1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer booting slowly & suspicious behavior

Discussion in 'Virus & Other Malware Removal' started by ryan41225, Jul 2, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. ryan41225

    ryan41225 Thread Starter

    Joined:
    Jul 2, 2012
    Messages:
    22
    Ok, so until a couple of days back, all seemed pretty ok & then I felt the PC slowing down a bit, I didn't pay attention that time but in the morning it took ages to boot the PC, so I defragmented the drives, ran error-checks on disks, did a boot-scan with Avast, ran Malwarebytes & such, then there was an episode where all the text in all the windows was gone, be it Opera, Windows Explorer & so on, CPU running at full speed & everything, I tried to access Malwarebytes & got a message that system resources were insufficient (something like that), even Avast froze, I rebooted & ran Rkill, the only process it showed was Avast so I uninstalled it (re-installed now) & ran Malwarebytes (again), Spybot S&D, I already had Spywareblaster & Spyware Guard installed, then I downloaded, installed & scanned with Superantispyware, Panda AV, Sophos rootkit tool, Emsisoft Emergency Kit, a couple of them caught some stuff but they mostly seemed like false-positives because I could recognize most of them as gamebots but I deleted them anyway.

    Anyways, so PC still seems to work, it's not slow while working but the boot still takes 5-10 minutes, previously it was probably a minute or two; may be there are viruses or rootkits sitting in there :(

    Another thing I've noticed is that a CD icon has been appearing beside the pointer/cursor sometimes when waiting for something to happen, just like you know that hourglass appears beside the pointer/cursor; if I'm not mistaken, we get that CD icon while a CD is loading or something like that so I wonder why it has been appearing so frequently in the past couple of days despite the fact that I haven't been using any CDs :confused:

    Very grateful for this forum & all the help being offered. Thanks :)



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:15:27 AM, on 7/3/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    D:\Soft\Sandboxie\New Folder\SbieSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\runservice.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Soft\Sandboxie\New Folder\SandboxieRpcSs.exe
    D:\Soft\Sandboxie\New Folder\SbieCtrl.exe
    D:\Soft\Sandboxie\New Folder\SandboxieDcomLaunch.exe
    D:\Soft\Opera\New Folder\opera.exe
    C:\Documents and Settings\sachin\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - D:\Soft\KeyScrambler\New Folder\KeyScrambler\KeyScramblerIE.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Soft\SpywareGuard\New Folder\SpywareGuard\dlprotect.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Soft\SPYBOT~1\NEWFOL~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe] D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Soft\Spybot S & D\New Folder\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Soft\SuperAntiSpyware Free\New Folder\SUPERAntiSpyware.exe
    O4 - Startup: SpywareGuard.lnk = D:\Soft\SpywareGuard\New Folder\SpywareGuard\sgmain.exe
    O8 - Extra context menu item: Download with Mipony - file://D:\Soft\MP\New Folder\MiPony\Browser\IEContext.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: FVDIEPlugin Add Page - res://D:\Soft\FLASHD~1\NEWFOL~1\FVDIEP~1\FVDIEPlugin_1.dll/IECONTEXT.DLL.HTM
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Soft\Paltalk\New Folder\Paltalk.exe
    O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\Soft\KeyScrambler\New Folder\KeyScrambler\KeyScramblerIE.dll
    O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\Soft\KeyScrambler\New Folder\KeyScrambler\KeyScramblerIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Soft\SPYBOT~1\NEWFOL~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Soft\SPYBOT~1\NEWFOL~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1265444050937
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1265444034125
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A8B5D383-FAC6-4F31-A6EB-D5D28E835222}: NameServer = 156.154.70.22,156.154.71.22
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O20 - Winlogon Notify: !SASWinLogon - D:\Soft\SuperAntiSpyware Free\New Folder\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - D:\Soft\Sandboxie\New Folder\SbieSvc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 8982 bytes




    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by sachin at 1:26:42 on 2012-07-03
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.346 [GMT 5.5:30]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: COMODO Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    D:\Soft\Sandboxie\New Folder\SbieSvc.exe
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\runservice.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    D:\Soft\Sandboxie\New Folder\SandboxieRpcSs.exe
    D:\Soft\Sandboxie\New Folder\SbieCtrl.exe
    D:\Soft\Sandboxie\New Folder\SandboxieDcomLaunch.exe
    D:\Soft\Opera\New Folder\opera.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.in/
    mURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
    BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - d:\soft\keyscrambler\new folder\keyscrambler\KeyScramblerIE.dll
    BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - d:\soft\spywareguard\new folder\spywareguard\dlprotect.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\soft\spybot~1\newfol~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [d:\soft\netmeter\new folder\netmeter\netmeter.exe] d:\soft\netmeter\new folder\netmeter\NetMeter.exe
    uRun: [SpybotSD TeaTimer] d:\soft\spybot s & d\new folder\spybot - search & destroy\TeaTimer.exe
    uRun: [SUPERAntiSpyware] d:\soft\superantispyware free\new folder\SUPERAntiSpyware.exe
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [COMODO Internet Security] "d:\soft\comodo firewall\new folder\comodo\comodo internet security\cfp.exe" -h
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    StartupFolder: c:\docume~1\sachin\startm~1\programs\startup\spywar~1.lnk - d:\soft\spywareguard\new folder\spywareguard\sgmain.exe
    IE: Download with Mipony - file://d:\soft\mp\new folder\mipony\browser\IEContext.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: FVDIEPlugin Add Page - d:\soft\flashd~1\newfol~1\fvdiep~1\FVDIEPlugin_1.dll/IECONTEXT.DLL.HTM
    IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - d:\soft\paltalk\new folder\Paltalk.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - d:\soft\keyscrambler\new folder\keyscrambler\KeyScramblerIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\soft\spybot~1\newfol~1\spybot~1\SDHelper.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265444050937
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265444034125
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: Interfaces\{A8B5D383-FAC6-4F31-A6EB-D5D28E835222} : NameServer = 156.154.70.22,156.154.71.22
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: !SASWinLogon - d:\soft\superantispyware free\new folder\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    AppInit_DLLs: c:\windows\system32\guard32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - d:\soft\spywareguard\new folder\spywareguard\spywareguard.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\soft\superantispyware free\new folder\SASSEH.DLL
    mASetup: {0C0FC00D-7248-F10D-0103-060105070400} - c:\windows\system32\scvhost.exe
    mASetup: {9EC0745F-CAD3-628A-48E9-02B9AFEC8E74} - c:\windows\xplorer.exe ³¯ã¶ì²
    mASetup: {ED794CAD-FE87-2D78-DA3B-220B92CC9877} - c:\windows\system32\win32\svchost.exe s
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\sachin\application data\mozilla\firefox\profiles\2c7qxrgq.default\
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
    FF - plugin: d:\soft\divx 7\new folder\divx\divx player\npDivxPlayerPlugin.dll
    FF - plugin: d:\soft\quicktime\new folder\plugins\npqtplugin.dll
    FF - plugin: d:\soft\quicktime\new folder\plugins\npqtplugin2.dll
    FF - plugin: d:\soft\quicktime\new folder\plugins\npqtplugin3.dll
    FF - plugin: d:\soft\quicktime\new folder\plugins\npqtplugin4.dll
    FF - plugin: d:\soft\quicktime\new folder\plugins\npqtplugin5.dll
    FF - plugin: d:\soft\quicktime\new folder\plugins\npqtplugin6.dll
    FF - plugin: d:\soft\quicktime\new folder\plugins\npqtplugin7.dll
    FF - plugin: d:\soft\realalternative 2.2\new folder\real alternative\browser\plugins\nppl3260.dll
    FF - plugin: d:\soft\realalternative 2.2\new folder\real alternative\browser\plugins\nprpjplug.dll
    FF - plugin: d:\soft\vlc\new folder\vlc\npvlc.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-2 721000]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-2 353688]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 242600]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 29400]
    R1 SASDIFSV;SASDIFSV;d:\soft\superantispyware free\new folder\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;d:\soft\superantispyware free\new folder\SASKUTIL.SYS [2011-7-13 67664]
    R2 !SASCORE;SAS Core Service;d:\soft\superantispyware free\new folder\SASCore.exe [2011-8-12 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-2 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-2 44808]
    R2 cmdAgent;COMODO Internet Security Helper Service;d:\soft\comodo firewall\new folder\comodo\comodo internet security\cmdagent.exe [2011-6-30 1793712]
    R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2010-6-13 2560]
    R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-11-18 225592]
    R3 SbieDrv;SbieDrv;d:\soft\sandboxie\new folder\SbieDrv.sys [2011-10-12 131344]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-15 135664]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-13 257696]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-11-29 1691480]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-15 135664]
    S3 skbdrv;Encassa CoDefender;c:\windows\system32\drivers\skbdrv.sys --> c:\windows\system32\drivers\skbdrv.sys [?]
    S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-07-02 17:39:18 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-02 17:37:32 41224 ----a-w- c:\windows\avastSS.scr
    2012-07-02 17:36:55 -------- d-----w- c:\program files\AVAST Software
    2012-07-02 17:36:55 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2012-07-02 11:49:26 -------- d-----w- c:\documents and settings\sachin\local settings\application data\panda2_0dn
    2012-07-02 11:12:55 -------- d-----w- c:\documents and settings\all users\application data\Sophos
    2012-07-02 11:12:11 73728 ----a-r- c:\documents and settings\sachin\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-07-02 11:12:11 73728 ----a-r- c:\documents and settings\sachin\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-07-02 11:12:11 73728 ----a-r- c:\documents and settings\sachin\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
    2012-07-02 09:21:05 -------- d-----w- c:\documents and settings\sachin\application data\Panda Security
    2012-07-02 09:18:09 -------- d-----w- c:\program files\Panda Security
    2012-07-02 09:16:43 -------- d-----w- c:\documents and settings\all users\application data\Panda Security
    2012-07-02 07:56:40 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
    2012-07-02 05:55:01 -------- d-----w- c:\documents and settings\sachin\application data\SUPERAntiSpyware.com
    2012-07-02 05:53:04 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2012-06-30 14:23:19 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    2012-06-30 12:55:18 -------- d-----w- c:\windows\pss
    2012-06-30 08:26:44 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-06-30 08:26:44 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-06-30 08:19:36 -------- d-----w- c:\windows\Paltalk Messenger
    2012-06-14 05:17:35 -------- d-----w- c:\documents and settings\sachin\local settings\application data\APN
    .
    ==================== Find3M ====================
    .
    2012-07-02 19:09:13 833 --sha-w- c:\windows\system32\mmf.sys
    2012-06-02 09:49:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 09:49:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 09:49:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 09:49:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 09:49:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 09:48:58 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 09:48:58 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 09:48:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 13:27:44 1872128 ----a-w- c:\windows\system32\win32k.sys
    2012-05-13 04:02:40 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-13 04:02:40 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-04 13:24:46 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:41:08 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-08 11:34:32 833 --sha-w- c:\windows\system32\mmf(2)(14).sys
    2012-04-07 08:14:02 833 --sha-w- c:\windows\system32\mmf(2)(15).sys
    2012-04-07 05:28:35 833 --sha-w- c:\windows\system32\mmf(3)(9).sys
    2012-04-06 05:06:24 833 --sha-w- c:\windows\system32\mmf(4)(5).sys
    2012-04-05 04:58:57 833 --sha-w- c:\windows\system32\mmf(3)(8).sys
    2012-04-04 10:26:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 1:27:28.93 ===============





    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-03 02:18:33
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16 SAMSUNG_SP0822N rev.WA100-34
    Running: 7oqmz2h1.exe; Driver: C:\DOCUME~1\sachin\LOCALS~1\Temp\fwdcqpob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF27DF488]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF28887BA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xF27DFEA4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF281FB81]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF27EACCC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF27EAD18]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF27EAE9A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF281F535]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF27EAC3A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF27EAD5C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF27EAC82]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xF27E0098]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF27EAE54]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xF27E081C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF27DF4D6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF2820247]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF28204FD]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF27E3E88]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF28200B2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF281FF1D]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF288889E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF27DF13E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF27DF524]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF27E41FA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF27E11E4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF27EACF6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF27EAD3A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF27EAEBE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF281F891]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF27EAC60]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF27E39FE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF27EADDE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF27EACAA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF27E3C30]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF27EAE78]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF2888A1E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF281FD98]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF27E10B0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF281FBEA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xF27E0C5A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF2894338]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF281EBA8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF27DF572]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF27DF5C0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xF27E069C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF27DF1C8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF27DF378]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF282034E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF27DF31E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xF27E097E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xF27E0ADA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF27DF3E8]
    SSDT \??\D:\Soft\SuperAntiSpyware Free\New Folder\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF29EF640]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xF27E051C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF27DF60E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xF27DFEE8]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF28A0744]
    Code F7EC0C9C ZwRequestPort
    Code F7EC0D3C ZwRequestWaitReplyPort
    Code F7EC0BFC ZwTraceEvent
    Code F7EC0C9B NtRequestPort
    Code F7EC0D3B NtRequestWaitReplyPort
    Code F7EC0BFB NtTraceEvent
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution + 33A 804E4B94 4 Bytes JMP F0F281FB
    .text ntoskrnl.exe!ZwYieldExecution + 3C2 804E4C1C 12 Bytes [72, F5, 7D, F2, C0, F5, 7D, ...]
    .text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CC4 12 Bytes [7E, 09, 7E, F2, DA, 0A, 7E, ...]
    .text ntoskrnl.exe!ZwYieldExecution + 4CA 804E4D24 4 Bytes [E8, FE, 7D, F2]
    PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP F289F0FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B9F4 7 Bytes JMP F28A0748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ObMakeTemporaryObject 805DF6F6 5 Bytes JMP F289D61C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    ? C:\DOCUME~1\sachin\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[220] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[220] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[220] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[220] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[220] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[220] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[220] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[292] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[292] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[292] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[292] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[292] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[292] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[292] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[292] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[292] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[292] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[292] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\svchost.exe[292] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[292] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\svchost.exe[292] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\RTHDCPL.EXE[396] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\RTHDCPL.EXE[396] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\RTHDCPL.EXE[396] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\RTHDCPL.EXE[396] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\RTHDCPL.EXE[396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\RTHDCPL.EXE[396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\RTHDCPL.EXE[396] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\WINDOWS\RTHDCPL.EXE[396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\WINDOWS\RTHDCPL.EXE[396] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\RTHDCPL.EXE[396] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\RTHDCPL.EXE[396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\WINDOWS\RTHDCPL.EXE[396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\WINDOWS\RTHDCPL.EXE[396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\WINDOWS\RTHDCPL.EXE[396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\WINDOWS\RTHDCPL.EXE[396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\RTHDCPL.EXE[396] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\runservice.exe[420] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\runservice.exe[420] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\runservice.exe[420] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\runservice.exe[420] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\runservice.exe[420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\runservice.exe[420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\runservice.exe[420] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\runservice.exe[420] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\runservice.exe[420] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\runservice.exe[420] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[504] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[504] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[504] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[504] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[504] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[504] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[504] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[504] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[504] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE[548] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[664] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[664] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[664] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[664] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[664] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[664] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[664] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[664] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[664] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[664] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\PnkBstrA.exe[696] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\PnkBstrA.exe[696] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\PnkBstrA.exe[696] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\PnkBstrA.exe[696] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\PnkBstrA.exe[696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\PnkBstrA.exe[696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\PnkBstrA.exe[696] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\system32\PnkBstrA.exe[696] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\PnkBstrA.exe[696] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\PnkBstrA.exe[696] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[752] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[752] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\System32\smss.exe[764] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[784] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[784] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[784] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[784] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[784] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\ctfmon.exe[784] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\ctfmon.exe[784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\system32\ctfmon.exe[784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\system32\ctfmon.exe[784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\system32\ctfmon.exe[784] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\ctfmon.exe[784] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\ctfmon.exe[784] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[784] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[784] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] advapi32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe[808] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\csrss.exe[812] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[840] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[840] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[884] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[884] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10028AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[884] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 10028860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[884] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[884] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[884] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[884] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[884] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[884] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[884] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[896] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[896] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[896] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[896] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[896] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[896] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[896] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[896] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[896] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[896] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1072] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1072] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1072] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\Ati2evxx.exe[1072] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1072] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\system32\Ati2evxx.exe[1072] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1072] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1072] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1072] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1072] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1088] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1088] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1120] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1168] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1168] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe[1332] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005190B0 D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe[1332] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00531040 D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe[1332] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe[1332] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1368] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1368] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1368] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1368] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieSvc.exe[1416] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1500] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1500] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1500] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1500] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1500] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1500] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1604] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1604] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1704] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1704] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1704] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1796] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1796] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1796] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1936] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1936] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1936] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1936] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1936] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1936] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1936] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1936] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1936] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1936] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1996] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1996] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1996] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\Ati2evxx.exe[1996] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1996] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\system32\Ati2evxx.exe[1996] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1996] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1996] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1996] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\Ati2evxx.exe[1996] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2032] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2860] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2860] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2860] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\wscntfy.exe[2860] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2860] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\system32\wscntfy.exe[2860] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2860] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2860] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2860] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wscntfy.exe[2860] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe[3072] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3088] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3088] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3088] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3088] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3088] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3088] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\alg.exe[3088] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\alg.exe[3088] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\alg.exe[3088] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\alg.exe[3088] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\alg.exe[3088] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[3088] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\alg.exe[3088] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3088] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Sandboxie\New Folder\SbieCtrl.exe[3740] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ole32.dll!CoCreateInstanceEx 774FF17C 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3880] ole32.dll!CoGetClassObject 7751522D 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0074CB10 D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001601F8
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001603FC
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
    .text D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe[4008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
    Hiya and welcome to Tech Support Guy :)

    P2P Warning!

    • IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

      µTorrent

      Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
      Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

      I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

      Please read these short reports on the dangers of peer-2-peer programs and file sharing.

      I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

      If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.

    ----------------------------
    Now that's out of the way, lets get started :)

    Download Security Check from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan
    [​IMG]

    On completion of the scan click save log, save it to your desktop and post in your next reply
    [​IMG]


    --------------------

    Download the latest version of TDSSKiller from here and save it to your Desktop.


    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

      [​IMG]
    • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

      [​IMG]
    • Click the Start Scan button.

      [​IMG]
    • If a suspicious object is detected, the default action will be Skip, click on Continue.

