWS\Installer\262126d.msp
[2011/12/26 09:59:58 | 004,368,896 | R--- | M] () -- C:\WINDOWS\Installer\26f08dd.msp
[2011/12/26 09:02:58 | 019,677,184 | R--- | M] () -- C:\WINDOWS\Installer\26f08f8.msp
[2011/12/25 05:40:46 | 000,819,200 | R--- | M] () -- C:\WINDOWS\Installer\26f0900.msp
[2009/09/12 15:13:32 | 002,397,184 | ---- | M] () -- C:\WINDOWS\Installer\279ac1.msi
[2009/09/12 15:13:40 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\279ac8.msi
[2009/09/12 15:13:47 | 001,713,152 | ---- | M] () -- C:\WINDOWS\Installer\279acf.msi
[2009/09/12 15:13:55 | 002,022,912 | ---- | M] () -- C:\WINDOWS\Installer\279ad6.msi
[2009/09/12 15:14:20 | 001,640,960 | ---- | M] () -- C:\WINDOWS\Installer\279add.msi
[2009/09/12 15:14:28 | 000,048,128 | ---- | M] () -- C:\WINDOWS\Installer\279ae7.msi
[2009/09/12 15:14:35 | 001,647,616 | ---- | M] () -- C:\WINDOWS\Installer\279aee.msi
[2009/09/12 15:14:40 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\279af5.msi
[2009/09/12 15:14:48 | 002,319,872 | ---- | M] () -- C:\WINDOWS\Installer\279afc.msi
[2009/09/12 15:14:59 | 000,513,024 | ---- | M] () -- C:\WINDOWS\Installer\279b03.msi
[2009/09/12 15:15:13 | 000,516,608 | ---- | M] () -- C:\WINDOWS\Installer\279b0b.msi
[2009/09/12 15:16:13 | 000,506,880 | ---- | M] () -- C:\WINDOWS\Installer\279b13.msi
[2009/09/12 15:16:19 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\279b1a.msi
[2009/09/12 15:16:29 | 001,652,736 | ---- | M] () -- C:\WINDOWS\Installer\279b21.msi
[2009/09/12 15:16:37 | 001,652,736 | ---- | M] () -- C:\WINDOWS\Installer\279b28.msi
[2009/09/12 15:16:49 | 001,652,736 | ---- | M] () -- C:\WINDOWS\Installer\279b2f.msi
[2009/09/12 15:16:52 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\279b36.msi
[2009/09/12 15:16:58 | 001,640,960 | ---- | M] () -- C:\WINDOWS\Installer\279b3d.msi
[2009/09/12 15:19:31 | 018,181,632 | ---- | M] () -- C:\WINDOWS\Installer\279b4b.msi
[2007/04/12 20:41:48 | 004,582,912 | R--- | M] () -- C:\WINDOWS\Installer\279b4c.msp
[2009/09/12 15:22:16 | 000,390,656 | ---- | M] () -- C:\WINDOWS\Installer\279b54.msi
[2011/03/28 03:27:52 | 015,456,256 | R--- | M] () -- C:\WINDOWS\Installer\2803f0f.msp
[2011/05/11 09:56:05 | 003,484,160 | ---- | M] () -- C:\WINDOWS\Installer\282cc6.msi
[2012/02/03 15:13:48 | 004,988,928 | R--- | M] () -- C:\WINDOWS\Installer\2c0e891.msp
[2011/10/30 22:54:38 | 002,748,416 | R--- | M] () -- C:\WINDOWS\Installer\2c0e89a.msp
[2009/11/22 11:35:10 | 001,887,232 | ---- | M] () -- C:\WINDOWS\Installer\2cd4db.msi
[2011/11/18 15:49:29 | 001,435,136 | ---- | M] () -- C:\WINDOWS\Installer\2d6bd5.msi
[2009/02/25 19:08:18 | 008,311,808 | R--- | M] () -- C:\WINDOWS\Installer\2ed864.msp
[2011/10/01 14:02:07 | 000,062,464 | ---- | M] () -- C:\WINDOWS\Installer\2f81b.msi
[2012/01/22 10:09:26 | 001,700,352 | R--- | M] () -- C:\WINDOWS\Installer\2fb62f7.msp
[2011/11/01 13:34:26 | 001,169,920 | R--- | M] () -- C:\WINDOWS\Installer\2fb630e.msp
[2012/02/02 23:56:22 | 000,963,584 | R--- | M] () -- C:\WINDOWS\Installer\2fb6317.msp
[2012/01/30 20:46:22 | 007,069,184 | R--- | M] () -- C:\WINDOWS\Installer\2fb6321.msp
[2012/03/23 14:59:02 | 007,899,648 | R--- | M] () -- C:\WINDOWS\Installer\2fb6338.msp
[2012/03/27 00:28:54 | 005,009,920 | R--- | M] () -- C:\WINDOWS\Installer\2fb6350.msp
[2011/12/19 23:30:42 | 000,314,368 | ---- | M] () -- C:\WINDOWS\Installer\30aad9a.msi
[2012/03/20 23:57:14 | 006,188,544 | R--- | M] () -- C:\WINDOWS\Installer\3412270.msp
[2012/04/25 19:32:24 | 007,069,184 | R--- | M] () -- C:\WINDOWS\Installer\341227b.msp
[2012/04/22 22:37:42 | 001,182,720 | R--- | M] () -- C:\WINDOWS\Installer\3412283.msp
[2012/03/15 13:43:28 | 004,216,320 | R--- | M] () -- C:\WINDOWS\Installer\341228b.msp
