Jump to content
Sign in to follow this  
AbsurdNY

Many Problems. All the sudden CPU usage 100%, audio skipping bad

Recommended Posts

AbsurdNY   

Hello my name is Mike. I own a music studio and also do a lot of work with graphic design and other media jobs. This computer is my main computer for audio/video production and it has a lot of money into it with hardware and software. Without this computer my business is at a standstill as I do almost everything on it.

 

The problems I am having are mostly in the audio area. This problem just came on about a week ago. The audio crackles and skips when I am using audio programs. I also have a problem with my internet connection. When I am using audio programs I normally disable the internet connection. When I try to do it now, all of the sudden it does not let me and it says "It is not possible to disable this connection at this time. This connection may be using one or more protocols that do not support plug-and-play, or it may be initiated by another user or system account."

 

The CPU usage shoots up to 100% out of nowhere.

 

The computer is a dual boot system (XP and Vista) but I mostly use XP as most of my programs are under that O.S.

 

Please help me! Thanks in advance.

 

Here is my HJT log:

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:42:14 AM, on 7/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\LEXBCES.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\LEXPPS.EXE

D:\Program Files\Google\Update\GoogleUpdate.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\RUNDLL32.EXE

D:\WINDOWS\System32\M-AudioTaskBarIcon.exe

D:\Program Files\COMODO\Firewall\cfp.exe

D:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe

D:\Program Files\Java\jre6\bin\jusched.exe

E:\AVG\avgwdsvc.exe

D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

D:\Program Files\Bonjour\mDNSResponder.exe

D:\Program Files\COMODO\Firewall\cmdagent.exe

G:\digidesign\Digidesign\Drivers\MMERefresh.exe

D:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe

D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

D:\WINDOWS\system32\rundll32.exe

E:\AVG\avgrsx.exe

E:\Spybot - Search & Destroy\TeaTimer.exe

D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\system32\IoctlSvc.exe

D:\WINDOWS\system32\PnkBstrA.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

E:\AVG\avgemc.exe

E:\AVG\avgcsrvx.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

D:\Program Files\Internet Download Manager\IEMonitor.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - E:\AVG\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Downloads\adobe\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\AVG\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - D:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - E:\AVG\Toolbar\IEToolbar.dll

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - E:\AVG\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [M-Audio Taskbar Icon] D:\WINDOWS\System32\M-AudioTaskBarIcon.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] E:\AVG\avgtray.exe

O4 - HKLM\..\Run: [XboxStat] "D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Rivatuner\RivaTuner v2.24\RivaTuner.exe" /S

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Flashget]

O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKCU\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [spybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\11b60ed9-558f-4a2f-bedc-e58aa3a9e0f8.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [iDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [EA Core] D:\Program Files\Electronic Arts\EADM\Core.exe -silent

O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE

O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\AVG\avgpp.dll

O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: !SASWinLogon - D:\WINDOWS\

O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autodata Limited License Service - Autodata Limited - D:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\AVG\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\AVG\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - G:\digidesign\Digidesign\Drivers\MMERefresh.exe

O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - G:\digidesign\Digidesign\Pro Tools\digiSPTIService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c9cd3721a28848) (gupdate1c9cd3721a28848) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

O24 - Desktop Component 0: Aqua Real 2 - AD0FABD2-7EAE-40B8-8F44-6FCFE6C883CD

 

--

End of file - 10302 bytes

Edited by AbsurdNY

Share this post


Link to post
Share on other sites
Katana   

Please note that all instructions given are customised for this computer only,

the tools used may cause damage if used on a computer with different infections.

 

If you think you have similar problems, please post a log in the HJT forum and wait for help.

 

Hello and welcome to the forums

 

My name is Katana and I will be helping you to remove any infection(s) that you may have.

 

Please observe these rules while we work:

  • Please Read All Instructions Carefully
  • If you don't understand something, stop and ask! Don't keep going on.
  • Please do not run any other tools or scans whilst I am helping you
  • Failure to reply within 5 days will result in the topic being closed.
  • Please continue to respond until I give you the "All Clear"

    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly Posted Image

 

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

 

Please Note, your security programs may give warnings for some of the tools I will ask you to use.

Be assured, any links I give are safe

----------------------------------------------------------------------------------------

 

 

 

Download and Run RSIT

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
Please Download GMER to your desktop

 

Download GMER and extract it to your desktop.

 

***Please close any open programs ***

 

Double-click gmer.exe. The program will begin to run.

 

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

 

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click Yes.

  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.