      [​IMG]
    • If malicious objects are found, they will show in the Scan results and offer three (3) options.
    • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

      [​IMG]
    • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply


    eddie
     
  3. ryan41225

    ryan41225 Thread Starter

    Joined:
    Jul 2, 2012
    Messages:
    22
    Hi Eddie, nice meeting you :)

    About P2P, I use it very rarely & always make sure that I'm not accidentally sharing any sensitive data, & open the ports only when needed, not otherwise. Thanks for helping out here :)



    Results of screen317's Security Check version 0.99.42
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    AVG Anti-Virus Free Edition 2011
    avast! Antivirus
    Antivirus out of date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    SpywareBlaster 4.6
    SpywareGuard v2.2
    Spybot - Search & Destroy
    SUPERAntiSpyware
    Malwarebytes Anti-Malware version 1.61.0.1400
    CCleaner
    Java(TM) 6 Update 29
    Java version out of Date!
    Adobe Flash Player 11.2.202.235
    Mozilla Firefox 10.0.2 Firefox out of Date!
    Google Chrome 19.0.1084.56
    Google Chrome 20.0.1132.47
    ````````Process Check: objlist.exe by Laurent````````
    Comodo Firewall cmdagent.exe
    Comodo Firewall cfp.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 6%
    ````````````````````End of Log``````````````````````





    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-04 15:03:57
    -----------------------------
    15:03:57.265 OS Version: Windows 5.1.2600 Service Pack 3
    15:03:57.265 Number of processors: 2 586 0x409
    15:03:57.265 ComputerName: CHANGEME UserName: sachin
    15:04:03.171 Initialize success
    15:04:06.234 AVAST engine defs: 12070301
    15:04:46.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16
    15:04:46.609 Disk 0 Vendor: SAMSUNG_SP0822N WA100-34 Size: 76351MB BusType: 3
    15:04:46.640 Disk 0 MBR read successfully
    15:04:46.640 Disk 0 MBR scan
    15:04:46.656 Disk 0 Windows XP default MBR code
    15:04:46.656 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20002 MB offset 63
    15:04:46.734 Disk 0 Partition - 00 0F Extended LBA 56337 MB offset 40965750
    15:04:46.750 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 26340 MB offset 40965813
    15:04:46.750 Disk 0 Partition - 00 05 Extended 29996 MB offset 94912020
    15:04:46.765 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29996 MB offset 94912083
    15:04:46.781 Disk 0 scanning sectors +156344580
    15:04:46.828 Disk 0 scanning C:\WINDOWS\system32\drivers
    15:04:57.609 Service scanning
    15:05:12.359 Modules scanning
    15:05:44.562 Disk 0 trace - called modules:
    15:05:44.562 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    15:05:44.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86727ab8]
    15:05:44.578 3 CLASSPNP.SYS[f78a3fd7] -> nt!IofCallDriver -> \Device\00000073[0x8674b9e8]
    15:05:44.578 5 ACPI.sys[f781a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-16[0x86749d98]
    15:05:44.890 AVAST engine scan C:\WINDOWS
    15:05:50.531 AVAST engine scan C:\WINDOWS\system32
    15:08:44.656 AVAST engine scan C:\WINDOWS\system32\drivers
    15:08:57.625 AVAST engine scan C:\Documents and Settings\sachin
    15:11:25.312 AVAST engine scan C:\Documents and Settings\All Users
    15:12:38.453 Scan finished successfully
    15:13:36.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\sachin\Desktop\MBR.dat"
    15:13:36.156 The log file has been saved successfully to "C:\Documents and Settings\sachin\Desktop\aswMBR.txt"