[2012/04/21 21:55:38 | 000,980,480 | R--- | M] () -- C:\WINDOWS\Installer\3412293.msp
[2012/05/30 07:17:06 | 005,010,432 | R--- | M] () -- C:\WINDOWS\Installer\34122ab.msp
[2009/10/16 07:09:28 | 002,518,016 | R--- | M] () -- C:\WINDOWS\Installer\34ff49.msp
[2009/12/03 14:15:12 | 005,004,288 | R--- | M] () -- C:\WINDOWS\Installer\34ff61.msp
[2010/02/06 14:16:54 | 000,429,568 | ---- | M] () -- C:\WINDOWS\Installer\34ff6c.msi
[2009/04/24 12:28:00 | 004,450,816 | R--- | M] () -- C:\WINDOWS\Installer\3dabc0.msp
[2009/05/04 07:47:22 | 009,124,864 | R--- | M] () -- C:\WINDOWS\Installer\3dabd9.msp
[2009/05/04 07:49:40 | 010,955,776 | R--- | M] () -- C:\WINDOWS\Installer\3dac16.msp
[2009/04/24 12:29:02 | 009,013,760 | R--- | M] () -- C:\WINDOWS\Installer\3dac30.msp
[2009/05/26 18:53:56 | 000,579,072 | R--- | M] () -- C:\WINDOWS\Installer\3dac47.msp
[2009/05/04 07:46:14 | 008,299,008 | R--- | M] () -- C:\WINDOWS\Installer\3dac60.msp
[2009/05/26 18:54:44 | 004,192,768 | R--- | M] () -- C:\WINDOWS\Installer\3dac7d.msp
[2009/04/24 12:30:16 | 002,583,552 | R--- | M] () -- C:\WINDOWS\Installer\3dac97.msp
[2012/02/29 23:45:14 | 004,989,440 | R--- | M] () -- C:\WINDOWS\Installer\3e094.msp
[2011/03/28 03:27:52 | 015,456,256 | R--- | M] () -- C:\WINDOWS\Installer\3ed81e.msp
[2012/04/09 11:54:49 | 000,022,016 | ---- | M] () -- C:\WINDOWS\Installer\43412.msi
[2011/04/18 18:39:14 | 000,223,232 | ---- | M] () -- C:\WINDOWS\Installer\4ddde5.msi
[2011/09/21 16:18:24 | 004,985,856 | R--- | M] () -- C:\WINDOWS\Installer\587931.msp
[2011/04/27 10:05:34 | 003,446,272 | ---- | M] () -- C:\WINDOWS\Installer\5ce74d.msi
[2011/07/29 13:54:41 | 000,019,968 | ---- | M] () -- C:\WINDOWS\Installer\60e7f.msi
[2010/12/25 14:41:34 | 003,065,856 | ---- | M] () -- C:\WINDOWS\Installer\6587a.msi
[2011/06/21 12:01:14 | 004,991,488 | R--- | M] () -- C:\WINDOWS\Installer\68120.msp
[2011/01/11 17:53:56 | 001,763,328 | R--- | M] () -- C:\WINDOWS\Installer\69bdf.msp
[2009/08/18 13:08:34 | 001,373,696 | R--- | M] () -- C:\WINDOWS\Installer\6b9a59.msp
[2009/07/27 04:31:24 | 003,738,624 | R--- | M] () -- C:\WINDOWS\Installer\6b9a71.msp
[2009/08/18 12:50:38 | 012,022,272 | R--- | M] () -- C:\WINDOWS\Installer\6b9a95.msp
[2009/08/05 07:49:32 | 003,457,024 | R--- | M] () -- C:\WINDOWS\Installer\6b9aaf.msp
[2009/10/16 07:03:20 | 005,003,776 | R--- | M] () -- C:\WINDOWS\Installer\6b9ac7.msp
[2009/08/18 12:57:54 | 009,122,304 | R--- | M] () -- C:\WINDOWS\Installer\6b9adf.msp
[2009/08/18 12:58:56 | 008,301,056 | R--- | M] () -- C:\WINDOWS\Installer\6b9af7.msp
[2012/03/20 23:57:14 | 006,188,544 | R--- | M] () -- C:\WINDOWS\Installer\6c6617.msp
[2012/04/25 19:32:24 | 007,069,184 | R--- | M] () -- C:\WINDOWS\Installer\6c6621.msp
[2012/04/22 22:37:42 | 001,182,720 | R--- | M] () -- C:\WINDOWS\Installer\6c6629.msp
[2012/03/15 13:43:28 | 004,216,320 | R--- | M] () -- C:\WINDOWS\Installer\6c6631.msp
[2012/04/21 21:55:38 | 000,980,480 | R--- | M] () -- C:\WINDOWS\Installer\6c6639.msp
[2012/05/30 07:17:06 | 005,010,432 | R--- | M] () -- C:\WINDOWS\Installer\6c6650.msp
[2011/08/09 10:49:23 | 003,489,280 | ---- | M] () -- C:\WINDOWS\Installer\6d792.msi
[2010/12/28 20:47:55 | 003,144,704 | ---- | M] () -- C:\WINDOWS\Installer\71ce4f.msi
[2009/10/26 21:39:58 | 001,549,312 | ---- | M] () -- C:\WINDOWS\Installer\766133.msi
[2009/10/26 21:40:27 | 000,694,272 | ---- | M] () -- C:\WINDOWS\Installer\76613a.msi
[2009/10/26 21:41:51 | 009,013,760 | ---- | M] () -- C:\WINDOWS\Installer\76613e.msi
[2011/07/27 07:42:04 | 004,985,856 | R--- | M] () -- C:\WINDOWS\Installer\77c97.msp
[2011/05/02 00:06:16 | 002,705,920 | R--- | M] () -- C:\WINDOWS\Installer\77ca0.msp