  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

 

Please post the results from the GMER scan in your reply.

Share this post


Link to post
Share on other sites
AbsurdNY   
Thank you so much for helping me. Here are the logs you asked for. They are very log so I will make a couple posts.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Absurd at 2009-07-12 18:55:08
Microsoft Windows XP Home Edition Service Pack 3
System drive D: has 5 GB (15%) free of 30 GB
Total RAM: 3071 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:36 PM, on 7/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
D:\WINDOWS\System32\M-AudioTaskBarIcon.exe
D:\Program Files\Java\jre6\bin\jusched.exe
E:\AVG\avgwdsvc.exe
E:\AVG\avgtray.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
D:\Program Files\COMODO\Firewall\cmdagent.exe
G:\digidesign\Digidesign\Drivers\MMERefresh.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\rundll32.exe
E:\AVG\avgrsx.exe
E:\AVG\avgnsx.exe
E:\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\IoctlSvc.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\svchost.exe
E:\AVG\avgemc.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
E:\AVG\avgcsrvx.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\AIM6\aim6.exe
D:\Program Files\AIM6\aolsoftware.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Absurd\Desktop\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\Absurd.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - E:\AVG\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Downloads\adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\AVG\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - D:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - E:\AVG\Toolbar\IEToolbar.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - E:\AVG\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] D:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] E:\AVG\avgtray.exe
O4 - HKLM\..\Run: [XboxStat] "D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Rivatuner\RivaTuner v2.24\RivaTuner.exe" /S
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Flashget]
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\11b60ed9-558f-4a2f-bedc-e58aa3a9e0f8.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [EA Core] D:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = D:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\AVG\avgpp.dll
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - D:\WINDOWS\
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - D:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\AVG\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\AVG\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - G:\digidesign\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - G:\digidesign\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9cd3721a28848) (gupdate1c9cd3721a28848) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: Aqua Real 2 - AD0FABD2-7EAE-40B8-8F44-6FCFE6C883CD

--
End of file - 10549 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
D:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
D:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - D:\Program Files\Internet Download Manager\IDMIECC.dll [2009-05-07 169392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - G:\Downloads\adobe\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - E:\AVG\avgssie.dll [2009-07-11 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - E:\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}]
Google Update Helper - D:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll [2009-05-05 133616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - E:\AVG\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - E:\AVG\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=D:\WINDOWS\system32\NvMcTray.dll [2008-12-25 86016]
"M-Audio Taskbar Icon"=D:\WINDOWS\System32\M-AudioTaskBarIcon.exe [2008-05-15 356864]
"COMODO Firewall Pro"=D:\Program Files\COMODO\Firewall\cfp.exe [2009-01-19 1797880]
"SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"AVG8_TRAY"=E:\AVG\avgtray.exe [2009-07-11 1948440]
"XboxStat"=D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]
"RivaTunerStartupDaemon"=C:\Rivatuner\RivaTuner v2.24\RivaTuner.exe /S []
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2008-12-25 13680640]
"Kernel and Hardware Abstraction Layer"=D:\WINDOWS\KHALMNPR.EXE [2008-12-18 76304]
"H2O"=D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-05-11 200069]
"Flashget"= []
"COMODO Internet Security"=D:\Program Files\COMODO\Firewall\cfp.exe [2009-01-19 1797880]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (reboot)"=D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-06-17 1287440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"=D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
"SpybotSD TeaTimer"=E:\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"SUPERAntiSpyware"=D:\Program Files\SUPERAntiSpyware\11b60ed9-558f-4a2f-bedc-e58aa3a9e0f8.exe [2008-12-22 1830128]
"msnmsgr"=D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"IDMan"=D:\Program Files\Internet Download Manager\IDMan.exe [2009-05-28 960944]
"EA Core"=D:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-22 2772992]
"Aim6"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
D:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2009-02-19 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2
"Viewpoint Manager Service"=2