    15:14:57.0078 2404 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
    15:14:59.0078 2404 ============================================================
    15:14:59.0078 2404 Current date / time: 2012/07/04 15:14:59.0078
    15:14:59.0078 2404 SystemInfo:
    15:14:59.0078 2404
    15:14:59.0078 2404 OS Version: 5.1.2600 ServicePack: 3.0
    15:14:59.0078 2404 Product type: Workstation
    15:14:59.0078 2404 ComputerName: CHANGEME
    15:14:59.0078 2404 UserName: sachin
    15:14:59.0078 2404 Windows directory: C:\WINDOWS
    15:14:59.0078 2404 System windows directory: C:\WINDOWS
    15:14:59.0078 2404 Processor architecture: Intel x86
    15:14:59.0078 2404 Number of processors: 2
    15:14:59.0078 2404 Page size: 0x1000
    15:14:59.0078 2404 Boot type: Normal boot
    15:14:59.0078 2404 ============================================================
    15:15:01.0406 2404 Drive \Device\Harddisk0\DR0 - Size: 0x12A3F92000 (74.56 Gb), SectorSize: 0x200, Cylinders: 0x2605, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    15:15:01.0406 2404 ============================================================
    15:15:01.0406 2404 \Device\Harddisk0\DR0:
    15:15:01.0406 2404 MBR partitions:
    15:15:01.0406 2404 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
    15:15:01.0421 2404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x337275F
    15:15:01.0453 2404 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5A83E53, BlocksNum 0x3A962B1
    15:15:01.0453 2404 ============================================================
    15:15:01.0515 2404 C: <-> \Device\Harddisk0\DR0\Partition0
    15:15:01.0609 2404 D: <-> \Device\Harddisk0\DR0\Partition1
    15:15:02.0406 2404 E: <-> \Device\Harddisk0\DR0\Partition2
    15:15:02.0421 2404 ============================================================
    15:15:02.0421 2404 Initialize success
    15:15:02.0421 2404 ============================================================
    15:15:23.0984 3652 ============================================================
    15:15:23.0984 3652 Scan started
    15:15:23.0984 3652 Mode: Manual; SigCheck; TDLFS;
    15:15:23.0984 3652 ============================================================
    15:15:24.0859 3652 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) D:\Soft\SuperAntiSpyware Free\New Folder\SASCORE.EXE
    15:15:25.0093 3652 !SASCORE - ok
    15:15:25.0265 3652 Aavmker4 (5803b5f166ee9865a3c763127dce02fd) C:\WINDOWS\system32\drivers\Aavmker4.sys
    15:15:25.0453 3652 Aavmker4 - ok
    15:15:25.0468 3652 Abiosdsk - ok
    15:15:25.0500 3652 abp480n5 - ok
    15:15:25.0562 3652 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    15:15:26.0437 3652 ACPI - ok
    15:15:26.0484 3652 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    15:15:26.0671 3652 ACPIEC - ok
    15:15:26.0796 3652 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    15:15:26.0906 3652 AdobeFlashPlayerUpdateSvc - ok
    15:15:26.0921 3652 adpu160m - ok
    15:15:26.0968 3652 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    15:15:27.0187 3652 aec - ok
    15:15:27.0234 3652 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    15:15:27.0328 3652 AFD - ok
    15:15:27.0343 3652 Aha154x - ok
    15:15:27.0359 3652 aic78u2 - ok
    15:15:27.0390 3652 aic78xx - ok
    15:15:27.0421 3652 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    15:15:27.0640 3652 Alerter - ok
    15:15:27.0671 3652 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    15:15:27.0765 3652 ALG - ok
    15:15:27.0781 3652 AliIde - ok
    15:15:28.0015 3652 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
    15:15:28.0234 3652 Ambfilt - ok
    15:15:28.0312 3652 amsint - ok
    15:15:28.0359 3652 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    15:15:28.0468 3652 AppMgmt - ok
    15:15:28.0484 3652 asc - ok
    15:15:28.0515 3652 asc3350p - ok
    15:15:28.0531 3652 asc3550 - ok
    15:15:28.0609 3652 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    15:15:28.0640 3652 aspnet_state - ok
    15:15:28.0671 3652 aswFsBlk (5679eaf49f7e2a93ceadcf0aaf6fa3a3) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    15:15:28.0703 3652 aswFsBlk - ok
    15:15:28.0734 3652 aswMon2 (61c194bc48521cb55be2763a33f77d44) C:\WINDOWS\system32\drivers\aswMon2.sys
    15:15:28.0765 3652 aswMon2 - ok
    15:15:28.0781 3652 AswRdr (b221d97841c02ae79ec5c56172724f5c) C:\WINDOWS\system32\drivers\AswRdr.sys
    15:15:28.0812 3652 AswRdr - ok
    15:15:28.0906 3652 aswSnx (1aee85af4b664ea9e22ebe41e8f96571) C:\WINDOWS\system32\drivers\aswSnx.sys
    15:15:29.0000 3652 aswSnx - ok
    15:15:29.0078 3652 aswSP (3c9d1aeb0fafa8493335503ebee9a301) C:\WINDOWS\system32\drivers\aswSP.sys
    15:15:29.0140 3652 aswSP - ok
    15:15:29.0156 3652 aswTdi (74f58f4adafaf50b9a09cb6e17b4ee49) C:\WINDOWS\system32\drivers\aswTdi.sys
    15:15:29.0203 3652 aswTdi - ok
    15:15:29.0234 3652 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    15:15:29.0437 3652 AsyncMac - ok
    15:15:29.0484 3652 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    15:15:29.0703 3652 atapi - ok
    15:15:29.0718 3652 Atdisk - ok
    15:15:29.0781 3652 Ati HotKey Poller (60d2d92bd2390c50bce4106113f8b83b) C:\WINDOWS\system32\Ati2evxx.exe
    15:15:29.0875 3652 Ati HotKey Poller - ok
    15:15:29.0968 3652 ATI Smart (da05c02074349afe712042f52fec3436) C:\WINDOWS\system32\ati2sgag.exe
    15:15:30.0046 3652 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
    15:15:30.0046 3652 ATI Smart - detected UnsignedFile.Multi.Generic (1)
    15:15:30.0218 3652 ati2mtag (1bc00580219007683339b3a78b8f2232) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    15:15:30.0390 3652 ati2mtag - ok
    15:15:30.0437 3652 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    15:15:30.0640 3652 Atmarpc - ok
    15:15:30.0671 3652 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    15:15:30.0890 3652 AudioSrv - ok
    15:15:30.0921 3652 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    15:15:31.0140 3652 audstub - ok
    15:15:31.0218 3652 avast! Antivirus (b31f785751157aa8e2a33ea1cb4dc5be) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    15:15:31.0250 3652 avast! Antivirus - ok
    15:15:31.0281 3652 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    15:15:31.0312 3652 AVGIDSDriver - ok
    15:15:31.0343 3652 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    15:15:31.0375 3652 AVGIDSEH - ok
    15:15:31.0390 3652 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    15:15:31.0421 3652 AVGIDSFilter - ok
    15:15:31.0437 3652 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    15:15:31.0484 3652 AVGIDSShim - ok
    15:15:31.0531 3652 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    15:15:31.0562 3652 Avgldx86 - ok
    15:15:31.0578 3652 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    15:15:31.0609 3652 Avgmfx86 - ok
    15:15:31.0640 3652 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    15:15:31.0671 3652 Avgrkx86 - ok
    15:15:31.0734 3652 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    15:15:31.0765 3652 Avgtdix - ok
    15:15:31.0812 3652 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    15:15:32.0031 3652 Beep - ok
    15:15:32.0109 3652 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    15:15:32.0375 3652 BITS - ok
    15:15:32.0421 3652 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    15:15:32.0656 3652 Browser - ok
    15:15:32.0671 3652 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    15:15:32.0890 3652 cbidf2k - ok
    15:15:32.0906 3652 cd20xrnt - ok
    15:15:32.0953 3652 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    15:15:33.0156 3652 Cdaudio - ok
    15:15:33.0203 3652 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    15:15:33.0437 3652 Cdfs - ok
    15:15:33.0468 3652 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    15:15:33.0687 3652 Cdrom - ok
    15:15:33.0703 3652 Changer - ok
    15:15:33.0734 3652 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    15:15:33.0937 3652 CiSvc - ok
    15:15:33.0968 3652 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    15:15:34.0171 3652 ClipSrv - ok
    15:15:34.0234 3652 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:15:34.0265 3652 clr_optimization_v2.0.50727_32 - ok
    15:15:34.0343 3652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    15:15:34.0375 3652 clr_optimization_v4.0.30319_32 - ok
    15:15:34.0640 3652 cmdAgent (43f37e8f60f3677e84c6afc70c784afd) D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe
    15:15:34.0828 3652 cmdAgent - ok
    15:15:34.0890 3652 cmdGuard (251f906328af49e7927a1ad12b543a2f) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
    15:15:34.0937 3652 cmdGuard - ok
    15:15:34.0953 3652 cmdHlp (207f06d08afcdd3bbc801eab1a845cfb) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
    15:15:34.0984 3652 cmdHlp - ok
    15:15:35.0000 3652 CmdIde - ok
    15:15:35.0015 3652 COMSysApp - ok
    15:15:35.0046 3652 Cpqarray - ok
    15:15:35.0125 3652 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
    15:15:35.0140 3652 cpudrv - ok
    15:15:35.0187 3652 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    15:15:35.0390 3652 CryptSvc - ok
    15:15:35.0406 3652 dac2w2k - ok
    15:15:35.0421 3652 dac960nt - ok
    15:15:35.0500 3652 DcomLaunch (9222562d44021b988b9f9f62207fb6f2) C:\WINDOWS\system32\rpcss.dll
    15:15:35.0609 3652 DcomLaunch - ok
    15:15:35.0656 3652 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    15:15:35.0875 3652 Dhcp - ok
    15:15:35.0906 3652 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    15:15:36.0125 3652 Disk - ok
    15:15:36.0140 3652 dmadmin - ok
    15:15:36.0265 3652 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    15:15:36.0562 3652 dmboot - ok
    15:15:36.0593 3652 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    15:15:36.0812 3652 dmio - ok
    15:15:36.0843 3652 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    15:15:37.0062 3652 dmload - ok
    15:15:37.0078 3652 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    15:15:37.0328 3652 dmserver - ok
    15:15:37.0359 3652 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    15:15:37.0593 3652 DMusic - ok
    15:15:37.0625 3652 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    15:15:37.0703 3652 Dnscache - ok
    15:15:37.0750 3652 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    15:15:37.0937 3652 Dot3svc - ok
    15:15:37.0953 3652 dpti2o - ok
    15:15:38.0000 3652 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    15:15:38.0203 3652 drmkaud - ok
    15:15:38.0234 3652 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    15:15:38.0437 3652 EapHost - ok
    15:15:38.0453 3652 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    15:15:38.0687 3652 ERSvc - ok
    15:15:38.0734 3652 Eventlog (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe
    15:15:38.0781 3652 Eventlog - ok
    15:15:38.0828 3652 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    15:15:38.0890 3652 EventSystem - ok
    15:15:38.0921 3652 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    15:15:39.0125 3652 Fastfat - ok
    15:15:39.0171 3652 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    15:15:39.0281 3652 FastUserSwitchingCompatibility - ok
    15:15:39.0312 3652 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    15:15:39.0546 3652 Fdc - ok
    15:15:39.0562 3652 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    15:15:39.0796 3652 Fips - ok
    15:15:39.0828 3652 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    15:15:40.0031 3652 Flpydisk - ok
    15:15:40.0078 3652 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    15:15:40.0296 3652 FltMgr - ok
    15:15:40.0375 3652 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    15:15:40.0390 3652 FontCache3.0.0.0 - ok
    15:15:40.0421 3652 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    15:15:40.0640 3652 Fs_Rec - ok
    15:15:40.0687 3652 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    15:15:40.0906 3652 Ftdisk - ok
    15:15:40.0953 3652 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    15:15:41.0171 3652 Gpc - ok
    15:15:41.0281 3652 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    15:15:41.0312 3652 gupdate - ok
    15:15:41.0312 3652 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    15:15:41.0343 3652 gupdatem - ok
    15:15:41.0390 3652 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    15:15:41.0609 3652 HDAudBus - ok
    15:15:41.0671 3652 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    15:15:41.0906 3652 helpsvc - ok
    15:15:41.0921 3652 HidServ - ok
    15:15:41.0953 3652 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    15:15:42.0171 3652 hkmsvc - ok
    15:15:42.0171 3652 hpn - ok
    15:15:42.0234 3652 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    15:15:42.0296 3652 HTTP - ok
    15:15:42.0328 3652 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    15:15:42.0578 3652 HTTPFilter - ok
    15:15:42.0593 3652 i2omgmt - ok
    15:15:42.0609 3652 i2omp - ok
    15:15:42.0656 3652 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    15:15:42.0875 3652 i8042prt - ok
    15:15:43.0031 3652 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    15:15:43.0156 3652 idsvc - ok
    15:15:43.0187 3652 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    15:15:43.0406 3652 Imapi - ok
    15:15:43.0453 3652 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    15:15:43.0656 3652 ImapiService - ok
    15:15:43.0671 3652 ini910u - ok
    15:15:43.0734 3652 Inspect (c9953067b2c9e3d3dd44ec22d1e0815a) C:\WINDOWS\system32\DRIVERS\inspect.sys
    15:15:43.0765 3652 Inspect - ok
    15:15:44.0515 3652 IntcAzAudAddService (eeb7cc255dd3358215c706f6b8c6dd7f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    15:15:45.0171 3652 IntcAzAudAddService - ok
    15:15:45.0250 3652 IntelIde - ok
    15:15:45.0296 3652 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    15:15:45.0515 3652 intelppm - ok
    15:15:45.0546 3652 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    15:15:45.0765 3652 Ip6Fw - ok
    15:15:45.0812 3652 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    15:15:46.0031 3652 IpFilterDriver - ok
    15:15:46.0062 3652 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    15:15:46.0265 3652 IpInIp - ok
    15:15:46.0296 3652 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    15:15:46.0515 3652 IpNat - ok
    15:15:46.0546 3652 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    15:15:46.0781 3652 IPSec - ok
    15:15:46.0812 3652 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    15:15:46.0906 3652 IRENUM - ok
    15:15:46.0953 3652 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    15:15:47.0140 3652 isapnp - ok
    15:15:47.0281 3652 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
    15:15:47.0312 3652 JavaQuickStarterService - ok
    15:15:47.0343 3652 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    15:15:47.0578 3652 Kbdclass - ok
    15:15:47.0640 3652 KeyScrambler (c719c729ce65aad98d550458220b6d15) C:\WINDOWS\system32\drivers\keyscrambler.sys
    15:15:47.0687 3652 KeyScrambler - ok
    15:15:47.0734 3652 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    15:15:47.0937 3652 kmixer - ok
    15:15:47.0984 3652 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
    15:15:48.0062 3652 KSecDD - ok
    15:15:48.0109 3652 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    15:15:48.0171 3652 LanmanServer - ok
    15:15:48.0218 3652 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    15:15:48.0312 3652 lanmanworkstation - ok
    15:15:48.0328 3652 lbrtfdc - ok
    15:15:48.0375 3652 LicCtrlService (29fab5363138f6e322f4cd780ed9d337) C:\WINDOWS\runservice.exe
    15:15:48.0703 3652 LicCtrlService ( UnsignedFile.Multi.Generic ) - warning
    15:15:48.0703 3652 LicCtrlService - detected UnsignedFile.Multi.Generic (1)
    15:15:48.0750 3652 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    15:15:48.0953 3652 LmHosts - ok
    15:15:48.0953 3652 mcdbus - ok
    15:15:49.0000 3652 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    15:15:49.0234 3652 Messenger - ok
    15:15:49.0296 3652 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    15:15:49.0328 3652 Microsoft Office Groove Audit Service - ok
    15:15:49.0375 3652 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    15:15:49.0593 3652 mnmdd - ok
    15:15:49.0625 3652 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    15:15:49.0828 3652 mnmsrvc - ok
    15:15:49.0859 3652 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    15:15:50.0062 3652 Modem - ok
    15:15:50.0250 3652 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
    15:15:50.0421 3652 Monfilt - ok
    15:15:50.0468 3652 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    15:15:50.0687 3652 Mouclass - ok
    15:15:50.0718 3652 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    15:15:50.0953 3652 MountMgr - ok
    15:15:50.0968 3652 mraid35x - ok
    15:15:51.0015 3652 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    15:15:51.0203 3652 MRxDAV - ok
    15:15:51.0281 3652 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    15:15:51.0375 3652 MRxSmb - ok
    15:15:51.0406 3652 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    15:15:51.0625 3652 MSDTC - ok
    15:15:51.0671 3652 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    15:15:51.0921 3652 Msfs - ok
    15:15:51.0921 3652 MSIServer - ok
    15:15:51.0968 3652 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    15:15:52.0140 3652 MSKSSRV - ok
    15:15:52.0171 3652 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    15:15:52.0375 3652 MSPCLOCK - ok
    15:15:52.0390 3652 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    15:15:52.0609 3652 MSPQM - ok
    15:15:52.0656 3652 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    15:15:52.0859 3652 mssmbios - ok
    15:15:52.0906 3652 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    15:15:52.0984 3652 Mup - ok
    15:15:53.0046 3652 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    15:15:53.0250 3652 napagent - ok
    15:15:53.0296 3652 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    15:15:53.0531 3652 NDIS - ok
    15:15:53.0562 3652 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    15:15:53.0640 3652 NdisTapi - ok
    15:15:53.0671 3652 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    15:15:53.0906 3652 Ndisuio - ok
    15:15:53.0937 3652 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    15:15:54.0125 3652 NdisWan - ok
    15:15:54.0171 3652 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    15:15:54.0250 3652 NDProxy - ok
    15:15:54.0281 3652 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    15:15:54.0484 3652 NetBIOS - ok
    15:15:54.0531 3652 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    15:15:54.0750 3652 NetBT - ok
    15:15:54.0781 3652 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    15:15:55.0015 3652 NetDDE - ok
    15:15:55.0031 3652 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    15:15:55.0234 3652 NetDDEdsdm - ok
    15:15:55.0281 3652 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    15:15:55.0500 3652 Netlogon - ok
    15:15:55.0546 3652 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    15:15:55.0750 3652 Netman - ok
    15:15:55.0828 3652 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    15:15:55.0859 3652 NetTcpPortSharing - ok
    15:15:55.0921 3652 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    15:15:55.0984 3652 Nla - ok
    15:15:56.0015 3652 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    15:15:56.0203 3652 Npfs - ok
    15:15:56.0296 3652 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    15:15:56.0578 3652 Ntfs - ok
    15:15:56.0593 3652 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    15:15:56.0812 3652 NtLmSsp - ok
    15:15:56.0890 3652 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    15:15:57.0109 3652 NtmsSvc - ok
    15:15:57.0140 3652 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    15:15:57.0359 3652 Null - ok
    15:15:57.0390 3652 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    15:15:57.0578 3652 NwlnkFlt - ok
    15:15:57.0609 3652 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    15:15:57.0812 3652 NwlnkFwd - ok
    15:15:57.0937 3652 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    15:15:58.0015 3652 odserv - ok
    15:15:58.0062 3652 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    15:15:58.0093 3652 ose - ok
    15:15:58.0125 3652 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    15:15:58.0343 3652 Parport - ok
    15:15:58.0359 3652 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    15:15:58.0593 3652 PartMgr - ok
    15:15:58.0640 3652 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    15:15:58.0828 3652 ParVdm - ok
    15:15:58.0859 3652 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    15:15:59.0062 3652 PCI - ok
    15:15:59.0078 3652 PCIDump - ok
    15:15:59.0109 3652 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    15:15:59.0312 3652 PCIIde - ok
    15:15:59.0343 3652 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    15:15:59.0578 3652 Pcmcia - ok
    15:15:59.0593 3652 PDCOMP - ok
    15:15:59.0609 3652 PDFRAME - ok
    15:15:59.0625 3652 PDRELI - ok
    15:15:59.0640 3652 PDRFRAME - ok
    15:15:59.0671 3652 perc2 - ok
    15:15:59.0687 3652 perc2hib - ok
    15:15:59.0765 3652 PlugPlay (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe
    15:15:59.0796 3652 PlugPlay - ok
    15:15:59.0843 3652 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\WINDOWS\system32\PnkBstrA.exe
    15:15:59.0875 3652 PnkBstrA - ok
    15:15:59.0906 3652 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    15:16:00.0093 3652 PolicyAgent - ok
    15:16:00.0125 3652 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    15:16:00.0343 3652 PptpMiniport - ok
    15:16:00.0359 3652 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    15:16:00.0578 3652 ProtectedStorage - ok
    15:16:00.0593 3652 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    15:16:00.0796 3652 PSched - ok
    15:16:00.0828 3652 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    15:16:01.0078 3652 Ptilink - ok
    15:16:01.0109 3652 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    15:16:01.0140 3652 PxHelp20 - ok
    15:16:01.0140 3652 ql1080 - ok
    15:16:01.0171 3652 Ql10wnt - ok
    15:16:01.0187 3652 ql12160 - ok
    15:16:01.0203 3652 ql1240 - ok
    15:16:01.0218 3652 ql1280 - ok
    15:16:01.0250 3652 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    15:16:01.0406 3652 RasAcd - ok
    15:16:01.0453 3652 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    15:16:01.0656 3652 RasAuto - ok
    15:16:01.0687 3652 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    15:16:01.0906 3652 Rasl2tp - ok
    15:16:01.0953 3652 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    15:16:02.0140 3652 RasMan - ok
    15:16:02.0156 3652 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    15:16:02.0375 3652 RasPppoe - ok
    15:16:02.0406 3652 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    15:16:02.0609 3652 Raspti - ok
    15:16:02.0671 3652 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    15:16:02.0859 3652 Rdbss - ok
    15:16:02.0875 3652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    15:16:03.0125 3652 RDPCDD - ok
    15:16:03.0187 3652 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    15:16:03.0375 3652 rdpdr - ok
    15:16:03.0437 3652 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
    15:16:03.0531 3652 RDPWD - ok
    15:16:03.0562 3652 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    15:16:03.0781 3652 RDSessMgr - ok
    15:16:03.0828 3652 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    15:16:04.0046 3652 redbook - ok
    15:16:04.0078 3652 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    15:16:04.0281 3652 RemoteAccess - ok
    15:16:04.0312 3652 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    15:16:04.0546 3652 RemoteRegistry - ok
    15:16:04.0578 3652 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    15:16:04.0765 3652 RpcLocator - ok
    15:16:04.0812 3652 RpcSs (9222562d44021b988b9f9f62207fb6f2) C:\WINDOWS\system32\rpcss.dll
    15:16:04.0890 3652 RpcSs - ok
    15:16:04.0937 3652 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    15:16:05.0187 3652 RSVP - ok
    15:16:05.0234 3652 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
    15:16:05.0375 3652 RTL8023xp - ok
    15:16:05.0390 3652 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    15:16:05.0578 3652 rtl8139 - ok
    15:16:05.0609 3652 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    15:16:05.0828 3652 SamSs - ok
    15:16:05.0859 3652 SASDIFSV (39763504067962108505bff25f024345) D:\Soft\SuperAntiSpyware Free\New Folder\SASDIFSV.SYS
    15:16:05.0875 3652 SASDIFSV - ok
    15:16:05.0937 3652 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) D:\Soft\SuperAntiSpyware Free\New Folder\SASKUTIL.SYS
    15:16:06.0000 3652 SASKUTIL - ok
    15:16:06.0078 3652 SbieDrv (1a62c808cda47b11005b77ee15e40483) D:\Soft\Sandboxie\New Folder\SbieDrv.sys
    15:16:06.0109 3652 SbieDrv - ok
    15:16:06.0140 3652 SbieSvc (bbc0a1a0ba299c595305316952b94d46) D:\Soft\Sandboxie\New Folder\SbieSvc.exe
    15:16:06.0171 3652 SbieSvc - ok
    15:16:06.0218 3652 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    15:16:06.0406 3652 SCardSvr - ok
    15:16:06.0453 3652 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    15:16:06.0671 3652 Schedule - ok
    15:16:06.0687 3652 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    15:16:06.0781 3652 Secdrv - ok
    15:16:06.0812 3652 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    15:16:07.0000 3652 seclogon - ok
    15:16:07.0015 3652 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    15:16:07.0281 3652 SENS - ok
    15:16:07.0296 3652 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    15:16:07.0500 3652 serenum - ok
    15:16:07.0531 3652 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    15:16:07.0750 3652 Serial - ok
    15:16:07.0812 3652 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    15:16:08.0000 3652 Sfloppy - ok
    15:16:08.0062 3652 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    15:16:08.0296 3652 SharedAccess - ok
    15:16:08.0328 3652 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    15:16:08.0375 3652 ShellHWDetection - ok
    15:16:08.0390 3652 Simbad - ok
    15:16:08.0406 3652 skbdrv - ok
    15:16:08.0437 3652 Sparrow - ok
    15:16:08.0484 3652 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    15:16:08.0703 3652 splitter - ok
    15:16:08.0734 3652 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    15:16:08.0796 3652 Spooler - ok
    15:16:08.0843 3652 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    15:16:08.0953 3652 sr - ok
    15:16:08.0984 3652 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    15:16:09.0078 3652 srservice - ok
    15:16:09.0140 3652 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    15:16:09.0234 3652 Srv - ok
    15:16:09.0281 3652 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    15:16:09.0390 3652 SSDPSRV - ok
    15:16:09.0453 3652 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    15:16:09.0640 3652 stisvc - ok
    15:16:09.0671 3652 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    15:16:09.0906 3652 swenum - ok
    15:16:09.0953 3652 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    15:16:10.0187 3652 swmidi - ok
    15:16:10.0187 3652 SwPrv - ok
    15:16:10.0218 3652 symc810 - ok
    15:16:10.0234 3652 symc8xx - ok
    15:16:10.0250 3652 sym_hi - ok
    15:16:10.0265 3652 sym_u3 - ok
    15:16:10.0312 3652 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    15:16:10.0515 3652 sysaudio - ok
    15:16:10.0562 3652 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    15:16:10.0765 3652 SysmonLog - ok
    15:16:10.0796 3652 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
    15:16:10.0828 3652 taphss - ok
    15:16:10.0875 3652 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    15:16:11.0093 3652 TapiSrv - ok
    15:16:11.0156 3652 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    15:16:11.0234 3652 Tcpip - ok
    15:16:11.0281 3652 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    15:16:11.0500 3652 TDPIPE - ok
    15:16:11.0515 3652 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    15:16:11.0718 3652 TDTCP - ok
    15:16:11.0750 3652 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    15:16:11.0921 3652 TermDD - ok
    15:16:11.0984 3652 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    15:16:12.0203 3652 TermService - ok
    15:16:12.0218 3652 TfFsMon - ok
    15:16:12.0234 3652 TfNetMon - ok
    15:16:12.0250 3652 TfSysMon - ok
    15:16:12.0296 3652 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    15:16:12.0343 3652 Themes - ok
    15:16:12.0390 3652 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    15:16:12.0484 3652 TlntSvr - ok
    15:16:12.0500 3652 TosIde - ok
    15:16:12.0531 3652 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    15:16:12.0750 3652 TrkWks - ok
    15:16:12.0781 3652 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    15:16:13.0000 3652 Udfs - ok
    15:16:13.0015 3652 ultra - ok
    15:16:13.0093 3652 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    15:16:13.0328 3652 Update - ok
    15:16:13.0375 3652 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    15:16:13.0484 3652 upnphost - ok
    15:16:13.0515 3652 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    15:16:13.0718 3652 UPS - ok
    15:16:13.0765 3652 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    15:16:13.0921 3652 usbehci - ok
    15:16:13.0953 3652 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    15:16:14.0156 3652 usbhub - ok
    15:16:14.0187 3652 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    15:16:14.0390 3652 usbohci - ok
    15:16:14.0421 3652 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    15:16:14.0640 3652 USBSTOR - ok
    15:16:14.0687 3652 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    15:16:14.0859 3652 VgaSave - ok
    15:16:14.0875 3652 ViaIde - ok
    15:16:14.0921 3652 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    15:16:15.0171 3652 VolSnap - ok
    15:16:15.0218 3652 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    15:16:15.0343 3652 VSS - ok
    15:16:15.0390 3652 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    15:16:15.0593 3652 W32Time - ok
    15:16:15.0625 3652 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    15:16:15.0859 3652 Wanarp - ok
    15:16:15.0984 3652 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
    15:16:16.0062 3652 Wdf01000 - ok
    15:16:16.0078 3652 WDICA - ok
    15:16:16.0125 3652 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    15:16:16.0328 3652 wdmaud - ok
    15:16:16.0359 3652 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    15:16:16.0578 3652 WebClient - ok
    15:16:16.0656 3652 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    15:16:16.0843 3652 winmgmt - ok
    15:16:16.0906 3652 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    15:16:17.0000 3652 WmdmPmSN - ok
    15:16:17.0093 3652 Wmi (c8a6c82f90b055149925dc7526b2d78c) C:\WINDOWS\System32\advapi32.dll
    15:16:17.0203 3652 Wmi - ok
    15:16:17.0265 3652 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    15:16:17.0468 3652 WmiApSrv - ok
    15:16:17.0625 3652 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
    15:16:17.0765 3652 WMPNetworkSvc - ok
    15:16:17.0828 3652 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    15:16:17.0875 3652 WpdUsb - ok
    15:16:18.0062 3652 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    15:16:18.0156 3652 WPFFontCache_v0400 - ok
    15:16:18.0203 3652 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    15:16:18.0390 3652 WS2IFSL - ok
    15:16:18.0437 3652 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
    15:16:18.0640 3652 wscsvc - ok
    15:16:18.0671 3652 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    15:16:18.0906 3652 wuauserv - ok
    15:16:18.0953 3652 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    15:16:19.0015 3652 WudfPf - ok
    15:16:19.0046 3652 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    15:16:19.0093 3652 WudfRd - ok
    15:16:19.0125 3652 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    15:16:19.0171 3652 WudfSvc - ok
    15:16:19.0265 3652 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    15:16:19.0500 3652 WZCSVC - ok
    15:16:19.0531 3652 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    15:16:19.0765 3652 xmlprov - ok
    15:16:19.0906 3652 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    15:16:19.0984 3652 YahooAUService - ok
    15:16:20.0031 3652 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    15:16:20.0578 3652 \Device\Harddisk0\DR0 - ok
    15:16:20.0578 3652 Boot (0x1200) (04f984d9cdf1dc835f5d18363656bc5f) \Device\Harddisk0\DR0\Partition0
    15:16:20.0578 3652 \Device\Harddisk0\DR0\Partition0 - ok
    15:16:20.0625 3652 Boot (0x1200) (d3727f0cd59520205c6c1c0ee1361e4c) \Device\Harddisk0\DR0\Partition1
    15:16:20.0625 3652 \Device\Harddisk0\DR0\Partition1 - ok
    15:16:20.0640 3652 Boot (0x1200) (a32971bf56aa47892367364b4bd0d077) \Device\Harddisk0\DR0\Partition2
    15:16:20.0640 3652 \Device\Harddisk0\DR0\Partition2 - ok
    15:16:20.0640 3652 ============================================================
    15:16:20.0640 3652 Scan finished
    15:16:20.0640 3652 ============================================================
    15:16:20.0781 2680 Detected object count: 2
    15:16:20.0781 2680 Actual detected object count: 2
    15:17:01.0921 2680 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
    15:17:01.0921 2680 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:17:01.0937 2680 LicCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
    15:17:01.0937 2680 LicCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    15:18:28.0859 3356 Deinitialize success
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
    Okay, but as long as you don't use it whilst we're clearing the malware out, then that's fine :)

    Now, you have two antivirus's running. Whilst it may seem a good idea for double the protection, this can slow systems down, and give conflicting results. I would advise you to get rid of one. I prefer Avast over AVG myself, but its entirely up to you.

    Also, unless its the paid version of Spybot, I would remove this, as there are other programs that are more up to date (MBAM for example), and you do have SpywareBlaster/Guard running.

    -------

    Your Java is out of date, so lets get that sorted next:


    Upgrade Java : (32 bits)
    • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 5 .
    • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
    • Accept License Agreement.[/b]".
    • Click on the link to download Windows Offline Installation 32 bit ( jre-7u5-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u5-windows-i586.exe and select "Run as an Administrator.")



    After doing the above, for the remains of the Java, can you do this:

    Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

    Make sure both of these options are checked:

    • Applications and Applets
    • Trace and Log Files
    OK out of all the screens. :)

    ------

    Plus, your Firefox needs updating. To do that, open Firefox as normal, then at the top in the menu's, select Help and then About Firefox. This will say its updating ;)


    ------------

    Delete any copies of Combofix that you have.

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    eddie
     
  5. ryan41225

    ryan41225 Thread Starter

    Joined:
    Jul 2, 2012
    Messages:
    22
    I only have Avast installed but as you would likely know, AVG is quite clingy so even though it was uninstalled ages ago, some of its remnants are still on the system, that's why it is showing up in the logs.

    I had Spybot mainly for its TeaTimer as additional active-protection but it has been uninstalled nonetheless.

    New versions of Firefox & Java have been installed.