[2011/03/31 09:12:49 | 001,615,360 | ---- | M] () -- C:\WINDOWS\Installer\7cbaa.msi
[2011/06/21 12:01:14 | 004,991,488 | R--- | M] () -- C:\WINDOWS\Installer\843fdb.msp
[2011/03/28 03:27:52 | 015,456,256 | R--- | M] () -- C:\WINDOWS\Installer\843fe9.msp
[2009/04/14 03:22:08 | 019,840,000 | R--- | M] () -- C:\WINDOWS\Installer\88b0b5.msp
[2009/04/14 03:20:06 | 009,573,376 | R--- | M] () -- C:\WINDOWS\Installer\88b0bf.msp
[2009/04/14 04:51:24 | 001,303,040 | R--- | M] () -- C:\WINDOWS\Installer\88b0c9.msp
[2009/04/14 04:49:26 | 001,922,560 | R--- | M] () -- C:\WINDOWS\Installer\88b0d2.msp
[2009/04/14 04:18:14 | 009,684,480 | R--- | M] () -- C:\WINDOWS\Installer\88b0dc.msp
[2009/04/14 04:50:22 | 005,191,680 | R--- | M] () -- C:\WINDOWS\Installer\88b0e6.msp
[2009/04/14 04:56:18 | 020,498,944 | R--- | M] () -- C:\WINDOWS\Installer\88b0f0.msp
[2009/05/07 09:04:06 | 018,341,376 | R--- | M] () -- C:\WINDOWS\Installer\88b0fa.msp
[2009/04/14 04:21:34 | 015,303,168 | R--- | M] () -- C:\WINDOWS\Installer\88b104.msp
[2009/04/14 03:46:12 | 015,438,848 | R--- | M] () -- C:\WINDOWS\Installer\88b10e.msp
[2011/01/11 17:52:58 | 003,360,768 | R--- | M] () -- C:\WINDOWS\Installer\9109c9.msp
[2011/02/24 15:15:46 | 011,551,232 | R--- | M] () -- C:\WINDOWS\Installer\93dbda.msp
[2010/11/20 23:33:46 | 001,980,928 | R--- | M] () -- C:\WINDOWS\Installer\93dbf2.msp
[2011/01/11 17:50:38 | 008,177,152 | R--- | M] () -- C:\WINDOWS\Installer\93dc0a.msp
[2011/03/17 20:01:58 | 009,563,648 | R--- | M] () -- C:\WINDOWS\Installer\93dc22.msp
[2011/02/11 20:47:00 | 012,028,928 | R--- | M] () -- C:\WINDOWS\Installer\93dc2f.msp
[2010/11/20 23:32:52 | 004,165,120 | R--- | M] () -- C:\WINDOWS\Installer\93dc48.msp
[2011/01/11 17:49:20 | 009,003,008 | R--- | M] () -- C:\WINDOWS\Installer\93dc60.msp
[2011/03/17 20:05:24 | 004,989,440 | R--- | M] () -- C:\WINDOWS\Installer\93dc78.msp
[2011/03/12 17:41:39 | 001,615,360 | ---- | M] () -- C:\WINDOWS\Installer\94d39.msi
[2011/06/24 13:28:59 | 003,489,280 | ---- | M] () -- C:\WINDOWS\Installer\969ca.msi
[2011/08/13 22:05:36 | 001,565,696 | ---- | M] () -- C:\WINDOWS\Installer\97e71.msi
[2011/08/05 11:45:29 | 003,489,280 | ---- | M] () -- C:\WINDOWS\Installer\9f81b.msi
[2011/03/30 09:19:09 | 001,615,360 | ---- | M] () -- C:\WINDOWS\Installer\a1aea.msi
[2011/10/02 15:12:01 | 008,761,856 | ---- | M] () -- C:\WINDOWS\Installer\ad246.msi
[2009/09/15 12:29:44 | 000,432,640 | ---- | M] () -- C:\WINDOWS\Installer\ad7b38.msi
[2009/04/04 10:14:58 | 001,094,656 | R--- | M] () -- C:\WINDOWS\Installer\ad7b44.msp
[2009/04/04 11:36:32 | 021,390,848 | R--- | M] () -- C:\WINDOWS\Installer\ad7b45.msp
[2009/04/04 17:09:34 | 015,190,016 | R--- | M] () -- C:\WINDOWS\Installer\ad7b66.msp
[2009/04/04 17:08:40 | 343,058,432 | R--- | M] () -- C:\WINDOWS\Installer\ad7d1a.msp
[2009/04/04 17:10:08 | 009,926,144 | R--- | M] () -- C:\WINDOWS\Installer\ad7d26.msp
[2009/04/04 17:10:16 | 007,888,384 | R--- | M] () -- C:\WINDOWS\Installer\ad7d31.msp
[2009/04/04 17:10:24 | 001,282,560 | R--- | M] () -- C:\WINDOWS\Installer\ad7d3a.msp
[2009/09/15 12:41:16 | 000,248,832 | ---- | M] () -- C:\WINDOWS\Installer\ad7d42.msi
[2009/09/15 12:41:55 | 000,119,296 | ---- | M] () -- C:\WINDOWS\Installer\ad7d49.msi
[2009/08/18 12:56:58 | 005,020,672 | R--- | M] () -- C:\WINDOWS\Installer\ad7d60.msp
[2011/01/18 23:36:00 | 002,687,488 | R--- | M] () -- C:\WINDOWS\Installer\af857f.msp
[2011/07/11 17:19:28 | 010,619,904 | R--- | M] () -- C:\WINDOWS\Installer\b038a8.msp
[2011/04/13 11:37:02 | 019,201,024 | R--- | M] () -- C:\WINDOWS\Installer\b038b1.msp
[2011/12/26 05:06:20 | 005,115,392 | R--- | M] () -- C:\WINDOWS\Installer\b038b9.msp
[2011/10/26 15:38:54 | 002,830,848 | R--- | M] () -- C:\WINDOWS\Installer\b038c1.msp