D:\Documents and Settings\Absurd\Start Menu\Programs\Startup
Adobe Gamma.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
ERUNT AutoBackup.lnk - D:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="D:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
D:\WINDOWS\system32\avgrsstx.dll [2009-07-11 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-02-19 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"MemCheckBoxInRunDlg"=0
"NoStrCmpLogical"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoChangeAnimation"=
"NoStrCmpLogical"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\GIGABYTE\@BIOS\gwflash.exe"="D:\Program Files\GIGABYTE\@BIOS\gwflash.exe:*:Enabled:gwflash"
"D:\WINDOWS\system32\PnkBstrA.exe"="D:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"D:\WINDOWS\system32\PnkBstrB.exe"="D:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Program Files\GIGABYTE\EasyTune4\update.exe"="D:\Program Files\GIGABYTE\EasyTune4\update.exe:*:Enabled:ftptest"
"D:\Program Files\Common Files\Nero\Nero Web\SetupX.exe"="D:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter"
"E:\rainbow 6 vegas 2\Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe"="E:\rainbow 6 vegas 2\Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:R6Vegas2_Game"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Common Files\AOL\Loader\aolload.exe"="D:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"D:\Program Files\AIM6\aim6.exe"="D:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"G:\Avast\avgupd.exe"="G:\Avast\avgupd.exe:*:Enabled:avgupd.exe"
"D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program Files\Mozilla Firefox\firefox.exe"="D:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Program Files\MySpace\IM\MySpaceIM.exe"="D:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"
"D:\Program Files\SmartFTP Client\SmartFTP.exe"="D:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\Dreamweaver 8\Dreamweaver.exe"="C:\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"D:\Program Files\Windows Live\Messenger\wlcsdk.exe"="D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Opera\program\plugins\flashget.exe"="C:\Opera\program\plugins\flashget.exe:*:Enabled:Flashget"
"D:\Program Files\Internet Download Manager\IDMan.exe"="D:\Program Files\Internet Download Manager\IDMan.exe:*:Enabled:Internet Download Manager (IDM)"
"F:\Games\grid\GRID.exe"="F:\Games\grid\GRID.exe:*:Enabled:GRID"
"F:\Games\HAWX\HAWX.exe"="F:\Games\HAWX\HAWX.exe:*:Enabled:Tom Clancy's H.A.W.X"
"F:\Games\HAWX\HAWX_dx10.exe"="F:\Games\HAWX\HAWX_dx10.exe:*:Enabled:Tom Clancy's H.A.W.X"
"F:\Games\Ghost Recon Advanced Warfighter 2\graw2.exe"="F:\Games\Ghost Recon Advanced Warfighter 2\graw2.exe:*:Enabled:Ghost Recon Advanced Warfighter® 2"
"F:\Games\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe"="F:\Games\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe:*:Enabled:Ghost Recon Advanced Warfighter® 2 Dedicated Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Windows Live\Messenger\wlcsdk.exe"="D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.js - edit -
.js - open -
.scr - open - D:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -
.txt - open -