    ComboFix 12-07-04.04 - sachin 07/05/2012 2:21.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.428 [GMT 5.5:30]
    Running from: c:\documents and settings\sachin\Desktop\username123.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\00000001.exe
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\sachin\My Documents\~WRL3991.tmp
    c:\windows\system\WING32.DLL
    c:\windows\system32\_000006_.tmp.dll
    c:\windows\system32\win32
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-04 18:21 . 2012-07-04 18:21 -------- d-----w- c:\documents and settings\sachin\Local Settings\Application Data\Sun
    2012-07-04 18:16 . 2012-07-04 18:16 -------- d--h--w- c:\windows\PIF
    2012-07-04 15:38 . 2012-07-04 15:38 -------- d-----w- c:\program files\Common Files\Java
    2012-07-04 15:37 . 2012-07-04 15:36 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-07-04 15:37 . 2012-07-04 15:36 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-07-04 14:59 . 2012-07-04 14:59 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-07-02 17:39 . 2012-06-28 12:52 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-07-02 17:39 . 2012-06-28 12:52 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-07-02 17:39 . 2012-06-28 12:52 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-07-02 17:39 . 2012-06-28 12:52 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-07-02 17:39 . 2012-06-28 12:52 97352 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-07-02 17:39 . 2012-06-28 12:52 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-07-02 17:39 . 2012-06-28 12:52 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-02 17:39 . 2012-06-28 12:52 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-07-02 17:37 . 2012-06-28 12:52 41224 ----a-w- c:\windows\avastSS.scr
    2012-07-02 17:37 . 2012-06-28 12:51 227648 ----a-w- c:\windows\system32\aswBoot.exe
    2012-07-02 17:36 . 2012-07-02 17:36 -------- d-----w- c:\program files\AVAST Software
    2012-07-02 17:36 . 2012-07-02 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2012-07-02 11:49 . 2012-07-02 11:49 -------- d-----w- c:\documents and settings\sachin\Local Settings\Application Data\panda2_0dn
    2012-07-02 11:12 . 2012-07-02 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
    2012-07-02 11:12 . 2012-07-02 11:12 73728 ----a-r- c:\documents and settings\sachin\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-07-02 11:12 . 2012-07-02 11:12 73728 ----a-r- c:\documents and settings\sachin\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-07-02 11:12 . 2012-07-02 11:12 73728 ----a-r- c:\documents and settings\sachin\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
    2012-07-02 10:39 . 2012-07-02 10:39 -------- d-----w- c:\documents and settings\Administrator
    2012-07-02 09:21 . 2012-07-02 09:21 -------- d-----w- c:\documents and settings\sachin\Application Data\Panda Security
    2012-07-02 09:18 . 2012-07-02 11:02 -------- d-----w- c:\program files\Panda Security
    2012-07-02 09:16 . 2012-07-02 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
    2012-07-02 07:56 . 2012-07-02 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2012-07-02 05:55 . 2012-07-02 05:55 -------- d-----w- c:\documents and settings\sachin\Application Data\SUPERAntiSpyware.com
    2012-07-02 05:53 . 2012-07-02 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2012-06-30 14:23 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    2012-06-30 08:26 . 2012-06-30 08:26 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-06-30 08:19 . 2012-06-30 08:19 -------- d-----w- c:\windows\Paltalk Messenger
    2012-06-30 05:29 . 2012-06-30 05:29 -------- d-----w- c:\documents and settings\sachin1\Local Settings\Application Data\Mozilla
    2012-06-14 05:17 . 2012-06-14 05:17 -------- d-----w- c:\documents and settings\sachin\Local Settings\Application Data\APN
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-04 15:36 . 2011-09-09 10:06 687600 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-02 09:49 . 2008-04-14 12:00 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 09:49 . 2009-09-12 08:53 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 09:49 . 2009-09-12 08:53 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 09:49 . 2009-09-12 08:53 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 09:49 . 2008-04-14 12:00 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 09:49 . 2009-11-17 08:30 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 09:49 . 2009-09-12 08:53 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 09:49 . 2009-09-12 08:53 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 09:49 . 2008-11-09 20:20 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 09:49 . 2008-11-09 20:20 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 09:49 . 2008-04-14 12:00 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 09:49 . 2009-09-12 08:53 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 09:49 . 2009-09-12 08:53 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 09:48 . 2010-11-25 15:45 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 09:48 . 2010-11-25 15:45 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 09:48 . 2008-12-06 12:14 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08 . 2009-06-09 19:33 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 13:27 . 2009-06-09 19:33 1872128 ----a-w- c:\windows\system32\win32k.sys
    2012-05-13 04:02 . 2012-05-13 04:02 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-13 04:02 . 2011-11-27 10:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-11 14:42 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38 . 2009-06-09 19:33 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-04 13:24 . 2009-06-09 19:32 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:41 . 2009-02-06 10:30 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46 . 2009-09-12 08:50 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-06-28 12:51 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "d:\soft\NetMeter\New Folder\NetMeter\NetMeter.exe"="d:\soft\NetMeter\New Folder\NetMeter\NetMeter.exe" [2007-08-11 331264]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "COMODO Internet Security"="d:\soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-06-28 4273976]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    c:\documents and settings\sachin\Start Menu\Programs\Startup\
    SpywareGuard.lnk - d:\soft\SpywareGuard\New Folder\SpywareGuard\sgmain.exe [2003-8-29 360448]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\soft\SuperAntiSpyware Free\New Folder\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- d:\soft\SuperAntiSpyware Free\New Folder\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^sachin^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\documents and settings\sachin\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    2005-08-13 15:35 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2004-04-13 00:37 69632 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-09-04 20:24 417792 ----a-w- d:\soft\QuickTime\New Folder\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2010-09-14 12:30 19576424 ----a-w- c:\windows\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
    2011-10-12 14:11 438544 ----a-w- d:\soft\Sandboxie\New Folder\SbieCtrl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
    2011-01-17 19:41 8192 ----a-w- d:\soft\Xvid\New Folder\CheckUpdate.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "d:\\Soft\\Paltalk\\New Folder\\paltalk.exe"=
    "d:\\Soft\\UTorrent\\New Folder\\uTorrent.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "d:\\Soft\\MT5\\New Folder\\metatester.exe"=
    "d:\\Soft\\Opera\\New Folder\\opera.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "d:\\Soft\\Opera\\New Folder\\pluginwrapper\\opera_plugin_wrapper.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "41111:TCP"= 41111:TCP:eMule_TCP
    "42222:UDP"= 42222:UDP:eMule_UDP
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/2/2012 11:09 PM 721000]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/2/2012 11:09 PM 353688]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 248656]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/9/2010 10:20 PM 297168]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/30/2011 9:38 AM 242600]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/30/2011 9:38 AM 29400]
    R1 SASDIFSV;SASDIFSV;d:\soft\SuperAntiSpyware Free\New Folder\sasdifsv.sys [7/22/2011 9:57 PM 12880]
    R1 SASKUTIL;SASKUTIL;d:\soft\SuperAntiSpyware Free\New Folder\SASKUTIL.SYS [7/13/2011 3:25 AM 67664]
    R2 !SASCORE;SAS Core Service;d:\soft\SuperAntiSpyware Free\New Folder\SASCore.exe [8/12/2011 5:08 AM 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/2/2012 11:09 PM 21256]
    R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [11/18/2011 4:43 PM 225592]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/15/2009 3:46 PM 135664]
    S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [6/13/2010 2:51 PM 2560]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/13/2012 9:32 AM 257696]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/29/2011 9:27 PM 1691480]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134480]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24144]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 27216]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/15/2009 3:46 PM 135664]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/4/2012 8:29 PM 113120]
    S3 skbdrv;Encassa CoDefender;c:\windows\system32\DRIVERS\skbdrv.sys --> c:\windows\system32\DRIVERS\skbdrv.sys [?]
    S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:04]
    .
    2012-07-04 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-02 12:51]
    .
    2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 10:16]
    .
    2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 10:16]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.in/
    IE: Download with Mipony - file://d:\soft\MP\New Folder\MiPony\Browser\IEContext.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: FVDIEPlugin Add Page - d:\soft\FLASHD~1\NEWFOL~1\FVDIEP~1\FVDIEPlugin_1.dll/IECONTEXT.DLL.HTM
    TCP: Interfaces\{A8B5D383-FAC6-4F31-A6EB-D5D28E835222}: NameServer = 156.154.70.22,156.154.71.22
    FF - ProfilePath - c:\documents and settings\sachin\Application Data\Mozilla\Firefox\Profiles\qoz4grox.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM_ActiveSetup-{0C0FC00D-7248-F10D-0103-060105070400} - c:\windows\system32\scvhost.exe
    HKLM_ActiveSetup-{9EC0745F-CAD3-628A-48E9-02B9AFEC8E74} - c:\windows\xplorer.exe
    HKLM_ActiveSetup-{ED794CAD-FE87-2D78-DA3B-220B92CC9877} - c:\windows\system32\win32\svchost.exe
    AddRemove-InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA} - c:\program files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe
    AddRemove-{55BABDA1-8A1C-49BB-83B1-7B57B3C81B31} - c:\program files\InstallShield Installation Information\{55BABDA1-8A1C-49BB-83B1-7B57B3C81B31}\setup.exe
    AddRemove-{5A36F069-42F7-4EAF-9389-1AB34DC7EFE1} - c:\program files\InstallShield Installation Information\{5A36F069-42F7-4EAF-9389-1AB34DC7EFE1}\setup.exe
    AddRemove-{494367EC-82A9-4C0D-A788-74A967998E8C} - c:\documents and settings\sachin\Local Settings\Application Data\{CC503FA3-32DE-442D-9DE2-0628DCA6E1F6}\TS2Install.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-05 02:29
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwClose
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1644491937-1229272821-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \9A6A5634BD3048B3]
    "1"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,b0,17,3e,13,b8,98,f9,
    10,0a,f2,16,5c,a8,1c,4f,a3
    "2"=hex:e7,27,cf,42,f4,44,fe,c6,d8,f2,16,d1,8e,4d,81,a5,c1,5f,93,ef,b5,cb,1d,
    04,36,ee,2f,8d,a7,5c,96,01
    "3"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,7c,ee,b3,94,39,1d,bb,
    5e,97,e6,9e,cf,eb,f2,94,ca,73,e6,d4,34,53,90,04,70,e8,7f,25,57,05,a4,49,dd,\
    .
    [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \9A6A5634BD3048B3\B7DAAD172AA12168E008FD873A1BED58]
    "1"=hex:15,c0,1b,ee,a2,cd,62,4d,d2,23,38,04,69,c0,07,cb,be,7f,03,af,a5,f1,05,
    d0,1a,47,b5,40,b3,3c,2a,70,56,10,ce,bb,de,cc,2b,9c
    "2"=hex:be,2d,29,99,fc,30,0c,1b
    "3"=hex:29,7b,b7,71,e8,34,fd,0e,17,20,80,b4,66,51,ab,05,18,e5,e9,94,ee,4a,dd,
    c6,04,6a,40,dd,8a,66,e3,be,f6,6f,79,9d,9e,71,bb,e8,7a,e9,27,2a,4f,96,1e,7b,\
    "4"=hex:2f,ad,a2,e7,8a,bf,05,5e
    "5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
    1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
    "6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
    51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
    "7"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,3f,f3,42,c6,c3,65,02,
    28,73,ee,9e,5f,dc,e9,7b,7f,2e,33,55,23,c0,bf,6f,0f,06,ce,de,e3,81,cf,0f,34,\
    "8"=hex:58,09,79,bb,e0,33,eb,62,6e,93,f8,df,aa,24,d5,10,78,4b,d7,90,cd,1a,c5,
    ba,06,7c,c4,8e,ab,ad,11,2c,5e,75,3c,99,a3,a3,ca,86,f7,f4,5b,af,35,d2,4a,18
    "9"=hex:81,20,8f,ab,28,6a,52,9c
    "18"=hex:70,56,26,33,e3,20,f8,ab
    "10"=hex:0f,1f,9e,11,ed,e3,a4,c9
    "11"=hex:81,20,8f,ab,28,6a,52,9c
    "12"=hex:81,20,8f,ab,28,6a,52,9c
    "13"=hex:81,20,8f,ab,28,6a,52,9c
    "14"=hex:81,20,8f,ab,28,6a,52,9c
    "24"=hex:81,20,8f,ab,28,6a,52,9c
    "26"=hex:81,20,8f,ab,28,6a,52,9c
    "27"=hex:81,20,8f,ab,28,6a,52,9c
    "19"=hex:81,20,8f,ab,28,6a,52,9c
    "22"=hex:81,20,8f,ab,28,6a,52,9c
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(832)
    c:\windows\system32\guard32.dll
    d:\soft\SuperAntiSpyware Free\New Folder\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'lsass.exe'(888)
    c:\windows\system32\guard32.dll
    .
    Completion time: 2012-07-05 02:32:58
    ComboFix-quarantined-files.txt 2012-07-04 21:02
    .
    Pre-Run: 7,261,249,536 bytes free
    Post-Run: 7,787,352,064 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=AlwaysOff
    .
    - - End Of File - - BD2F0AD943C27B11C0AE49AB83AA555F
     
  6. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
    Okay, for the AVG try this:

    Download AppRemover and run it.

    Click Next >>
    [​IMG]


    Ensure "Remove Security Application" is collected and click Next >>
    [​IMG]


    AppRemover will scan all the security applications on your PC
    [​IMG]

    Select Any AVG entries from the applications offered and click Next >> twice.
    [​IMG]

    Follow any further on-screen instructions. If asked to reboot,please do so.


    ---------------

    Then, can you run this tool:

    Download OTL to your Desktop

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Select All Users
    • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

      Code:
      netsvcs
      activex
      msconfig
      %SYSTEMDRIVE%\*.
      %PROGRAMFILES%\*.exe
      %LOCALAPPDATA%\*.exe
      %windir%\Installer\*.*
      %windir%\system32\tasks\*.*
      %systemroot%\Fonts\*.exe
      %systemroot%\*. /mp /s
      /md5start
      runservice.exe
      consrv.dll
      explorer.exe
      winlogon.exe
      regedit.exe
      Userinit.exe
      svchost.exe
      /md5stop
      C:\Windows\assembly\tmp\U\*.* /s
      %Temp%\smtmp\1\*.*
      %Temp%\smtmp\2\*.*
      %Temp%\smtmp\3\*.*
      %Temp%\smtmp\4\*.*
      >C:\commands.txt echo list vol /raw /hide /c
      /wait
      >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
      /wait
      type c:\diskreport.txt /c
      /wait
      erase c:\commands.txt /hide /c
      /wait
      erase c:\diskreport.txt /hide /c
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
     
  7. ryan41225

    ryan41225 Thread Starter

    Joined:
    Jul 2, 2012
    Messages:
    22
    Upon trying to download AppRemover, I realized that I already had it but downloaded it again & ran it but as expected, AVG didn't show up there; initial list showed Spywareblaster, Malwarebytes & Avast, additional list showed Avast, SuperAntiSpyware & Comodo.

    Just as an update on the situation, since the morning, boot-times seem to have returned to par - taking about a minute or so but the system keeps acting up at regular intervals, regular episodes of missing text in open windows/programs, insufficient resources error-messages, unable to launch programs (at times some programs won't even close), then I have to reboot & everything seems to go back to normal........for a while that is.

    I've been scanning with the security-programs in the hopes that new definitions might catch something useful but all in vain :(




    OTL logfile created on: 7/6/2012 4:08:12 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\sachin\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.48 Mb Total Physical Memory | 617.59 Mb Available Physical Memory | 64.43% Memory free
    1.97 Gb Paging File | 1.50 Gb Available in Paging File | 76.21% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 19.53 Gb Total Space | 6.51 Gb Free Space | 33.34% Space Free | Partition Type: NTFS
    Drive D: | 25.72 Gb Total Space | 14.14 Gb Free Space | 54.96% Space Free | Partition Type: NTFS
    Drive E: | 29.29 Gb Total Space | 19.70 Gb Free Space | 67.25% Space Free | Partition Type: NTFS

    Computer Name: CHANGEME | User Name: sachin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/06 15:32:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sachin\Desktop\OTL.exe
    PRC - [2012/07/04 21:06:48 | 000,161,776 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2012/07/03 21:51:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/07/03 21:51:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/10/12 19:41:24 | 000,438,544 | ---- | M] (SANDBOXIE L.T.D) -- D:\Soft\Sandboxie\New Folder\SbieCtrl.exe
    PRC - [2011/10/12 19:41:22 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) -- D:\Soft\Sandboxie\New Folder\SbieSvc.exe
    PRC - [2011/08/12 05:08:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- D:\Soft\SuperAntiSpyware Free\New Folder\SASCore.exe
    PRC - [2011/06/30 09:37:28 | 001,793,712 | ---- | M] (COMODO) -- D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe
    PRC - [2011/06/30 09:37:06 | 002,554,696 | ---- | M] (COMODO) -- D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe
    PRC - [2010/06/13 14:51:35 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
    PRC - [2008/11/10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/04/14 17:30:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/08/11 19:20:00 | 000,331,264 | ---- | M] () -- D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe
    PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- D:\Soft\SpywareGuard\New Folder\SpywareGuard\sgbhp.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/06 00:44:14 | 001,781,248 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12070501\algo.dll
    MOD - [2010/06/13 14:51:46 | 000,126,976 | ---- | M] () -- C:\WINDOWS\lcmmfu.cpl
    MOD - [2010/06/13 14:51:37 | 000,048,640 | ---- | M] () -- C:\WINDOWS\mmfs.dll
    MOD - [2010/06/13 14:51:35 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
    MOD - [2009/08/16 20:36:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2007/08/11 19:20:00 | 000,331,264 | ---- | M] () -- D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe
    MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- D:\Soft\SpywareGuard\New Folder\SpywareGuard\sgbhp.exe
    MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- D:\Soft\SpywareGuard\New Folder\SpywareGuard\spywareguard.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - [2012/07/04 21:06:48 | 000,161,776 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2012/07/03 21:51:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/06/15 03:50:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/05/13 09:32:40 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2011/10/12 19:41:22 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Soft\Sandboxie\New Folder\SbieSvc.exe -- (SbieSvc)
    SRV - [2011/08/12 05:08:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- D:\Soft\SuperAntiSpyware Free\New Folder\SASCore.exe -- (!SASCORE)
    SRV - [2011/06/30 09:37:28 | 001,793,712 | ---- | M] (COMODO) [Auto | Running] -- D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2010/06/13 14:51:35 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
    SRV - [2008/11/10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
    DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\skbdrv.sys -- (skbdrv)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\sachin\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2012/07/03 21:51:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/07/03 21:51:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/07/03 21:51:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/07/03 21:51:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012/07/03 21:51:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2012/07/03 21:51:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/07/03 21:51:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/10/12 19:41:20 | 000,131,344 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Soft\Sandboxie\New Folder\SbieDrv.sys -- (SbieDrv)
    DRV - [2011/09/14 19:28:10 | 000,225,592 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
    DRV - [2011/07/22 21:57:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Soft\SuperAntiSpyware Free\New Folder\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/13 03:25:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Soft\SuperAntiSpyware Free\New Folder\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/06/30 09:38:16 | 000,097,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
    DRV - [2011/06/30 09:38:14 | 000,242,600 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
    DRV - [2011/06/30 09:38:14 | 000,029,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
    DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/05/25 05:10:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/09/14 18:00:32 | 006,143,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
    DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2008/04/14 01:35:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2005/08/31 11:12:36 | 001,333,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
    IE - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\SearchScopes,DefaultScope = {741D0FA0-C629-4D31-94DB-70D17669409A}
    IE - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" =
    IE - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\SearchScopes\{741D0FA0-C629-4D31-94DB-70D17669409A}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\SearchScopes\{89EE36E5-5532-4949-ACD7-E042B38ED4D1}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    IE - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Soft\DivX 7\New Folder\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: D:\Soft\RealAlternative 2.2\New Folder\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: D:\Soft\RealAlternative 2.2\New Folder\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: D:\Soft\VLC\New Folder\VLC\npvlc.dll (the VideoLAN Team)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/06 09:37:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Soft\Firefox\New Folder\components [2012/07/04 20:29:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Soft\Firefox\New Folder\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\sachin\Application Data\IDM\idmmzcc3