[2011/04/28 05:42:32 | 004,990,976 | R--- | M] () -- C:\WINDOWS\Installer\b33651.msp
[2011/04/29 12:27:04 | 004,158,464 | R--- | M] () -- C:\WINDOWS\Installer\b33669.msp
[2011/04/22 19:41:34 | 011,507,712 | R--- | M] () -- C:\WINDOWS\Installer\b33685.msp
[2011/12/08 19:24:04 | 004,989,952 | R--- | M] () -- C:\WINDOWS\Installer\b4d2db.msp
[2008/12/13 10:21:36 | 010,473,472 | R--- | M] () -- C:\WINDOWS\Installer\b595f.msp
[2008/12/13 09:58:22 | 000,754,688 | R--- | M] () -- C:\WINDOWS\Installer\b596c.msp
[2012/07/04 21:06:41 | 000,863,744 | ---- | M] () -- C:\WINDOWS\Installer\b7a2ed.msi
[2012/07/04 21:08:14 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Installer\b7a2f4.msi
[2011/06/03 11:51:55 | 003,485,696 | ---- | M] () -- C:\WINDOWS\Installer\b8ff1.msi
[2010/05/19 13:08:52 | 011,408,896 | R--- | M] () -- C:\WINDOWS\Installer\b9a5ac.msp
[2011/03/31 08:58:05 | 001,615,360 | ---- | M] () -- C:\WINDOWS\Installer\c61cc.msi
[2010/10/08 22:07:04 | 011,559,424 | R--- | M] () -- C:\WINDOWS\Installer\cc0629.msp
[2010/07/23 01:03:24 | 000,338,432 | R--- | M] () -- C:\WINDOWS\Installer\cc0641.msp
[2010/11/20 23:35:20 | 003,359,744 | R--- | M] () -- C:\WINDOWS\Installer\cc0659.msp
[2010/10/21 18:10:00 | 003,995,136 | R--- | M] () -- C:\WINDOWS\Installer\cc0675.msp
[2010/08/04 15:13:04 | 000,686,080 | R--- | M] () -- C:\WINDOWS\Installer\d6a3c7.msp
[2010/07/23 01:04:08 | 011,395,072 | R--- | M] () -- C:\WINDOWS\Installer\d6a3e4.msp
[2011/09/15 23:05:54 | 001,411,072 | R--- | M] () -- C:\WINDOWS\Installer\d9a98a.msp
[2011/09/15 23:07:52 | 034,428,416 | R--- | M] () -- C:\WINDOWS\Installer\d9a98b.msp
[2011/09/15 23:07:28 | 016,691,712 | R--- | M] () -- C:\WINDOWS\Installer\d9a9a7.msp
[2011/09/15 23:04:54 | 428,804,608 | R--- | M] () -- C:\WINDOWS\Installer\d9abd6.msp
[2011/09/15 23:08:04 | 010,838,528 | R--- | M] () -- C:\WINDOWS\Installer\d9abe2.msp
[2011/09/15 23:09:22 | 011,163,136 | R--- | M] () -- C:\WINDOWS\Installer\d9abef.msp
[2011/09/15 23:10:36 | 007,959,552 | R--- | M] () -- C:\WINDOWS\Installer\d9abfa.msp
[2011/07/12 15:50:24 | 017,555,968 | R--- | M] () -- C:\WINDOWS\Installer\df6108.msp
[2011/07/11 20:43:20 | 011,641,344 | R--- | M] () -- C:\WINDOWS\Installer\df6114.msp
[2010/12/28 11:37:06 | 001,572,352 | ---- | M] () -- C:\WINDOWS\Installer\e42a2.msi
[2010/08/13 18:01:28 | 008,993,280 | R--- | M] () -- C:\WINDOWS\Installer\e8a45c.msp
[2010/09/17 06:06:50 | 003,355,648 | R--- | M] () -- C:\WINDOWS\Installer\e8a474.msp
[2010/08/13 18:02:20 | 002,545,664 | R--- | M] () -- C:\WINDOWS\Installer\e8a48c.msp
[2010/08/13 17:59:46 | 008,182,272 | R--- | M] () -- C:\WINDOWS\Installer\e8a4a4.msp
[2010/08/13 18:00:36 | 009,404,928 | R--- | M] () -- C:\WINDOWS\Installer\e8a4bd.msp
[2010/09/23 07:39:44 | 004,265,472 | R--- | M] () -- C:\WINDOWS\Installer\e8a4c9.msp
[2010/09/23 21:02:28 | 000,798,208 | R--- | M] () -- C:\WINDOWS\Installer\e8a4d2.msp
[2010/09/24 07:08:50 | 017,518,080 | R--- | M] () -- C:\WINDOWS\Installer\e8a4ec.msp
[2010/10/07 18:43:04 | 001,980,416 | R--- | M] () -- C:\WINDOWS\Installer\f2f097.msp
[2010/10/21 18:12:42 | 003,359,744 | R--- | M] () -- C:\WINDOWS\Installer\f2f0af.msp
[2010/09/17 06:04:16 | 009,401,856 | R--- | M] () -- C:\WINDOWS\Installer\f2f0c7.msp
[2012/07/03 23:17:54 | 000,947,024 | ---- | M] (SANDBOXIE L.T.D) -- C:\WINDOWS\Installer\SandboxieInstall32.exe
[2012/06/30 20:27:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{3C3901C5-3455-3E0A-A214-0B093A5070A6}.SchedServiceConfig.rmi
[2010/08/04 17:08:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.SchedServiceConfig.rmi
[6 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %windir%\system32\tasks\*.* >