    [2012/07/04 20:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sachin\Application Data\Mozilla\Extensions
    [2012/07/05 20:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sachin\Application Data\Mozilla\Firefox\Profiles\qoz4grox.default\extensions

    O1 HOSTS File: ([2012/07/05 02:29:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
    O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - D:\Soft\KeyScrambler\New Folder\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
    O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Soft\SpywareGuard\New Folder\SpywareGuard\dlprotect.dll ()
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
    O3 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [COMODO Internet Security] D:\Soft\Comodo Firewall\New Folder\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003..\Run: [D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe] D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe ()
    O4 - Startup: C:\Documents and Settings\sachin\Start Menu\Programs\Startup\SpywareGuard.lnk = D:\Soft\SpywareGuard\New Folder\SpywareGuard\sgmain.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Download with Mipony - D:\Soft\MP\New Folder\MiPony\Browser\IEContext.htm ()
    O8 - Extra context menu item: FVDIEPlugin Add Page - res://D:\Soft\FLASHD~1\NEWFOL~1\FVDIEP~1\FVDIEPlugin_1.dll/IECONTEXT.DLL.HTM File not found
    O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Soft\Paltalk\New Folder\paltalk.exe (AVM Software Inc.)
    O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\Soft\KeyScrambler\New Folder\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1265444050937 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1265444034125 (MUWebControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8B5D383-FAC6-4F31-A6EB-D5D28E835222}: NameServer = 156.154.70.22,156.154.71.22
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (D:\Soft\SuperAntiSpyware Free\New Folder\SASWINLO.DLL) - D:\Soft\SuperAntiSpyware Free\New Folder\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\sachin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\sachin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Soft\SuperAntiSpyware Free\New Folder\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - D:\Soft\SpywareGuard\New Folder\SpywareGuard\spywareguard.dll ()
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/09/10 20:26:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
    ActiveX: Microsoft Base Smart Card Crypto Provider Package -

    MsConfig - StartUpFolder: C:^Documents and Settings^sachin^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
    MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
    MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
    MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - D:\Soft\QuickTime\New Folder\qttask.exe (Apple Inc.)
    MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
    MsConfig - StartUpReg: SandboxieControl - hkey= - key= - D:\Soft\Sandboxie\New Folder\SbieCtrl.exe (SANDBOXIE L.T.D)
    MsConfig - StartUpReg: Xvid - hkey= - key= - D:\Soft\Xvid\New Folder\CheckUpdate.exe ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/06 15:31:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sachin\Desktop\OTL.exe
    [2012/07/06 10:54:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\sachin\Recent
    [2012/07/06 09:43:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/07/05 02:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2012/07/05 02:20:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/07/05 02:14:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/07/05 02:14:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/07/05 02:14:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/07/05 02:14:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/07/05 02:14:20 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/05 02:14:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012/07/05 01:25:10 | 004,571,247 | R--- | C] (Swearware) -- C:\Documents and Settings\sachin\Desktop\username123.exe
    [2012/07/04 23:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sachin\Local Settings\Application Data\Sun
    [2012/07/04 23:46:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2012/07/04 21:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/07/04 20:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sachin\Application Data\Mozilla
    [2012/07/04 20:29:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
    [2012/07/04 20:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/07/04 15:00:38 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\sachin\Desktop\tdsskiller.exe
    [2012/07/04 11:59:10 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\sachin\Desktop\aswMBR.exe
    [2012/07/03 23:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
    [2012/07/02 23:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2012/07/02 23:09:23 | 000,353,688 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2012/07/02 23:09:23 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2012/07/02 23:09:20 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2012/07/02 23:09:19 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2012/07/02 23:09:18 | 000,721,000 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2012/07/02 23:09:18 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2012/07/02 23:09:18 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2012/07/02 23:09:17 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2012/07/02 23:07:32 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2012/07/02 23:07:30 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2012/07/02 23:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/07/02 23:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2012/07/02 17:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sachin\Local Settings\Application Data\panda2_0dn
    [2012/07/02 17:08:54 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\sachin\Desktop\HijackThis.exe
    [2012/07/02 16:52:58 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\sachin\Desktop\dds.scr
    [2012/07/02 16:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
    [2012/07/02 16:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sachin\Start Menu\Programs\Sophos
    [2012/07/02 14:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sachin\Application Data\Panda Security
    [2012/07/02 14:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
    [2012/07/02 14:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
    [2012/07/02 13:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2012/07/02 11:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sachin\Application Data\SUPERAntiSpyware.com
    [2012/07/02 11:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2012/07/02 11:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2012/06/30 18:25:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2012/06/30 13:49:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Paltalk Messenger
    [2012/06/30 13:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sachin\Start Menu\Programs\Paltalk Messenger
    [2012/06/14 10:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sachin\Local Settings\Application Data\APN
    [2012/06/12 13:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HotForex MetaTrader

    ========== Files - Modified Within 30 Days ==========

    [2012/07/06 16:00:31 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/06 15:49:24 | 000,059,684 | ---- | M] () -- C:\Documents and Settings\sachin\My Documents\AR.JPG
    [2012/07/06 15:48:10 | 001,157,346 | ---- | M] () -- C:\Documents and Settings\sachin\My Documents\AR.bmp
    [2012/07/06 15:32:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sachin\Desktop\OTL.exe
    [2012/07/06 11:59:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/06 10:58:05 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2012/07/06 10:56:47 | 000,000,833 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
    [2012/07/06 10:56:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/07/06 09:37:08 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2012/07/05 02:29:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/07/05 02:20:11 | 000,000,331 | RHS- | M] () -- C:\boot.ini
    [2012/07/05 01:42:25 | 000,002,405 | ---- | M] () -- C:\Documents and Settings\sachin\Desktop\Sophos Virus Removal Tool.lnk
    [2012/07/05 01:26:20 | 004,571,247 | R--- | M] (Swearware) -- C:\Documents and Settings\sachin\Desktop\username123.exe
    [2012/07/04 23:47:30 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\sachin\Desktop\Shortcut to rkill.pif
    [2012/07/04 20:29:41 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2012/07/04 15:14:10 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/07/04 15:13:36 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\sachin\Desktop\MBR.dat
    [2012/07/04 15:03:31 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\sachin\Desktop\tdsskiller.exe
    [2012/07/04 12:26:21 | 000,136,192 | ---- | M] () -- C:\Documents and Settings\sachin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/07/04 12:01:31 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\sachin\Desktop\aswMBR.exe
    [2012/07/04 11:53:51 | 000,881,475 | ---- | M] () -- C:\Documents and Settings\sachin\Desktop\SecurityCheck.exe
    [2012/07/04 00:43:46 | 000,001,436 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
    [2012/07/03 23:22:48 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\sachin\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
    [2012/07/03 21:51:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2012/07/03 21:51:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2012/07/03 21:51:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2012/07/03 21:51:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2012/07/03 21:51:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2012/07/03 21:51:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2012/07/03 21:51:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2012/07/03 21:51:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2012/07/03 21:51:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2012/07/03 21:51:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2012/07/02 23:09:24 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2012/07/02 21:00:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/07/02 17:09:33 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe
    [2012/07/02 17:09:01 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\sachin\Desktop\HijackThis.exe
    [2012/07/02 16:53:53 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\sachin\Desktop\dds.scr
    [2012/07/02 16:28:47 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2012/07/02 13:05:26 | 000,001,214 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2012/07/02 11:23:12 | 000,000,843 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/07/01 17:09:37 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera 12.00 1467.lnk
    [2012/06/30 20:37:54 | 000,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/06/30 20:30:57 | 000,664,602 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/06/30 20:30:57 | 000,139,666 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/06/30 14:02:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/06/29 12:54:04 | 000,003,924 | ---- | M] () -- C:\Documents and Settings\sachin\My Documents\IND_Monitoring-Spread.ex4
    [2012/06/29 12:41:46 | 000,002,777 | ---- | M] () -- C:\Documents and Settings\sachin\My Documents\IND_Monitoring-Spread.mq4
    [2012/06/12 13:21:39 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HotForex MetaTrader.lnk

    ========== Files Created - No Company Name ==========

    [2012/07/06 15:49:24 | 000,059,684 | ---- | C] () -- C:\Documents and Settings\sachin\My Documents\AR.JPG
    [2012/07/06 15:48:10 | 001,157,346 | ---- | C] () -- C:\Documents and Settings\sachin\My Documents\AR.bmp
    [2012/07/05 02:20:11 | 000,000,215 | ---- | C] () -- C:\Boot.bak
    [2012/07/05 02:20:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/07/05 02:14:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/07/05 02:14:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/07/05 02:14:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/07/05 02:14:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/07/05 02:14:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/07/04 23:47:30 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\sachin\Desktop\Shortcut to rkill.pif
    [2012/07/04 20:29:41 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/07/04 20:29:41 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2012/07/04 15:13:36 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\sachin\Desktop\MBR.dat
    [2012/07/04 11:51:41 | 000,881,475 | ---- | C] () -- C:\Documents and Settings\sachin\Desktop\SecurityCheck.exe
    [2012/07/03 23:25:30 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\sachin\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
    [2012/07/03 23:25:27 | 000,001,436 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
    [2012/07/03 00:45:40 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2012/07/02 23:09:24 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2012/07/02 17:09:26 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\sachin\Desktop\7oqmz2h1.exe
    [2012/07/02 16:42:09 | 000,002,405 | ---- | C] () -- C:\Documents and Settings\sachin\Desktop\Sophos Virus Removal Tool.lnk
    [2012/07/02 16:28:46 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2012/07/02 11:23:12 | 000,000,843 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/07/01 17:09:37 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera 12.00 1467.lnk
    [2012/07/01 17:09:37 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera 12.00 1467.lnk
    [2012/06/29 12:49:27 | 000,003,924 | ---- | C] () -- C:\Documents and Settings\sachin\My Documents\IND_Monitoring-Spread.ex4
    [2012/06/29 12:41:46 | 000,002,777 | ---- | C] () -- C:\Documents and Settings\sachin\My Documents\IND_Monitoring-Spread.mq4
    [2012/06/12 13:21:39 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HotForex MetaTrader.lnk
    [2012/05/14 19:39:39 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2012/05/14 19:39:38 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2012/02/16 23:29:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/10/02 09:40:30 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\sachin\Local Settings\Application Data\WebpageIcons.db
    [2011/10/01 18:18:13 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2011/09/29 22:28:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
    [2011/09/25 09:27:03 | 000,001,214 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
    [2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(6).sys
    [2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(5).sys
    [2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(9).sys
    [2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(8).sys
    [2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(7).sys
    [2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(6).sys
    [2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(9).sys
    [2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(15).sys
    [2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(14).sys
    [2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(13).sys
    [2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(12).sys
    [2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(11).sys
    [2011/04/18 13:17:31 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(10).sys
    [2011/04/12 18:02:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2011/04/08 00:47:34 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(8).sys
    [2011/03/31 13:13:36 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(5)(4).sys
    [2011/03/31 13:13:36 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(4).sys
    [2011/03/31 13:13:36 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(2).sys
    [2011/03/31 13:13:36 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(5).sys
    [2011/03/31 13:13:36 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(4).sys
    [2011/03/31 13:13:36 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(2).sys
    [2011/03/31 13:13:36 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(5).sys
    [2011/03/31 13:13:36 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(3).sys
    [2011/03/31 13:13:36 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(2).sys
    [2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(9)(2).sys
    [2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(8)(2).sys
    [2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(6)(3).sys
    [2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(6)(2).sys
    [2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(5)(3).sys
    [2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(5)(2).sys
    [2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(4)(3).sys
    [2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(3)(3).sys
    [2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(7).sys
    [2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(6).sys
    [2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(2)(4).sys
    [2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(12)(2).sys
    [2011/03/30 15:57:30 | 000,000,833 | -HS- | C] () -- C:\WINDOWS\System32\mmf(10)(2).sys
    [2010/07/15 17:31:08 | 000,137,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2009/09/12 13:13:05 | 000,136,192 | ---- | C] () -- C:\Documents and Settings\sachin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== LOP Check ==========

    [2012/07/02 16:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
    [2011/11/30 15:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
    [2012/07/02 23:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2010/11/26 11:12:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/04/02 16:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
    [2011/10/01 18:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2011/10/27 17:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MetaQuotes
    [2011/05/13 18:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
    [2012/07/02 16:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
    [2011/09/16 17:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFX Software
    [2012/07/02 16:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
    [2012/07/06 15:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/12/02 13:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
    [2009/09/13 10:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2010/06/13 14:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\Childish Things
    [2011/09/02 18:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\DMCache
    [2009/11/21 19:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\eSobi
    [2011/10/27 15:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\FVDIEPlugin
    [2011/11/18 16:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\IObit
    [2011/11/27 17:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\LimeWire
    [2012/04/09 19:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\MetaQuotes
    [2011/07/24 19:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\Mipony
    [2011/05/13 18:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\Nitro PDF
    [2012/07/01 17:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\Opera
    [2009/10/20 16:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\Paltalk
    [2012/07/02 14:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\Panda Security
    [2010/12/25 23:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\ProgSense
    [2011/09/16 17:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\QFX Software
    [2011/10/19 08:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\SystemRequirementsLab
    [2009/12/22 22:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\TeamViewer
    [2012/07/02 16:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\uTorrent
    [2012/07/06 10:58:05 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*. >
    [2012/07/05 02:20:11 | 000,000,000 | RHSD | M] -- C:\cmdcons
    [2012/07/04 21:08:14 | 000,000,000 | ---D | M] -- C:\Config.Msi
    [2012/07/02 16:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings
    [2011/09/22 15:15:25 | 000,000,000 | ---D | M] -- C:\Downloads
    [2009/09/17 00:10:02 | 000,000,000 | ---D | M] -- C:\D&#367;
    [2012/07/02 11:40:52 | 000,000,000 | ---D | M] -- C:\Extracted
    [2011/10/19 11:29:08 | 000,000,000 | ---D | M] -- C:\Hotspot Shield
    [2009/09/12 15:12:50 | 000,000,000 | R--D | M] -- C:\MSOCache
    [2012/07/04 20:29:38 | 000,000,000 | R--D | M] -- C:\Program Files
    [2012/07/05 02:33:02 | 000,000,000 | ---D | M] -- C:\Qoobox
    [2012/07/06 09:43:50 | 000,000,000 | -HSD | M] -- C:\RECYCLER
    [2011/09/30 22:12:27 | 000,000,000 | R--D | M] -- C:\Sandbox
    [2011/10/29 21:26:52 | 000,000,000 | -HSD | M] -- C:\System Volume Information
    [2012/07/02 14:46:26 | 000,000,000 | ---D | M] -- C:\temp
    [2011/10/30 19:38:02 | 000,000,000 | ---D | M] -- C:\TempEI4
    [2012/07/06 15:44:30 | 000,000,000 | ---D | M] -- C:\WINDOWS

    < %PROGRAMFILES%\*.exe >
    Invalid Environment Variable: LOCALAPPDATA

    < %windir%\Installer\*.* >
    [2011/10/19 08:59:09 | 000,031,232 | ---- | M] () -- C:\WINDOWS\Installer\108b03.msi
    [2011/03/29 13:52:01 | 000,005,120 | ---- | M] () -- C:\WINDOWS\Installer\1096378.ipi
    [2011/01/11 17:53:56 | 001,763,328 | ---- | M] () -- C:\WINDOWS\Installer\10d65b2.msp
    [2009/09/12 15:19:34 | 000,061,952 | ---- | M] () -- C:\WINDOWS\Installer\10d65b3.mst
    [2011/02/16 13:54:08 | 004,992,000 | R--- | M] () -- C:\WINDOWS\Installer\10d65cd.msp
    [2010/09/24 15:35:07 | 012,126,208 | ---- | M] () -- C:\WINDOWS\Installer\123efc0.msi
    [2012/04/10 10:45:12 | 001,160,192 | ---- | M] () -- C:\WINDOWS\Installer\124051.msi
    [2011/06/16 15:14:16 | 000,467,456 | ---- | M] () -- C:\WINDOWS\Installer\130d9ff.msi
    [2011/04/29 12:33:30 | 008,173,568 | R--- | M] () -- C:\WINDOWS\Installer\130da16.msp
    [2011/06/16 15:16:44 | 000,223,744 | ---- | M] () -- C:\WINDOWS\Installer\130da1f.msi
    [2011/04/29 12:28:40 | 001,995,264 | R--- | M] () -- C:\WINDOWS\Installer\130da36.msp
    [2011/04/29 12:31:46 | 009,006,080 | R--- | M] () -- C:\WINDOWS\Installer\130da4e.msp
    [2011/03/17 20:03:50 | 000,308,736 | R--- | M] () -- C:\WINDOWS\Installer\130da65.msp
    [2010/02/04 17:24:30 | 009,122,304 | R--- | M] () -- C:\WINDOWS\Installer\134e144.msp
    [2010/02/21 01:00:02 | 008,480,768 | R--- | M] () -- C:\WINDOWS\Installer\134e15c.msp
    [2010/03/22 16:03:14 | 011,732,992 | R--- | M] () -- C:\WINDOWS\Installer\134e174.msp
    [2010/03/11 23:59:18 | 005,031,424 | R--- | M] () -- C:\WINDOWS\Installer\134e18c.msp
    [2010/02/21 01:03:34 | 004,472,832 | R--- | M] () -- C:\WINDOWS\Installer\134e1aa.msp
    [2010/02/21 01:02:24 | 004,195,840 | R--- | M] () -- C:\WINDOWS\Installer\134e1c2.msp
    [2012/07/02 16:42:09 | 000,693,248 | ---- | M] () -- C:\WINDOWS\Installer\13cdb6.msi
    [2010/12/28 18:27:43 | 001,572,352 | ---- | M] () -- C:\WINDOWS\Installer\161a4c6.msi
    [2011/04/28 05:42:32 | 004,990,976 | R--- | M] () -- C:\WINDOWS\Installer\16beafd.msp
    [2011/04/29 12:27:04 | 004,158,464 | R--- | M] () -- C:\WINDOWS\Installer\16beb15.msp
    [2011/04/22 19:41:34 | 011,507,712 | R--- | M] () -- C:\WINDOWS\Installer\16beb31.msp
    [2010/12/21 13:06:38 | 011,570,688 | R--- | M] () -- C:\WINDOWS\Installer\195111.msp
    [2010/12/17 00:17:02 | 003,362,304 | R--- | M] () -- C:\WINDOWS\Installer\195129.msp
    [2011/03/10 17:53:31 | 001,615,360 | ---- | M] () -- C:\WINDOWS\Installer\1c5fafe.msi
    [2010/08/04 16:51:39 | 003,443,712 | ---- | M] () -- C:\WINDOWS\Installer\1c9289d.msi
    [2011/03/12 17:17:16 | 001,615,360 | ---- | M] () -- C:\WINDOWS\Installer\1cd8068.msi
    [2010/08/04 17:05:15 | 000,088,576 | ---- | M] () -- C:\WINDOWS\Installer\1d33a56.msi
    [2008/07/29 17:31:06 | 006,083,072 | R--- | M] () -- C:\WINDOWS\Installer\1d33a57.msp
    [2008/07/29 17:37:12 | 000,911,360 | R--- | M] () -- C:\WINDOWS\Installer\1d33a58.msp
    [2008/07/29 17:33:08 | 000,506,368 | R--- | M] () -- C:\WINDOWS\Installer\1d33a59.msp
    [2008/07/29 17:43:22 | 001,013,248 | R--- | M] () -- C:\WINDOWS\Installer\1d33a5a.msp
    [2008/07/29 17:35:10 | 000,553,472 | R--- | M] () -- C:\WINDOWS\Installer\1d33a5b.msp
    [2008/07/29 17:39:14 | 003,403,264 | R--- | M] () -- C:\WINDOWS\Installer\1d33a5c.msp
    [2008/07/29 17:41:16 | 006,487,040 | R--- | M] () -- C:\WINDOWS\Installer\1d33a5d.msp
    [2008/07/29 17:29:04 | 002,926,080 | R--- | M] () -- C:\WINDOWS\Installer\1d33a5e.msp
    [2008/07/29 17:45:28 | 002,543,616 | R--- | M] () -- C:\WINDOWS\Installer\1d33a5f.msp
    [2010/07/24 18:27:30 | 000,228,352 | ---- | M] () -- C:\WINDOWS\Installer\1d35385.msi
    [2010/08/04 17:08:13 | 000,137,728 | ---- | M] () -- C:\WINDOWS\Installer\1d882e4.msi
    [2008/07/29 21:07:20 | 000,023,040 | R--- | M] () -- C:\WINDOWS\Installer\1d882e5.msp
    [2008/07/29 19:18:48 | 003,376,640 | R--- | M] () -- C:\WINDOWS\Installer\1d882e6.msp
    [2008/07/29 20:22:42 | 004,137,984 | R--- | M] () -- C:\WINDOWS\Installer\1d882e7.msp
    [2008/07/29 19:34:28 | 001,448,448 | R--- | M] () -- C:\WINDOWS\Installer\1d882e8.msp
    [2008/07/29 21:15:12 | 003,697,664 | R--- | M] () -- C:\WINDOWS\Installer\1d882e9.msp
    [2008/07/29 19:40:38 | 000,291,840 | R--- | M] () -- C:\WINDOWS\Installer\1d882ea.msp
    [2008/07/29 20:37:56 | 002,679,808 | R--- | M] () -- C:\WINDOWS\Installer\1d882eb.msp
    [2008/07/29 21:28:10 | 000,278,016 | R--- | M] () -- C:\WINDOWS\Installer\1d882ec.msp
    [2008/07/29 19:26:26 | 001,043,456 | R--- | M] () -- C:\WINDOWS\Installer\1d882ed.msp
    [2008/07/29 21:23:12 | 000,250,880 | R--- | M] () -- C:\WINDOWS\Installer\1d882ee.msp
    [2010/08/04 17:09:49 | 000,648,192 | ---- | M] () -- C:\WINDOWS\Installer\1da901f.msi
    [2008/12/13 09:57:24 | 008,397,824 | R--- | M] () -- C:\WINDOWS\Installer\1da902f.msp
    [2011/03/08 18:14:23 | 001,615,360 | ---- | M] () -- C:\WINDOWS\Installer\1e2ce05.msi
    [2011/07/14 10:40:30 | 003,489,280 | ---- | M] () -- C:\WINDOWS\Installer\1e3235.msi
    [2011/04/14 18:22:32 | 003,446,272 | ---- | M] () -- C:\WINDOWS\Installer\1f17527.msi
    [2010/08/04 20:35:56 | 019,210,240 | R--- | M] () -- C:\WINDOWS\Installer\1f60a0.msp
    [2009/03/20 11:48:56 | 000,183,808 | R--- | M] () -- C:\WINDOWS\Installer\1f60ab.msp
    [2010/08/04 20:39:43 | 000,195,584 | ---- | M] () -- C:\WINDOWS\Installer\1f60b3.msi
    [2009/08/14 20:32:40 | 011,110,912 | R--- | M] () -- C:\WINDOWS\Installer\1f60bd.msp
    [2010/04/11 22:17:10 | 004,210,688 | R--- | M] () -- C:\WINDOWS\Installer\1f60ca.msp
    [2010/04/11 22:17:08 | 002,607,104 | R--- | M] () -- C:\WINDOWS\Installer\1f60cb.msp
    [2010/04/11 22:17:12 | 014,599,680 | R--- | M] () -- C:\WINDOWS\Installer\1f60db.msp
    [2010/02/25 00:14:38 | 000,543,232 | R--- | M] () -- C:\WINDOWS\Installer\1f60e4.msp
    [2010/05/20 19:58:28 | 012,114,432 | R--- | M] () -- C:\WINDOWS\Installer\1f6104.msp
    [2010/06/11 11:03:22 | 005,021,184 | R--- | M] () -- C:\WINDOWS\Installer\1f611c.msp
    [2010/05/20 19:57:12 | 005,907,456 | R--- | M] () -- C:\WINDOWS\Installer\1f613c.msp
    [2010/05/20 19:57:18 | 004,989,952 | R--- | M] () -- C:\WINDOWS\Installer\1f613d.msp
    [2009/11/09 00:25:26 | 001,935,360 | R--- | M] () -- C:\WINDOWS\Installer\1f615a.msp
    [2010/03/31 01:23:04 | 015,638,528 | R--- | M] () -- C:\WINDOWS\Installer\1f6168.msp
    [2011/03/11 18:41:29 | 001,615,360 | ---- | M] () -- C:\WINDOWS\Installer\2100641.msi
    [2011/03/09 19:03:18 | 001,615,360 | ---- | M] () -- C:\WINDOWS\Installer\213e98e.msi
    [2011/03/31 11:34:38 | 000,005,632 | ---- | M] () -- C:\WINDOWS\Installer\21a972.ipi
    [2009/09/12 14:32:16 | 000,264,704 | ---- | M] () -- C:\WINDOWS\Installer\223ef.msi
    [2011/11/11 16:16:20 | 008,458,240 | R--- | M] () -- C:\WINDOWS\Installer\22f0612.msp
    [2011/11/11 16:15:00 | 001,795,584 | R--- | M] () -- C:\WINDOWS\Installer\22f062a.msp
    [2011/11/01 13:34:30 | 002,531,840 | R--- | M] () -- C:\WINDOWS\Installer\22f0642.msp
    [2011/11/01 13:34:58 | 004,225,536 | R--- | M] () -- C:\WINDOWS\Installer\22f065f.msp
    [2011/11/11 16:14:40 | 009,096,192 | R--- | M] () -- C:\WINDOWS\Installer\22f0677.msp
    [2011/11/01 13:34:28 | 002,247,168 | R--- | M] () -- C:\WINDOWS\Installer\22f068f.msp
    [2011/11/01 13:34:56 | 004,250,112 | R--- | M] () -- C:\WINDOWS\Installer\22f06a7.msp
    [2012/03/25 21:04:50 | 000,005,120 | ---- | M] () -- C:\WINDOWS\Installer\22f19e7.ipi
    [2010/01/14 21:26:08 | 005,027,840 | R--- | M] () -- C:\WINDOWS\Installer\231171.msp
    [2009/10/16 07:08:48 | 002,237,952 | R--- | M] () -- C:\WINDOWS\Installer\235e68.msp
    [2010/05/18 23:35:24 | 005,023,744 | R--- | M] () -- C:\WINDOWS\Installer\235e80.msp
    [2010/04/24 17:05:14 | 004,199,424 | R--- | M] () -- C:\WINDOWS\Installer\235e98.msp
    [2010/04/24 17:07:58 | 004,667,392 | R--- | M] () -- C:\WINDOWS\Installer\235eb0.msp
    [2010/03/24 18:54:54 | 002,516,992 | R--- | M] () -- C:\WINDOWS\Installer\235ecd.msp
    [2010/03/24 18:54:48 | 003,126,272 | R--- | M] () -- C:\WINDOWS\Installer\235ece.msp
    [2010/04/24 17:08:48 | 009,129,984 | R--- | M] () -- C:\WINDOWS\Installer\235ee7.msp
    [2010/04/24 17:09:46 | 011,750,912 | R--- | M] () -- C:\WINDOWS\Installer\235eff.msp
    [2010/04/24 17:07:04 | 010,118,144 | R--- | M] () -- C:\WINDOWS\Installer\235f18.msp
    [2010/04/24 17:10:46 | 008,486,400 | R--- | M] () -- C:\WINDOWS\Installer\235f30.msp
    [2010/11/26 10:57:41 | 000,219,648 | ---- | M] () -- C:\WINDOWS\Installer\238f2a.msi
    [2011/07/27 07:39:50 | 009,892,352 | R--- | M] () -- C:\WINDOWS\Installer\25f1d2a.msp
    [2011/07/27 07:37:28 | 011,592,192 | R--- | M] () -- C:\WINDOWS\Installer\25f1d49.msp
    [2011/09/06 21:48:02 | 008,181,248 | R--- | M] () -- C:\WINDOWS\Installer\25f1d61.msp
    [2011/07/21 12:34:34 | 003,456,000 | R--- | M] () -- C:\WINDOWS\Installer\25f1d6e.msp
    [2011/08/10 17:42:04 | 007,070,208 | R--- | M] () -- C:\WINDOWS\Installer\25f1d85.msp
    [2011/08/24 06:37:22 | 004,985,856 | R--- | M] () -- C:\WINDOWS\Installer\25f1d9d.msp
    [2011/06/21 11:59:26 | 001,764,352 | R--- | M] () -- C:\WINDOWS\Installer\25f1db6.msp
    [2011/09/06 21:46:22 | 009,006,080 | R--- | M] () -- C:\WINDOWS\Installer\25f1dce.msp
    [2011/08/10 17:43:30 | 003,795,968 | R--- | M] () -- C:\WINDOWS\Installer\25f1de6.msp
    [2012/02/17 08:45:24 | 002,299,392 | R--- | M] () -- C:\WINDOWS\Installer\2621175.msp
    [2012/04/28 21:43:58 | 008,459,264 | R--- | M] () -- C:\WINDOWS\Installer\262118d.msp
    [2012/03/15 02:24:28 | 001,795,584 | R--- | M] () -- C:\WINDOWS\Installer\26211a5.msp
    [2011/12/15 13:40:40 | 023,374,336 | R--- | M] () -- C:\WINDOWS\Installer\26211bb.msp
    [2012/04/06 03:13:32 | 016,527,872 | R--- | M] () -- C:\WINDOWS\Installer\26211c8.msp
    [2012/04/04 22:38:16 | 003,620,864 | R--- | M] () -- C:\WINDOWS\Installer\26211e0.msp
    [2012/04/30 14:38:28 | 005,011,456 | R--- | M] () -- C:\WINDOWS\Installer\26211f8.msp
    [2012/04/28 21:44:02 | 009,586,176 | R--- | M] () -- C:\WINDOWS\Installer\2621211.msp
    [2012/01/19 13:37:24 | 008,999,936 | R--- | M] () -- C:\WINDOWS\Installer\262121d.msp
    [2012/01/04 02:25:14 | 017,751,552 | R--- | M] () -- C:\WINDOWS\Installer\262122b.msp
    [2011/12/22 16:50:54 | 000,256,000 | R--- | M] () -- C:\WINDOWS\Installer\2621234.msp
    [2012/04/06 02:12:34 | 015,709,696 | R--- | M] () -- C:\WINDOWS\Installer\262123d.msp
    [2012/04/28 21:44:02 | 009,101,824 | R--- | M] () -- C:\WINDOWS\Installer\2621255.msp
    [2012/04/04 22:38:44 | 002,831,360 | R--- | M] () -- C:\WINDOWS\Installer\262126d.msp
    [2011/12/26 09:59:58 | 004,368,896 | R--- | M] () -- C:\WINDOWS\Installer\26f08dd.msp
    [2011/12/26 09:02:58 | 019,677,184 | R--- | M] () -- C:\WINDOWS\Installer\26f08f8.msp
    [2011/12/25 05:40:46 | 000,819,200 | R--- | M] () -- C:\WINDOWS\Installer\26f0900.msp
    [2009/09/12 15:13:32 | 002,397,184 | ---- | M] () -- C:\WINDOWS\Installer\279ac1.msi
    [2009/09/12 15:13:40 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\279ac8.msi
    [2009/09/12 15:13:47 | 001,713,152 | ---- | M] () -- C:\WINDOWS\Installer\279acf.msi
    [2009/09/12 15:13:55 | 002,022,912 | ---- | M] () -- C:\WINDOWS\Installer\279ad6.msi
    [2009/09/12 15:14:20 | 001,640,960 | ---- | M] () -- C:\WINDOWS\Installer\279add.msi
    [2009/09/12 15:14:28 | 000,048,128 | ---- | M] () -- C:\WINDOWS\Installer\279ae7.msi
    [2009/09/12 15:14:35 | 001,647,616 | ---- | M] () -- C:\WINDOWS\Installer\279aee.msi
    [2009/09/12 15:14:40 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\279af5.msi
    [2009/09/12 15:14:48 | 002,319,872 | ---- | M] () -- C:\WINDOWS\Installer\279afc.msi
    [2009/09/12 15:14:59 | 000,513,024 | ---- | M] () -- C:\WINDOWS\Installer\279b03.msi
    [2009/09/12 15:15:13 | 000,516,608 | ---- | M] () -- C:\WINDOWS\Installer\279b0b.msi
    [2009/09/12 15:16:13 | 000,506,880 | ---- | M] () -- C:\WINDOWS\Installer\279b13.msi
    [2009/09/12 15:16:19 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\279b1a.msi
    [2009/09/12 15:16:29 | 001,652,736 | ---- | M] () -- C:\WINDOWS\Installer\279b21.msi
    [2009/09/12 15:16:37 | 001,652,736 | ---- | M] () -- C:\WINDOWS\Installer\279b28.msi
    [2009/09/12 15:16:49 | 001,652,736 | ---- | M] () -- C:\WINDOWS\Installer\279b2f.msi
    [2009/09/12 15:16:52 | 000,501,248 | ---- | M] () -- C:\WINDOWS\Installer\279b36.msi
    [2009/09/12 15:16:58 | 001,640,960 | ---- | M] () -- C:\WINDOWS\Installer\279b3d.msi
    [2009/09/12 15:19:31 | 018,181,632 | ---- | M] () -- C:\WINDOWS\Installer\279b4b.msi
    [2007/04/12 20:41:48 | 004,582,912 | R--- | M] () -- C:\WINDOWS\Installer\279b4c.msp
    [2009/09/12 15:22:16 | 000,390,656 | ---- | M] () -- C:\WINDOWS\Installer\279b54.msi
    [2011/03/28 03:27:52 | 015,456,256 | R--- | M] () -- C:\WINDOWS\Installer\2803f0f.msp
    [2011/05/11 09:56:05 | 003,484,160 | ---- | M] () -- C:\WINDOWS\Installer\282cc6.msi
    [2012/02/03 15:13:48 | 004,988,928 | R--- | M] () -- C:\WINDOWS\Installer\2c0e891.msp
    [2011/10/30 22:54:38 | 002,748,416 | R--- | M] () -- C:\WINDOWS\Installer\2c0e89a.msp
    [2009/11/22 11:35:10 | 001,887,232 | ---- | M] () -- C:\WINDOWS\Installer\2cd4db.msi
    [2011/11/18 15:49:29 | 001,435,136 | ---- | M] () -- C:\WINDOWS\Installer\2d6bd5.msi
    [2009/02/25 19:08:18 | 008,311,808 | R--- | M] () -- C:\WINDOWS\Installer\2ed864.msp
    [2011/10/01 14:02:07 | 000,062,464 | ---- | M] () -- C:\WINDOWS\Installer\2f81b.msi
    [2012/01/22 10:09:26 | 001,700,352 | R--- | M] () -- C:\WINDOWS\Installer\2fb62f7.msp
    [2011/11/01 13:34:26 | 001,169,920 | R--- | M] () -- C:\WINDOWS\Installer\2fb630e.msp
    [2012/02/02 23:56:22 | 000,963,584 | R--- | M] () -- C:\WINDOWS\Installer\2fb6317.msp
    [2012/01/30 20:46:22 | 007,069,184 | R--- | M] () -- C:\WINDOWS\Installer\2fb6321.msp
    [2012/03/23 14:59:02 | 007,899,648 | R--- | M] () -- C:\WINDOWS\Installer\2fb6338.msp
    [2012/03/27 00:28:54 | 005,009,920 | R--- | M] () -- C:\WINDOWS\Installer\2fb6350.msp
    [2011/12/19 23:30:42 | 000,314,368 | ---- | M] () -- C:\WINDOWS\Installer\30aad9a.msi
    [2012/03/20 23:57:14 | 006,188,544 | R--- | M] () -- C:\WINDOWS\Installer\3412270.msp
    [2012/04/25 19:32:24 | 007,069,184 | R--- | M] () -- C:\WINDOWS\Installer\341227b.msp
    [2012/04/22 22:37:42 | 001,182,720 | R--- | M] () -- C:\WINDOWS\Installer\3412283.msp
    [2012/03/15 13:43:28 | 004,216,320 | R--- | M] () -- C:\WINDOWS\Installer\341228b.msp
    [2012/04/21 21:55:38 | 000,980,480 | R--- | M] () -- C:\WINDOWS\Installer\3412293.msp
    [2012/05/30 07:17:06 | 005,010,432 | R--- | M] () -- C:\WINDOWS\Installer\34122ab.msp
    [2009/10/16 07:09:28 | 002,518,016 | R--- | M] () -- C:\WINDOWS\Installer\34ff49.msp
    [2009/12/03 14:15:12 | 005,004,288 | R--- | M] () -- C:\WINDOWS\Installer\34ff61.msp
    [2010/02/06 14:16:54 | 000,429,568 | ---- | M] () -- C:\WINDOWS\Installer\34ff6c.msi
    [2009/04/24 12:28:00 | 004,450,816 | R--- | M] () -- C:\WINDOWS\Installer\3dabc0.msp
    [2009/05/04 07:47:22 | 009,124,864 | R--- | M] () -- C:\WINDOWS\Installer\3dabd9.msp
    [2009/05/04 07:49:40 | 010,955,776 | R--- | M] () -- C:\WINDOWS\Installer\3dac16.msp
    [2009/04/24 12:29:02 | 009,013,760 | R--- | M] () -- C:\WINDOWS\Installer\3dac30.msp
    [2009/05/26 18:53:56 | 000,579,072 | R--- | M] () -- C:\WINDOWS\Installer\3dac47.msp
    [2009/05/04 07:46:14 | 008,299,008 | R--- | M] () -- C:\WINDOWS\Installer\3dac60.msp
    [2009/05/26 18:54:44 | 004,192,768 | R--- | M] () -- C:\WINDOWS\Installer\3dac7d.msp
    [2009/04/24 12:30:16 | 002,583,552 | R--- | M] () -- C:\WINDOWS\Installer\3dac97.msp
    [2012/02/29 23:45:14 | 004,989,440 | R--- | M] () -- C:\WINDOWS\Installer\3e094.msp
    [2011/03/28 03:27:52 | 015,456,256 | R--- | M] () -- C:\WINDOWS\Installer\3ed81e.msp
    [2012/04/09 11:54:49 | 000,022,016 | ---- | M] () -- C:\WINDOWS\Installer\43412.msi
    [2011/04/18 18:39:14 | 000,223,232 | ---- | M] () -- C:\WINDOWS\Installer\4ddde5.msi
    [2011/09/21 16:18:24 | 004,985,856 | R--- | M] () -- C:\WINDOWS\Installer\587931.msp
    [2011/04/27 10:05:34 | 003,446,272 | ---- | M] () -- C:\WINDOWS\Installer\5ce74d.msi
    [2011/07/29 13:54:41 | 000,019,968 | ---- | M] () -- C:\WINDOWS\Installer\60e7f.msi
    [2010/12/25 14:41:34 | 003,065,856 | ---- | M] () -- C:\WINDOWS\Installer\6587a.msi
    [2011/06/21 12:01:14 | 004,991,488 | R--- | M] () -- C:\WINDOWS\Installer\68120.msp
    [2011/01/11 17:53:56 | 001,763,328 | R--- | M] () -- C:\WINDOWS\Installer\69bdf.msp
    [2009/08/18 13:08:34 | 001,373,696 | R--- | M] () -- C:\WINDOWS\Installer\6b9a59.msp
    [2009/07/27 04:31:24 | 003,738,624 | R--- | M] () -- C:\WINDOWS\Installer\6b9a71.msp
    [2009/08/18 12:50:38 | 012,022,272 | R--- | M] () -- C:\WINDOWS\Installer\6b9a95.msp
    [2009/08/05 07:49:32 | 003,457,024 | R--- | M] () -- C:\WINDOWS\Installer\6b9aaf.msp
    [2009/10/16 07:03:20 | 005,003,776 | R--- | M] () -- C:\WINDOWS\Installer\6b9ac7.msp
    [2009/08/18 12:57:54 | 009,122,304 | R--- | M] () -- C:\WINDOWS\Installer\6b9adf.msp
    [2009/08/18 12:58:56 | 008,301,056 | R--- | M] () -- C:\WINDOWS\Installer\6b9af7.msp
    [2012/03/20 23:57:14 | 006,188,544 | R--- | M] () -- C:\WINDOWS\Installer\6c6617.msp
    [2012/04/25 19:32:24 | 007,069,184 | R--- | M] () -- C:\WINDOWS\Installer\6c6621.msp
    [2012/04/22 22:37:42 | 001,182,720 | R--- | M] () -- C:\WINDOWS\Installer\6c6629.msp
    [2012/03/15 13:43:28 | 004,216,320 | R--- | M] () -- C:\WINDOWS\Installer\6c6631.msp
    [2012/04/21 21:55:38 | 000,980,480 | R--- | M] () -- C:\WINDOWS\Installer\6c6639.msp
    [2012/05/30 07:17:06 | 005,010,432 | R--- | M] () -- C:\WINDOWS\Installer\6c6650.msp
    [2011/08/09 10:49:23 | 003,489,280 | ---- | M] () -- C:\WINDOWS\Installer\6d792.msi
    [2010/12/28 20:47:55 | 003,144,704 | ---- | M] () -- C:\WINDOWS\Installer\71ce4f.msi
    [2009/10/26 21:39:58 | 001,549,312 | ---- | M] () -- C:\WINDOWS\Installer\766133.msi
    [2009/10/26 21:40:27 | 000,694,272 | ---- | M] () -- C:\WINDOWS\Installer\76613a.msi
    [2009/10/26 21:41:51 | 009,013,760 | ---- | M] () -- C:\WINDOWS\Installer\76613e.msi
    [2011/07/27 07:42:04 | 004,985,856 | R--- | M] () -- C:\WINDOWS\Installer\77c97.msp
    [2011/05/02 00:06:16 | 002,705,920 | R--- | M] () -- C:\WINDOWS\Installer\77ca0.msp
    [2011/03/31 09:12:49 | 001,615,360 | ---- | M] () -- C:\WINDOWS\Installer\7cbaa.msi
    [2011/06/21 12:01:14 | 004,991,488 | R--- | M] () -- C:\WINDOWS\Installer\843fdb.msp
    [2011/03/28 03:27:52 | 015,456,256 | R--- | M] () -- C:\WINDOWS\Installer\843fe9.msp
    [2009/04/14 03:22:08 | 019,840,000 | R--- | M] () -- C:\WINDOWS\Installer\88b0b5.msp
    [2009/04/14 03:20:06 | 009,573,376 | R--- | M] () -- C:\WINDOWS\Installer\88b0bf.msp
    [2009/04/14 04:51:24 | 001,303,040 | R--- | M] () -- C:\WINDOWS\Installer\88b0c9.msp
    [2009/04/14 04:49:26 | 001,922,560 | R--- | M] () -- C:\WINDOWS\Installer\88b0d2.msp
    [2009/04/14 04:18:14 | 009,684,480 | R--- | M] () -- C:\WINDOWS\Installer\88b0dc.msp
    [2009/04/14 04:50:22 | 005,191,680 | R--- | M] () -- C:\WINDOWS\Installer\88b0e6.msp
    [2009/04/14 04:56:18 | 020,498,944 | R--- | M] () -- C:\WINDOWS\Installer\88b0f0.msp
    [2009/05/07 09:04:06 | 018,341,376 | R--- | M] () -- C:\WINDOWS\Installer\88b0fa.msp
    [2009/04/14 04:21:34 | 015,303,168 | R--- | M] () -- C:\WINDOWS\Installer\88b104.msp
    [2009/04/14 03:46:12 | 015,438,848 | R--- | M] () -- C:\WINDOWS\Installer\88b10e.msp
    [2011/01/11 17:52:58 | 003,360,768 | R--- | M] () -- C:\WINDOWS\Installer\9109c9.msp
    [2011/02/24 15:15:46 | 011,551,232 | R--- | M] () -- C:\WINDOWS\Installer\93dbda.msp
    [2010/11/20 23:33:46 | 001,980,928 | R--- | M] () -- C:\WINDOWS\Installer\93dbf2.msp
    [2011/01/11 17:50:38 | 008,177,152 | R--- | M] () -- C:\WINDOWS\Installer\93dc0a.msp
    [2011/03/17 20:01:58 | 009,563,648 | R--- | M] () -- C:\WINDOWS\Installer\93dc22.msp
    [2011/02/11 20:47:00 | 012,028,928 | R--- | M] () -- C:\WINDOWS\Installer\93dc2f.msp
    [2010/11/20 23:32:52 | 004,165,120 | R--- | M] () -- C:\WINDOWS\Installer\93dc48.msp
    [2011/01/11 17:49:20 | 009,003,008 | R--- | M] () -- C:\WINDOWS\Installer\93dc60.msp
    [2011/03/17 20:05:24 | 004,989,440 | R--- | M] () -- C:\WINDOWS\Installer\93dc78.msp
    [2011/03/12 17:41:39 | 001,615,360 | ---- | M] () -- C:\WINDOWS\Installer\94d39.msi
    [2011/06/24 13:28:59 | 003,489,280 | ---- | M] () -- C:\WINDOWS\Installer\969ca.msi
    [2011/08/13 22:05:36 | 001,565,696 | ---- | M] () -- C:\WINDOWS\Installer\97e71.msi
    [2011/08/05 11:45:29 | 003,489,280 | ---- | M] () -- C:\WINDOWS\Installer\9f81b.msi
    [2011/03/30 09:19:09 | 001,615,360 | ---- | M] () -- C:\WINDOWS\Installer\a1aea.msi
    [2011/10/02 15:12:01 | 008,761,856 | ---- | M] () -- C:\WINDOWS\Installer\ad246.msi
    [2009/09/15 12:29:44 | 000,432,640 | ---- | M] () -- C:\WINDOWS\Installer\ad7b38.msi
    [2009/04/04 10:14:58 | 001,094,656 | R--- | M] () -- C:\WINDOWS\Installer\ad7b44.msp
    [2009/04/04 11:36:32 | 021,390,848 | R--- | M] () -- C:\WINDOWS\Installer\ad7b45.msp
    [2009/04/04 17:09:34 | 015,190,016 | R--- | M] () -- C:\WINDOWS\Installer\ad7b66.msp
    [2009/04/04 17:08:40 | 343,058,432 | R--- | M] () -- C:\WINDOWS\Installer\ad7d1a.msp
    [2009/04/04 17:10:08 | 009,926,144 | R--- | M] () -- C:\WINDOWS\Installer\ad7d26.msp
    [2009/04/04 17:10:16 | 007,888,384 | R--- | M] () -- C:\WINDOWS\Installer\ad7d31.msp
    [2009/04/04 17:10:24 | 001,282,560 | R--- | M] () -- C:\WINDOWS\Installer\ad7d3a.msp
    [2009/09/15 12:41:16 | 000,248,832 | ---- | M] () -- C:\WINDOWS\Installer\ad7d42.msi
    [2009/09/15 12:41:55 | 000,119,296 | ---- | M] () -- C:\WINDOWS\Installer\ad7d49.msi
    [2009/08/18 12:56:58 | 005,020,672 | R--- | M] () -- C:\WINDOWS\Installer\ad7d60.msp
    [2011/01/18 23:36:00 | 002,687,488 | R--- | M] () -- C:\WINDOWS\Installer\af857f.msp
    [2011/07/11 17:19:28 | 010,619,904 | R--- | M] () -- C:\WINDOWS\Installer\b038a8.msp
    [2011/04/13 11:37:02 | 019,201,024 | R--- | M] () -- C:\WINDOWS\Installer\b038b1.msp
    [2011/12/26 05:06:20 | 005,115,392 | R--- | M] () -- C:\WINDOWS\Installer\b038b9.msp
    [2011/10/26 15:38:54 | 002,830,848 | R--- | M] () -- C:\WINDOWS\Installer\b038c1.msp
    [2011/04/28 05:42:32 | 004,990,976 | R--- | M] () -- C:\WINDOWS\Installer\b33651.msp
    [2011/04/29 12:27:04 | 004,158,464 | R--- | M] () -- C:\WINDOWS\Installer\b33669.msp
    [2011/04/22 19:41:34 | 011,507,712 | R--- | M] () -- C:\WINDOWS\Installer\b33685.msp
    [2011/12/08 19:24:04 | 004,989,952 | R--- | M] () -- C:\WINDOWS\Installer\b4d2db.msp
    [2008/12/13 10:21:36 | 010,473,472 | R--- | M] () -- C:\WINDOWS\Installer\b595f.msp
    [2008/12/13 09:58:22 | 000,754,688 | R--- | M] () -- C:\WINDOWS\Installer\b596c.msp
    [2012/07/04 21:06:41 | 000,863,744 | ---- | M] () -- C:\WINDOWS\Installer\b7a2ed.msi
    [2012/07/04 21:08:14 | 000,176,128 | ---- | M] () -- C:\WINDOWS\Installer\b7a2f4.msi
    [2011/06/03 11:51:55 | 003,485,696 | ---- | M] () -- C:\WINDOWS\Installer\b8ff1.msi
    [2010/05/19 13:08:52 | 011,408,896 | R--- | M] () -- C:\WINDOWS\Installer\b9a5ac.msp
    [2011/03/31 08:58:05 | 001,615,360 | ---- | M] () -- C:\WINDOWS\Installer\c61cc.msi
    [2010/10/08 22:07:04 | 011,559,424 | R--- | M] () -- C:\WINDOWS\Installer\cc0629.msp
    [2010/07/23 01:03:24 | 000,338,432 | R--- | M] () -- C:\WINDOWS\Installer\cc0641.msp
    [2010/11/20 23:35:20 | 003,359,744 | R--- | M] () -- C:\WINDOWS\Installer\cc0659.msp
    [2010/10/21 18:10:00 | 003,995,136 | R--- | M] () -- C:\WINDOWS\Installer\cc0675.msp
    [2010/08/04 15:13:04 | 000,686,080 | R--- | M] () -- C:\WINDOWS\Installer\d6a3c7.msp
    [2010/07/23 01:04:08 | 011,395,072 | R--- | M] () -- C:\WINDOWS\Installer\d6a3e4.msp
    [2011/09/15 23:05:54 | 001,411,072 | R--- | M] () -- C:\WINDOWS\Installer\d9a98a.msp
    [2011/09/15 23:07:52 | 034,428,416 | R--- | M] () -- C:\WINDOWS\Installer\d9a98b.msp
    [2011/09/15 23:07:28 | 016,691,712 | R--- | M] () -- C:\WINDOWS\Installer\d9a9a7.msp
    [2011/09/15 23:04:54 | 428,804,608 | R--- | M] () -- C:\WINDOWS\Installer\d9abd6.msp
    [2011/09/15 23:08:04 | 010,838,528 | R--- | M] () -- C:\WINDOWS\Installer\d9abe2.msp
    [2011/09/15 23:09:22 | 011,163,136 | R--- | M] () -- C:\WINDOWS\Installer\d9abef.msp
    [2011/09/15 23:10:36 | 007,959,552 | R--- | M] () -- C:\WINDOWS\Installer\d9abfa.msp
    [2011/07/12 15:50:24 | 017,555,968 | R--- | M] () -- C:\WINDOWS\Installer\df6108.msp
    [2011/07/11 20:43:20 | 011,641,344 | R--- | M] () -- C:\WINDOWS\Installer\df6114.msp
    [2010/12/28 11:37:06 | 001,572,352 | ---- | M] () -- C:\WINDOWS\Installer\e42a2.msi
    [2010/08/13 18:01:28 | 008,993,280 | R--- | M] () -- C:\WINDOWS\Installer\e8a45c.msp
    [2010/09/17 06:06:50 | 003,355,648 | R--- | M] () -- C:\WINDOWS\Installer\e8a474.msp
    [2010/08/13 18:02:20 | 002,545,664 | R--- | M] () -- C:\WINDOWS\Installer\e8a48c.msp
    [2010/08/13 17:59:46 | 008,182,272 | R--- | M] () -- C:\WINDOWS\Installer\e8a4a4.msp
    [2010/08/13 18:00:36 | 009,404,928 | R--- | M] () -- C:\WINDOWS\Installer\e8a4bd.msp
    [2010/09/23 07:39:44 | 004,265,472 | R--- | M] () -- C:\WINDOWS\Installer\e8a4c9.msp
    [2010/09/23 21:02:28 | 000,798,208 | R--- | M] () -- C:\WINDOWS\Installer\e8a4d2.msp
    [2010/09/24 07:08:50 | 017,518,080 | R--- | M] () -- C:\WINDOWS\Installer\e8a4ec.msp
    [2010/10/07 18:43:04 | 001,980,416 | R--- | M] () -- C:\WINDOWS\Installer\f2f097.msp
    [2010/10/21 18:12:42 | 003,359,744 | R--- | M] () -- C:\WINDOWS\Installer\f2f0af.msp
    [2010/09/17 06:04:16 | 009,401,856 | R--- | M] () -- C:\WINDOWS\Installer\f2f0c7.msp
    [2012/07/03 23:17:54 | 000,947,024 | ---- | M] (SANDBOXIE L.T.D) -- C:\WINDOWS\Installer\SandboxieInstall32.exe
    [2012/06/30 20:27:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{3C3901C5-3455-3E0A-A214-0B093A5070A6}.SchedServiceConfig.rmi
    [2010/08/04 17:08:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Installer\wix{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.SchedServiceConfig.rmi
    [6 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