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2008/04/14 17:30:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/14 17:30:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 17:30:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008/04/14 17:30:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\erdnt\cache\regedit.exe
[2008/04/14 17:30:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe
[2008/04/14 17:30:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\system32\dllcache\regedit.exe

< MD5 for: RUNSERVICE.EXE >
[2010/06/13 14:51:35 | 000,002,560 | ---- | M] () MD5=29FAB5363138F6E322F4CD780ED9D337 -- C:\WINDOWS\Runservice.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 17:30:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/14 17:30:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 17:30:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 17:30:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/14 17:30:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 17:30:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 17:30:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/14 17:30:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 17:30:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright (C) 1999-2003 Microsoft Corporation.
On computer: CHANGEME
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 F DVD-ROM 0 B
Volume 1 C NTFS Partition 20 GB Healthy System
Volume 2 D NTFS Partition 26 GB Healthy
Volume 3 E NTFS Partition 29 GB Healthy

========== Files - Unicode (All) ==========
[2010/11/06 13:29:31 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\�ɚ
[2010/11/06 13:29:31 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\�ɚ

========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >





OTL Extras logfile created on: 7/6/2012 4:08:12 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\sachin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 617.59 Mb Available Physical Memory | 64.43% Memory free
1.97 Gb Paging File | 1.50 Gb Available in Paging File | 76.21% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 6.51 Gb Free Space | 33.34% Space Free | Partition Type: NTFS
Drive D: | 25.72 Gb Total Space | 14.14 Gb Free Space | 54.96% Space Free | Partition Type: NTFS
Drive E: | 29.29 Gb Total Space | 19.70 Gb Free Space | 67.25% Space Free | Partition Type: NTFS