    < %windir%\system32\tasks\*.* >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\*. /mp /s >

    < MD5 for: EXPLORER.EXE >
    [2008/04/14 17:30:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
    [2008/04/14 17:30:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/14 17:30:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

    < MD5 for: REGEDIT.EXE >
    [2008/04/14 17:30:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\erdnt\cache\regedit.exe
    [2008/04/14 17:30:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe
    [2008/04/14 17:30:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\system32\dllcache\regedit.exe

    < MD5 for: RUNSERVICE.EXE >
    [2010/06/13 14:51:35 | 000,002,560 | ---- | M] () MD5=29FAB5363138F6E322F4CD780ED9D337 -- C:\WINDOWS\Runservice.exe

    < MD5 for: SVCHOST.EXE >
    [2008/04/14 17:30:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
    [2008/04/14 17:30:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
    [2008/04/14 17:30:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2008/04/14 17:30:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
    [2008/04/14 17:30:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
    [2008/04/14 17:30:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2008/04/14 17:30:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
    [2008/04/14 17:30:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
    [2008/04/14 17:30:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

    < C:\Windows\assembly\tmp\U\*.* /s >

    < %Temp%\smtmp\1\*.* >

    < %Temp%\smtmp\2\*.* >

    < %Temp%\smtmp\3\*.* >

    < %Temp%\smtmp\4\*.* >

    < type c:\diskreport.txt /c >
    Microsoft DiskPart version 5.1.3565
    Copyright (C) 1999-2003 Microsoft Corporation.
    On computer: CHANGEME
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    Volume 0 F DVD-ROM 0 B
    Volume 1 C NTFS Partition 20 GB Healthy System
    Volume 2 D NTFS Partition 26 GB Healthy
    Volume 3 E NTFS Partition 29 GB Healthy

    ========== Files - Unicode (All) ==========
    [2010/11/06 13:29:31 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\&#65533;&#602;
    [2010/11/06 13:29:31 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\&#65533;&#602;

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

    < End of report >





    OTL Extras logfile created on: 7/6/2012 4:08:12 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\sachin\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    958.48 Mb Total Physical Memory | 617.59 Mb Available Physical Memory | 64.43% Memory free
    1.97 Gb Paging File | 1.50 Gb Available in Paging File | 76.21% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 19.53 Gb Total Space | 6.51 Gb Free Space | 33.34% Space Free | Partition Type: NTFS
    Drive D: | 25.72 Gb Total Space | 14.14 Gb Free Space | 54.96% Space Free | Partition Type: NTFS
    Drive E: | 29.29 Gb Total Space | 19.70 Gb Free Space | 67.25% Space Free | Partition Type: NTFS

    Computer Name: CHANGEME | User Name: sachin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = Opera.HTML] -- D:\Soft\Opera\New Folder\Opera.exe (Opera Software)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1644491937-1229272821-1177238915-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- D:\Soft\Firefox\New Folder\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    https [open] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "D:\Soft\VLC\New Folder\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "D:\Soft\VLC\New Folder\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "41111:TCP" = 41111:TCP:*:Enabled:eMule_TCP
    "42222:UDP" = 42222:UDP:*:Enabled:eMule_UDP