Computer Name: CHANGEME | User Name: sachin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- D:\Soft\Opera\New Folder\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1644491937-1229272821-1177238915-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Soft\Firefox\New Folder\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Soft\VLC\New Folder\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Soft\VLC\New Folder\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"41111:TCP" = 41111:TCP:*:Enabled:eMule_TCP
"42222:UDP" = 42222:UDP:*:Enabled:eMule_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Soft\Paltalk\New Folder\paltalk.exe" = D:\Soft\Paltalk\New Folder\paltalk.exe:*:Enabled:PaltalkScene -- (AVM Software Inc.)
"D:\Soft\UTorrent\New Folder\uTorrent.exe" = D:\Soft\UTorrent\New Folder\uTorrent.exe:*:Enabled:΅Torrent -- (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"D:\Soft\MT5\New Folder\metatester.exe" = D:\Soft\MT5\New Folder\metatester.exe:*:Enabled:MetaTrader 5 Strategy Tester Agent -- (MetaQuotes Software Corp.)
"D:\Soft\Opera\New Folder\opera.exe" = D:\Soft\Opera\New Folder\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"D:\Soft\Opera\New Folder\pluginwrapper\opera_plugin_wrapper.exe" = D:\Soft\Opera\New Folder\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArtMoney SE_is1" = ArtMoney SE v7.33
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Broco Trader 5" = Broco Trader 5
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Forex4you Terminal" = Forex4you Terminal
"GOM Player" = GOM Player
"HotForex MetaTrader" = HotForex MetaTrader
"ie8" = Windows Internet Explorer 8
"KeyScrambler" = KeyScrambler
"Logitech Resource Center" = Logitech Resource Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MetaTrader - EXNESS" = MetaTrader - EXNESS
"MetaTrader - One Financial" = MetaTrader - One Financial
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MiPony" = MiPony 1.3.0
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NetMeter_is1" = NetMeter 1.1.3
"Opera 12.00.1467" = Opera 12.00
"PalTalk8.2" = Paltalk Messenger
"RealAlt_is1" = Real Alternative 2.0.2
"Recuva" = Recuva
"rFactor" = rFactor (remove only)
"Roadrash 955.3.2.0" = Roadrash 95
"Sandboxie" = Sandboxie 3.60 (32-bit)
"SpywareBlaster_is1" = SpywareBlaster 4.6
"SpywareGuard_is1" = SpywareGuard v2.2
"uTorrent" = ΅Torrent
"VLC media player" = VLC media player 0.9.9
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 20 Event Log Errors ==========

[ OSession Events ]
Error - 12/14/2011 2:42:39 AM | Computer Name = CHANGEME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2990
seconds with 1020 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/4/2012 4:51:30 PM | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7034
Description = The LicCtrl Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/5/2012 2:46:33 AM | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 7/5/2012 6:25:40 AM | Computer Name = CHANGEME | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000009A'
while processing the file 'lastprofile.ini' on the volume 'HarddiskVolume2'. It
has stopped monitoring the volume.

Error - 7/5/2012 6:36:36 AM | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 7/5/2012 8:58:29 AM | Computer Name = CHANGEME | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000009A'
while processing the file 'lastparameters.ini' on the volume 'HarddiskVolume2'.
It has stopped monitoring the volume.

Error - 7/5/2012 9:10:38 AM | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 7/6/2012 12:01:05 AM | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 7/6/2012 12:18:20 AM | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 7/6/2012 1:21:08 AM | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 7/6/2012 1:26:54 AM | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon


< End of report >
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 27,295 posts.
  
Join Date: Mar 2001
Location: Bradford, England
08-Jul-2012, 02:02 PM #8
Okay, can you uninstall this via AddRemove Programs:

NetMeter 1.1.3

-----------

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\skbdrv.sys -- (skbdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\sachin\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = 
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: FVDIEPlugin Add Page - res://D:\Soft\FLASHD~1\NEWFOL~1\FVDIEP~1\FVDIEPlugin_1.dll/IECONTEXT.DLL.HTM File not found
O4 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003..\Run: [D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe] D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe ()
PRC - [2007/08/11 19:20:00 | 000,331,264 | ---- | M] () -- D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe
MOD - [2007/08/11 19:20:00 | 000,331,264 | ---- | M] () -- D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
[2011/11/18 16:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\IObit
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
:Files
C:\WINDOWS\System32\mmf*.sys
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
  • Then click the Run Fix button at the top
  • Click OK.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.



-----------------------------
Do you know what this folder is?

C:\Dů

If not, we'll have a look at it later.

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
ryan41225's Avatar
Computer Specs
Member with 22 posts.
THREAD STARTER
  
Join Date: Jul 2012
Experience: Intermediate
09-Jul-2012, 04:24 PM #9
Netmeter was uninstalled.

I closed everything & ran OTL but it popped a notepad already, I closed the notepad & ran OTL again, this time it opened & the fix was run as directed, it asked for a reboot, upon logging back in, OTL wished to run again but I selected Cancel & proceeded to open the Log & was surprised to realize that it resembled the notepad that had popped up a little while back


Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\sachin\Desktop\cmd.bat not found!

PendingFileRenameOperations files...
File C:\Documents and Settings\sachin\Desktop\cmd.bat not found!

Registry entries deleted on Reboot...


----------------------------------------------

Another weird thing that has occurred is that one of these cleaning-programs cleaned up Winamp, therefore all the audio-files' icons changed to Windows Media Player but interestingly enough, upon a double-click, they were trying to open within Sandboxie's sandbox, a little bemused, I right-clicked & realized that for some reason the first option was "Run Sandboxed" & the regular "Open" option was missing

I have no idea what C:\Dů is!It seems to resemble the user-account-folders found in Documents & Settings folder because C:\Dů has 2 folders in it, named Application Data & Local Settings, former is empty while the latter has a folder named Temporary Internet Files in it, which is also empty.
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 27,295 posts.
  
Join Date: Mar 2001
Location: Bradford, England
10-Jul-2012, 05:18 PM #10
As you pressed cancel after rebooting, some of the entries I posted in the fix may have not removed properly. As you have copied/pasted the log, it said this:

Registry entries deleted on Reboot...

So, if you press cancel, it won't do that step.

Can you re-scan with OTL again, like you did at the very beginning, and I'll see if any need to be removed still. Only the one log will appear

---
Quote:
Another weird thing that has occurred is that one of these cleaning-programs cleaned up Winamp, therefore all the audio-files' icons changed to Windows Media Player but interestingly enough, upon a double-click, they were trying to open within Sandboxie's sandbox, a little bemused, I right-clicked & realized that for some reason the first option was "Run Sandboxed" & the regular "Open" option was missing
That's strange, as my fix didn't touch Winamp, or any file associations

When you right-click on the audio file, do you have the option Open With?

If so, select Choose Default or Browse, then navigate to the Winamp folder in Program Files, select Winamp.exe, and click Open. Make sure the box is ticked to Always use this Program.... Apply and OK.

------

As for that other folder, lets have a deeper look, plus there is something else I want to look at

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :dir
C:\D&#367; /sub
C:\WINDOWS\System32\&#65533;&#602; /sub
:file
C:\WINDOWS\System32\&#65533;&#602;
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
ryan41225's Avatar
Computer Specs
Member with 22 posts.
THREAD STARTER
  
Join Date: Jul 2012
Experience: Intermediate
11-Jul-2012, 04:17 AM #11
Well, I didn't run the scan with OTL because the moment I double-clicked on OTL to run it, the following log popped up & looking at it, I thought this is the one you were expecting to see.





All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File %SystemRoot%\System32\hidserv.dll not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service TfSysMon stopped successfully!
Service TfSysMon deleted successfully!
File system32\drivers\TfSysMon.sys not found.
Service TfNetMon stopped successfully!
Service TfNetMon deleted successfully!
File C:\WINDOWS\system32\drivers\TfNetMon.sys not found.
Service TfFsMon stopped successfully!
Service TfFsMon deleted successfully!
File system32\drivers\TfFsMon.sys not found.
Service skbdrv stopped successfully!
Service skbdrv deleted successfully!
File system32\DRIVERS\skbdrv.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service mcdbus stopped successfully!
Service mcdbus deleted successfully!
File system32\DRIVERS\mcdbus.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\sachin\LOCALS~1\Temp\catchme.sys not found.
Service AVGIDSDriver stopped successfully!
Service AVGIDSDriver deleted successfully!
C:\WINDOWS\system32\drivers\AVGIDSDriver.sys moved successfully.
Error: Unable to stop service Avgtdix!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgtdix deleted successfully.
C:\WINDOWS\system32\drivers\avgtdix.sys moved successfully.
Error: Unable to stop service Avgrkx86!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgrkx86 deleted successfully.
C:\WINDOWS\system32\drivers\avgrkx86.sys moved successfully.
Service Avgmfx86 stopped successfully!
Service Avgmfx86 deleted successfully!
C:\WINDOWS\system32\drivers\avgmfx86.sys moved successfully.
Error: Unable to stop service AVGIDSEH!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGIDSEH deleted successfully.
C:\WINDOWS\system32\drivers\AVGIDSEH.sys moved successfully.
Service AVGIDSShim stopped successfully!
Service AVGIDSShim deleted successfully!
C:\WINDOWS\system32\drivers\AVGIDSShim.sys moved successfully.
Service AVGIDSFilter stopped successfully!
Service AVGIDSFilter deleted successfully!
C:\WINDOWS\system32\drivers\AVGIDSFilter.sys moved successfully.
Service Avgldx86 stopped successfully!
Service Avgldx86 deleted successfully!
C:\WINDOWS\system32\drivers\avgldx86.sys moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_USERS\S-1-5-21-1644491937-1229272821-1177238915-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-1644491937-1229272821-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
Registry value HKEY_USERS\S-1-5-21-1644491937-1229272821-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1644491937-1229272821-1177238915-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\FVDIEPlugin Add Page\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1644491937-1229272821-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run\\D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe not found.
D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe moved successfully.
No active process named NetMeter.exe was found!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ not found.
C:\Documents and Settings\sachin\Application Data\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Documents and Settings\sachin\Application Data\IObit\IObit Uninstaller\Language folder moved successfully.
C:\Documents and Settings\sachin\Application Data\IObit\IObit Uninstaller folder moved successfully.
C:\Documents and Settings\sachin\Application Data\IObit folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== FILES ==========
C:\WINDOWS\System32\mmf(10)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(12)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(10).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(11).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(12).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(13).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(14).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(15).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(4).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(5).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(6).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(7).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(8).sys moved successfully.
C:\WINDOWS\System32\mmf(2)(9).sys moved successfully.
C:\WINDOWS\System32\mmf(3)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(3)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(3)(4).sys moved successfully.
C:\WINDOWS\System32\mmf(3)(5).sys moved successfully.
C:\WINDOWS\System32\mmf(3)(6).sys moved successfully.
C:\WINDOWS\System32\mmf(3)(7).sys moved successfully.
C:\WINDOWS\System32\mmf(3)(8).sys moved successfully.
C:\WINDOWS\System32\mmf(3)(9).sys moved successfully.
C:\WINDOWS\System32\mmf(4)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(4)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(4)(4).sys moved successfully.
C:\WINDOWS\System32\mmf(4)(5).sys moved successfully.
C:\WINDOWS\System32\mmf(4)(6).sys moved successfully.
C:\WINDOWS\System32\mmf(5)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(5)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(5)(4).sys moved successfully.
C:\WINDOWS\System32\mmf(6)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(6)(3).sys moved successfully.
C:\WINDOWS\System32\mmf(8)(2).sys moved successfully.
C:\WINDOWS\System32\mmf(9)(2).sys moved successfully.
C:\WINDOWS\System32\mmf.sys moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\sachin\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\sachin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: sachin
->Temp folder emptied: 38234900 bytes
->Temporary Internet Files folder emptied: 2228224 bytes
->Java cache emptied: 12674789 bytes
->FireFox cache emptied: 54735025 bytes
->Flash cache emptied: 2456 bytes