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "D:\Soft\Paltalk\New Folder\paltalk.exe" = D:\Soft\Paltalk\New Folder\paltalk.exe:*:Enabled:paltalkScene -- (AVM Software Inc.)
    "D:\Soft\UTorrent\New Folder\uTorrent.exe" = D:\Soft\UTorrent\New Folder\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "D:\Soft\MT5\New Folder\metatester.exe" = D:\Soft\MT5\New Folder\metatester.exe:*:Enabled:MetaTrader 5 Strategy Tester Agent -- (MetaQuotes Software Corp.)
    "D:\Soft\Opera\New Folder\opera.exe" = D:\Soft\Opera\New Folder\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
    "D:\Soft\Opera\New Folder\pluginwrapper\opera_plugin_wrapper.exe" = D:\Soft\Opera\New Folder\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "ArtMoney SE_is1" = ArtMoney SE v7.33
    "ATI Display Driver" = ATI Display Driver
    "avast" = avast! Free Antivirus
    "Broco Trader 5" = Broco Trader 5
    "CCleaner" = CCleaner
    "Defraggler" = Defraggler
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Forex4you Terminal" = Forex4you Terminal
    "GOM Player" = GOM Player
    "HotForex MetaTrader" = HotForex MetaTrader
    "ie8" = Windows Internet Explorer 8
    "KeyScrambler" = KeyScrambler
    "Logitech Resource Center" = Logitech Resource Center
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "MetaTrader - EXNESS" = MetaTrader - EXNESS
    "MetaTrader - One Financial" = MetaTrader - One Financial
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MiPony" = MiPony 1.3.0
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NeroMultiInstaller!UninstallKey" = Nero Suite
    "NetMeter_is1" = NetMeter 1.1.3
    "Opera 12.00.1467" = Opera 12.00
    "PalTalk8.2" = Paltalk Messenger
    "RealAlt_is1" = Real Alternative 2.0.2
    "Recuva" = Recuva
    "rFactor" = rFactor (remove only)
    "Roadrash 955.3.2.0" = Roadrash 95
    "Sandboxie" = Sandboxie 3.60 (32-bit)
    "SpywareBlaster_is1" = SpywareBlaster 4.6
    "SpywareGuard_is1" = SpywareGuard v2.2
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 0.9.9
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xvid Video Codec 1.3.2" = Xvid Video Codec
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== Last 20 Event Log Errors ==========

    [ OSession Events ]
    Error - 12/14/2011 2:42:39 AM | Computer Name = CHANGEME | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2990
    seconds with 1020 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 7/4/2012 4:51:30 PM | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7034
    Description = The LicCtrl Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 7/5/2012 2:46:33 AM | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    TfFsMon TfSysMon

    Error - 7/5/2012 6:25:40 AM | Computer Name = CHANGEME | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC000009A'
    while processing the file 'lastprofile.ini' on the volume 'HarddiskVolume2'. It
    has stopped monitoring the volume.

    Error - 7/5/2012 6:36:36 AM | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    TfFsMon TfSysMon

    Error - 7/5/2012 8:58:29 AM | Computer Name = CHANGEME | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC000009A'
    while processing the file 'lastparameters.ini' on the volume 'HarddiskVolume2'.
    It has stopped monitoring the volume.

    Error - 7/5/2012 9:10:38 AM | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    TfFsMon TfSysMon

    Error - 7/6/2012 12:01:05 AM | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    TfFsMon TfSysMon

    Error - 7/6/2012 12:18:20 AM | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    TfFsMon TfSysMon

    Error - 7/6/2012 1:21:08 AM | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    TfFsMon TfSysMon

    Error - 7/6/2012 1:26:54 AM | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    TfFsMon TfSysMon


    < End of report >
     
  8. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
    Okay, can you uninstall this via AddRemove Programs:

    NetMeter 1.1.3

    -----------

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      Code:
      :OTL
      SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
      DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
      DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
      DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\skbdrv.sys -- (skbdrv)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
      DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
      DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
      DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
      DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
      DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\sachin\LOCALS~1\Temp\catchme.sys -- (catchme)
      DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
      DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
      DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
      DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
      DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
      DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
      DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
      DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
      IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
      IE - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = 
      FF - user.js - File not found
      FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
      FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O3 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
      O3 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: FVDIEPlugin Add Page - res://D:\Soft\FLASHD~1\NEWFOL~1\FVDIEP~1\FVDIEPlugin_1.dll/IECONTEXT.DLL.HTM File not found
      O4 - HKU\S-1-5-21-1644491937-1229272821-1177238915-1003..\Run: [D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe] D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe ()
      PRC - [2007/08/11 19:20:00 | 000,331,264 | ---- | M] () -- D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe
      MOD - [2007/08/11 19:20:00 | 000,331,264 | ---- | M] () -- D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe
      ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
      [2011/11/18 16:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sachin\Application Data\IObit
      @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
      :Files
      C:\WINDOWS\System32\mmf*.sys
      ipconfig /flushdns /c
      :Commands 
      [purity] 
      [resethosts] 
      [emptytemp] 
      [emptyjava]
      [EMPTYFLASH] 
      [CREATERESTOREPOINT] 
      [Reboot]
    • Then click the Run Fix button at the top
    • Click OK.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.



    -----------------------------
    Do you know what this folder is?

    C:\D&#367;

    If not, we'll have a look at it later.

    eddie
     
  9. ryan41225

    ryan41225 Thread Starter

    Joined:
    Jul 2, 2012
    Messages:
    22
    Netmeter was uninstalled.

    I closed everything & ran OTL but it popped a notepad already, I closed the notepad & ran OTL again, this time it opened & the fix was run as directed, it asked for a reboot, upon logging back in, OTL wished to run again but I selected Cancel & proceeded to open the Log & was surprised to realize that it resembled the notepad that had popped up a little while back :confused:


    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\sachin\Desktop\cmd.bat not found!

    PendingFileRenameOperations files...
    File C:\Documents and Settings\sachin\Desktop\cmd.bat not found!

    Registry entries deleted on Reboot...


    ----------------------------------------------

    Another weird thing that has occurred is that one of these cleaning-programs cleaned up Winamp, therefore all the audio-files' icons changed to Windows Media Player but interestingly enough, upon a double-click, they were trying to open within Sandboxie's sandbox, a little bemused, I right-clicked & realized that for some reason the first option was "Run Sandboxed" & the regular "Open" option was missing :confused:

    I have no idea what C:\D&#367; is!It seems to resemble the user-account-folders found in Documents & Settings folder because C:\D&#367; has 2 folders in it, named Application Data & Local Settings, former is empty while the latter has a folder named Temporary Internet Files in it, which is also empty.
     
  10. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
    As you pressed cancel after rebooting, some of the entries I posted in the fix may have not removed properly. As you have copied/pasted the log, it said this:

    Registry entries deleted on Reboot...

    So, if you press cancel, it won't do that step.

    Can you re-scan with OTL again, like you did at the very beginning, and I'll see if any need to be removed still. Only the one log will appear ;)

    ---
    That's strange, as my fix didn't touch Winamp, or any file associations :confused:

    When you right-click on the audio file, do you have the option Open With?

    If so, select Choose Default or Browse, then navigate to the Winamp folder in Program Files, select Winamp.exe, and click Open. Make sure the box is ticked to Always use this Program.... Apply and OK.

    ------

    As for that other folder, lets have a deeper look, plus there is something else I want to look at :)

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :dir
      C:\D&#367; /sub
      C:\WINDOWS\System32\&#65533;&#602; /sub
      :file
      C:\WINDOWS\System32\&#65533;&#602;
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found at on your Desktop entitled SystemLook.txt
     
  11. ryan41225

    ryan41225 Thread Starter

    Joined:
    Jul 2, 2012
    Messages:
    22
    Well, I didn't run the scan with OTL because the moment I double-clicked on OTL to run it, the following log popped up & looking at it, I thought this is the one you were expecting to see.





    All processes killed
    ========== OTL ==========
    Service HidServ stopped successfully!
    Service HidServ deleted successfully!
    File %SystemRoot%\System32\hidserv.dll not found.
    Service WDICA stopped successfully!
    Service WDICA deleted successfully!
    Service TfSysMon stopped successfully!
    Service TfSysMon deleted successfully!
    File system32\drivers\TfSysMon.sys not found.
    Service TfNetMon stopped successfully!
    Service TfNetMon deleted successfully!
    File C:\WINDOWS\system32\drivers\TfNetMon.sys not found.
    Service TfFsMon stopped successfully!
    Service TfFsMon deleted successfully!
    File system32\drivers\TfFsMon.sys not found.
    Service skbdrv stopped successfully!
    Service skbdrv deleted successfully!
    File system32\DRIVERS\skbdrv.sys not found.
    Service PDRFRAME stopped successfully!
    Service PDRFRAME deleted successfully!
    Service PDRELI stopped successfully!
    Service PDRELI deleted successfully!
    Service PDFRAME stopped successfully!
    Service PDFRAME deleted successfully!
    Service PDCOMP stopped successfully!
    Service PDCOMP deleted successfully!
    Service PCIDump stopped successfully!
    Service PCIDump deleted successfully!
    Service mcdbus stopped successfully!
    Service mcdbus deleted successfully!
    File system32\DRIVERS\mcdbus.sys not found.
    Service lbrtfdc stopped successfully!
    Service lbrtfdc deleted successfully!
    Service i2omgmt stopped successfully!
    Service i2omgmt deleted successfully!
    Service Changer stopped successfully!
    Service Changer deleted successfully!
    Service catchme stopped successfully!
    Service catchme deleted successfully!
    File C:\DOCUME~1\sachin\LOCALS~1\Temp\catchme.sys not found.
    Service AVGIDSDriver stopped successfully!
    Service AVGIDSDriver deleted successfully!
    C:\WINDOWS\system32\drivers\AVGIDSDriver.sys moved successfully.
    Error: Unable to stop service Avgtdix!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgtdix deleted successfully.
    C:\WINDOWS\system32\drivers\avgtdix.sys moved successfully.
    Error: Unable to stop service Avgrkx86!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgrkx86 deleted successfully.
    C:\WINDOWS\system32\drivers\avgrkx86.sys moved successfully.
    Service Avgmfx86 stopped successfully!
    Service Avgmfx86 deleted successfully!
    C:\WINDOWS\system32\drivers\avgmfx86.sys moved successfully.
    Error: Unable to stop service AVGIDSEH!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGIDSEH deleted successfully.
    C:\WINDOWS\system32\drivers\AVGIDSEH.sys moved successfully.
    Service AVGIDSShim stopped successfully!
    Service AVGIDSShim deleted successfully!
    C:\WINDOWS\system32\drivers\AVGIDSShim.sys moved successfully.
    Service AVGIDSFilter stopped successfully!
    Service AVGIDSFilter deleted successfully!
    C:\WINDOWS\system32\drivers\AVGIDSFilter.sys moved successfully.
    Service Avgldx86 stopped successfully!
    Service Avgldx86 deleted successfully!
    C:\WINDOWS\system32\drivers\avgldx86.sys moved successfully.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1644491937-1229272821-1177238915-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1644491937-1229272821-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1644491937-1229272821-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-21-1644491937-1229272821-1177238915-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\FVDIEPlugin Add Page\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1644491937-1229272821-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run\\D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe not found.
    D:\Soft\NetMeter\New Folder\NetMeter\NetMeter.exe moved successfully.
    No active process named NetMeter.exe was found!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\ not found.
    C:\Documents and Settings\sachin\Application Data\IObit\IObit Uninstaller\Log folder moved successfully.
    C:\Documents and Settings\sachin\Application Data\IObit\IObit Uninstaller\Language folder moved successfully.
    C:\Documents and Settings\sachin\Application Data\IObit\IObit Uninstaller folder moved successfully.
    C:\Documents and Settings\sachin\Application Data\IObit folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
    ========== FILES ==========
    C:\WINDOWS\System32\mmf(10)(2).sys moved successfully.
    C:\WINDOWS\System32\mmf(12)(2).sys moved successfully.
    C:\WINDOWS\System32\mmf(2)(10).sys moved successfully.
    C:\WINDOWS\System32\mmf(2)(11).sys moved successfully.
    C:\WINDOWS\System32\mmf(2)(12).sys moved successfully.
    C:\WINDOWS\System32\mmf(2)(13).sys moved successfully.
    C:\WINDOWS\System32\mmf(2)(14).sys moved successfully.
    C:\WINDOWS\System32\mmf(2)(15).sys moved successfully.
    C:\WINDOWS\System32\mmf(2)(2).sys moved successfully.
    C:\WINDOWS\System32\mmf(2)(3).sys moved successfully.
    C:\WINDOWS\System32\mmf(2)(4).sys moved successfully.
    C:\WINDOWS\System32\mmf(2)(5).sys moved successfully.
    C:\WINDOWS\System32\mmf(2)(6).sys moved successfully.
    C:\WINDOWS\System32\mmf(2)(7).sys moved successfully.
    C:\WINDOWS\System32\mmf(2)(8).sys moved successfully.
    C:\WINDOWS\System32\mmf(2)(9).sys moved successfully.
    C:\WINDOWS\System32\mmf(3)(2).sys moved successfully.
    C:\WINDOWS\System32\mmf(3)(3).sys moved successfully.
    C:\WINDOWS\System32\mmf(3)(4).sys moved successfully.
    C:\WINDOWS\System32\mmf(3)(5).sys moved successfully.
    C:\WINDOWS\System32\mmf(3)(6).sys moved successfully.
    C:\WINDOWS\System32\mmf(3)(7).sys moved successfully.
    C:\WINDOWS\System32\mmf(3)(8).sys moved successfully.
    C:\WINDOWS\System32\mmf(3)(9).sys moved successfully.
    C:\WINDOWS\System32\mmf(4)(2).sys moved successfully.
    C:\WINDOWS\System32\mmf(4)(3).sys moved successfully.
    C:\WINDOWS\System32\mmf(4)(4).sys moved successfully.
    C:\WINDOWS\System32\mmf(4)(5).sys moved successfully.
    C:\WINDOWS\System32\mmf(4)(6).sys moved successfully.
    C:\WINDOWS\System32\mmf(5)(2).sys moved successfully.
    C:\WINDOWS\System32\mmf(5)(3).sys moved successfully.
    C:\WINDOWS\System32\mmf(5)(4).sys moved successfully.
    C:\WINDOWS\System32\mmf(6)(2).sys moved successfully.
    C:\WINDOWS\System32\mmf(6)(3).sys moved successfully.
    C:\WINDOWS\System32\mmf(8)(2).sys moved successfully.
    C:\WINDOWS\System32\mmf(9)(2).sys moved successfully.
    C:\WINDOWS\System32\mmf.sys moved successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\sachin\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\sachin\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 49286 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 49286 bytes

    User: sachin
    ->Temp folder emptied: 38234900 bytes
    ->Temporary Internet Files folder emptied: 2228224 bytes
    ->Java cache emptied: 12674789 bytes
    ->FireFox cache emptied: 54735025 bytes
    ->Flash cache emptied: 2456 bytes

    User: sachin1
    ->Temp folder emptied: 2322 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 11846354 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 66271 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 114.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: sachin
    ->Java cache emptied: 0 bytes

    User: sachin1
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: sachin
    ->Flash cache emptied: 0 bytes

    User: sachin1

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.53.1 log created on 07102012_004552

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...





    And yes, the audio-files do have "Open With" option but as I've said, Winamp doesn't seem to be on the system anymore, it was probably taken out by one of the programs, & Avast wouldn't let me re-install it, weird because it didn't have any problems with Winamp for so many months that it has been on the system; I Googled & found that some security-programs do list Winamp as a threat so I don't know if I should install it or not.

    Update on the situation right now is that things have been pretty quiet for the last couple of days, no drama :)





    SystemLook 30.07.11 by jpshortstuff
    Log created at 13:17 on 11/07/2012 by sachin
    Administrator - Elevation successful

    ========== dir ==========

    C:\D&#367; - Parameters: "/sub"

    ---Files---
    None found.

    C:\D&#367;\Application Data d------ [18:40 16/09/2009]

    C:\D&#367;\Local Settings d------ [18:40 16/09/2009]

    C:\D&#367;\Local Settings\Temporary Internet Files d------ [18:40 16/09/2009]

    C:\WINDOWS\System32\&#65533;&#602; - Unable to find folder.

    ========== file ==========

    C:\WINDOWS\System32\&#65533;&#602; - Unable to find/read file.

    -= EOF =-
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
    Yep, looks like it just needed to be started again, as that is indeed the log I wanted :)

    Can you run a scan here:

    Please go to here to run an online scannner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click Scan
    • Wait for the scan to finish
    • If any threats were found, click the 'List of found threats' , then click Export to text file....
    • Save it to your desktop, then please copy and paste that log as a reply to this topic.



    On a side note, since the Eset scanner is a 32-bit applcation, If you're running a 64-bit system you have to choose the 32-bit option in IE when running the scan
     
  13. ryan41225

    ryan41225 Thread Starter

    Joined:
    Jul 2, 2012
    Messages:
    22
    C:\Documents and Settings\sachin\My Documents\Downloads\winamp5623_full_emusic-7plus_en-us.exe Win32/OpenCandy application cleaned by deleting - quarantined
    D:\Soft\Driver Reviver\DriverReviverSetup.exe a variant of Win32/RegistryReviver application cleaned by deleting - quarantined
    D:\Soft\IObit Malware Fighter\imf-setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
    D:\Soft\Youtube Downloader\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
    Okay, can you re-run SystemLook as you did before, but with the following code and post the log it produces:

    Code:
    :filefind
    *AVG
    *Netmeter
    *Iobit
    :folderfind
    *AVG
    *Netmeter
    *Iobit
    
     
  15. ryan41225

    ryan41225 Thread Starter

    Joined:
    Jul 2, 2012
    Messages:
    22
    SystemLook 30.07.11 by jpshortstuff
    Log created at 00:07 on 17/07/2012 by sachin
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*AVG"
    No files found.

    Searching for "*Netmeter"
    No files found.

    Searching for "*Iobit"
    No files found.

    ========== folderfind ==========

    Searching for "*AVG"
    C:\WINDOWS\system32\drivers\AVG d------ [09:54 01/12/2010]

    Searching for "*Netmeter"
    C:\_OTL\MovedFiles\07102012_004552\D_Soft\NetMeter d------ [19:19 09/07/2012]
    C:\_OTL\MovedFiles\07102012_004552\D_Soft\NetMeter\New Folder\NetMeter d------ [19:19 09/07/2012]

    Searching for "*Iobit"
    C:\_OTL\MovedFiles\07102012_004552\C_Documents and Settings\sachin\Application Data\IObit d------ [19:19 09/07/2012]

    -= EOF =-
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1059450