User: sachin1
->Temp folder emptied: 2322 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 11846354 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66271 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 114.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: sachin
->Java cache emptied: 0 bytes

User: sachin1
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: sachin
->Flash cache emptied: 0 bytes

User: sachin1

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07102012_004552

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...





And yes, the audio-files do have "Open With" option but as I've said, Winamp doesn't seem to be on the system anymore, it was probably taken out by one of the programs, & Avast wouldn't let me re-install it, weird because it didn't have any problems with Winamp for so many months that it has been on the system; I Googled & found that some security-programs do list Winamp as a threat so I don't know if I should install it or not.

Update on the situation right now is that things have been pretty quiet for the last couple of days, no drama





SystemLook 30.07.11 by jpshortstuff
Log created at 13:17 on 11/07/2012 by sachin
Administrator - Elevation successful

========== dir ==========

C:\Dů - Parameters: "/sub"

---Files---
None found.

C:\Dů\Application Data d------ [18:40 16/09/2009]

C:\Dů\Local Settings d------ [18:40 16/09/2009]

C:\Dů\Local Settings\Temporary Internet Files d------ [18:40 16/09/2009]

C:\WINDOWS\System32\�ɚ - Unable to find folder.

========== file ==========

C:\WINDOWS\System32\�ɚ - Unable to find/read file.

-= EOF =-
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 27,295 posts.
  
Join Date: Mar 2001
Location: Bradford, England
12-Jul-2012, 02:10 PM #12
Yep, looks like it just needed to be started again, as that is indeed the log I wanted

Can you run a scan here:

Please go to here to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.



On a side note, since the Eset scanner is a 32-bit applcation, If you're running a 64-bit system you have to choose the 32-bit option in IE when running the scan
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
ryan41225's Avatar
Computer Specs
Member with 22 posts.
THREAD STARTER
  
Join Date: Jul 2012
Experience: Intermediate
13-Jul-2012, 02:35 PM #13
C:\Documents and Settings\sachin\My Documents\Downloads\winamp5623_full_emusic-7plus_en-us.exe Win32/OpenCandy application cleaned by deleting - quarantined
D:\Soft\Driver Reviver\DriverReviverSetup.exe a variant of Win32/RegistryReviver application cleaned by deleting - quarantined
D:\Soft\IObit Malware Fighter\imf-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
D:\Soft\Youtube Downloader\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 27,295 posts.
  
Join Date: Mar 2001
Location: Bradford, England
15-Jul-2012, 01:42 PM #14
Okay, can you re-run SystemLook as you did before, but with the following code and post the log it produces:

Code:
:filefind
*AVG
*Netmeter
*Iobit
:folderfind
*AVG
*Netmeter
*Iobit
ryan41225's Avatar
Computer Specs
Member with 22 posts.
THREAD STARTER
  
Join Date: Jul 2012
Experience: Intermediate
16-Jul-2012, 02:39 PM #15
SystemLook 30.07.11 by jpshortstuff
Log created at 00:07 on 17/07/2012 by sachin
Administrator - Elevation successful

========== filefind ==========

Searching for "*AVG"
No files found.

Searching for "*Netmeter"
No files found.

Searching for "*Iobit"
No files found.

========== folderfind ==========

Searching for "*AVG"
C:\WINDOWS\system32\drivers\AVG d------ [09:54 01/12/2010]

Searching for "*Netmeter"
C:\_OTL\MovedFiles\07102012_004552\D_Soft\NetMeter d------ [19:19 09/07/2012]
C:\_OTL\MovedFiles\07102012_004552\D_Soft\NetMeter\New Folder\NetMeter d------ [19:19 09/07/2012]

Searching for "*Iobit"
C:\_OTL\MovedFiles\07102012_004552\C_Documents and Settings\sachin\Application Data\IObit d------ [19:19 09/07/2012]

-= EOF =-
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 3 1 23
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

Tags
boot, rootkit, slow, startup, virus

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 05:53 PM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