======List of files/folders created in the last 1 months======

2009-07-12 18:55:08 ----D---- D:\rsit
2009-07-11 20:12:07 ----A---- D:\WINDOWS\rvdttvg.txt
2009-07-11 09:08:09 ----D---- D:\Documents and Settings\Absurd\Application Data\vlc
2009-07-11 06:45:21 ----HD---- D:\$AVG8.VAULT$
2009-07-11 04:09:44 ----D---- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-11 04:02:33 ----A---- D:\WINDOWS\system32\avgrsstx.dll
2009-07-11 04:02:23 ----D---- D:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-07-10 20:11:27 ----SHD---- D:\$RECYCLE.BIN
2009-07-10 17:30:33 ----A---- D:\WINDOWS\swreg.exe
2009-07-10 17:29:50 ----D---- D:\Program Files\ERUNT
2009-07-10 16:10:54 ----D---- D:\Documents and Settings\Absurd\Application Data\REAPER
2009-07-10 14:31:39 ----D---- D:\WINDOWS\nview
2009-07-10 14:31:39 ----D---- D:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-07-10 14:31:37 ----D---- D:\Program Files\AMD
2009-07-10 14:30:45 ----D---- D:\WINDOWS\system32\AGEIA
2009-07-10 14:30:45 ----D---- D:\Program Files\AGEIA Technologies
2009-07-10 14:30:45 ----D---- D:\NVIDIA
2009-07-10 14:22:53 ----D---- D:\WINDOWS\nview(2)
2009-07-10 13:54:04 ----D---- D:\Program Files\Driver Sweeper
2009-07-10 13:04:03 ----A---- D:\WINDOWS\system32\javaws.exe
2009-07-10 13:04:03 ----A---- D:\WINDOWS\system32\javaw.exe
2009-07-10 13:04:03 ----A---- D:\WINDOWS\system32\java.exe
2009-07-07 13:27:06 ----A---- D:\WINDOWS\system32\mausbasio.dll
2009-07-07 13:27:06 ----A---- D:\WINDOWS\system32\M-AudioTaskBarIcon.exe
2009-07-07 13:27:06 ----A---- D:\WINDOWS\system32\madiousb.dll
2009-07-06 23:57:30 ----D---- D:\Config.Msi
2009-07-05 19:26:45 ----D---- D:\Documents and Settings\Absurd\Application Data\Ubisoft
2009-07-04 03:00:20 ----HDC---- D:\WINDOWS\$NtUninstallKB954156_WM9L$
2009-07-03 18:01:57 ----D---- D:\Program Files\Toontrack
2009-07-02 21:24:30 ----D---- D:\WINDOWS\system32\windows media
2009-07-02 20:06:16 ----A---- D:\WINDOWS\system32\D3DX9_41.dll
2009-07-02 20:06:16 ----A---- D:\WINDOWS\system32\d3dx10_41.dll
2009-07-02 20:06:16 ----A---- D:\WINDOWS\system32\D3DCompiler_41.dll
2009-07-02 20:06:15 ----A---- D:\WINDOWS\system32\XAudio2_4.dll
2009-07-02 20:06:15 ----A---- D:\WINDOWS\system32\XAPOFX1_3.dll
2009-07-02 20:06:14 ----A---- D:\WINDOWS\system32\xactengine3_4.dll
2009-07-02 20:06:13 ----A---- D:\WINDOWS\system32\X3DAudio1_6.dll
2009-07-02 14:39:08 ----D---- D:\Program Files\Common Files\aliaswavefront shared
2009-07-02 14:39:08 ----D---- D:\Program Files\Common Files\Alias Shared
2009-07-02 14:38:04 ----D---- D:\Program Files\Microsoft DirectX SDK (April 2007)
2009-07-01 02:21:58 ----N---- D:\WINDOWS\system32\nvuide.exe
2009-06-29 07:37:20 ----HDC---- D:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2009-06-29 07:31:03 ----D---- D:\Program Files\Electronic Arts
2009-06-27 12:32:27 ----D---- D:\Documents and Settings\Absurd\Application Data\KORG
2009-06-27 11:54:40 ----D---- D:\Program Files\Common Files\KORG
2009-06-27 11:54:40 ----D---- D:\Documents and Settings\All Users\Application Data\KORG
2009-06-27 10:32:39 ----D---- D:\Documents and Settings\All Users\Application Data\Codemasters
2009-06-27 10:31:04 ----RA---- D:\WINDOWS\system32\tmp84.tmp
2009-06-27 10:31:04 ----RA---- D:\WINDOWS\system32\tmp83.tmp
2009-06-27 10:31:04 ----D---- D:\Program Files\OpenAL
2009-06-27 10:31:04 ----A---- D:\WINDOWS\system32\wrap_oal.dll
2009-06-27 10:31:04 ----A---- D:\WINDOWS\system32\OpenAL32.dll
2009-06-27 01:22:15 ----A---- D:\WINDOWS\system32\WdfCoInstaller01001.dll
2009-06-27 01:22:04 ----D---- D:\Program Files\Microsoft Xbox 360 Accessories
2009-06-26 19:20:53 ----D---- D:\Program Files\EVGA Precision
2009-06-26 19:20:22 ----A---- D:\WINDOWS\system32\d3dx10_40.dll
2009-06-26 19:20:22 ----A---- D:\WINDOWS\system32\D3DCompiler_40.dll
2009-06-26 19:20:21 ----A---- D:\WINDOWS\system32\XAudio2_3.dll
2009-06-26 19:20:21 ----A---- D:\WINDOWS\system32\XAPOFX1_2.dll
2009-06-26 19:20:21 ----A---- D:\WINDOWS\system32\D3DX9_40.dll
2009-06-26 19:20:20 ----A---- D:\WINDOWS\system32\xactengine3_3.dll
2009-06-26 19:20:19 ----A---- D:\WINDOWS\system32\X3DAudio1_5.dll
2009-06-26 19:20:18 ----A---- D:\WINDOWS\system32\XAudio2_2.dll
2009-06-26 19:20:18 ----A---- D:\WINDOWS\system32\XAPOFX1_1.dll
2009-06-26 19:20:18 ----A---- D:\WINDOWS\system32\xactengine3_2.dll
2009-06-26 19:20:17 ----A---- D:\WINDOWS\system32\d3dx10_39.dll
2009-06-26 19:20:17 ----A---- D:\WINDOWS\system32\D3DCompiler_39.dll
2009-06-26 19:20:16 ----A---- D:\WINDOWS\system32\D3DX9_39.dll
2009-06-26 19:20:15 ----A---- D:\WINDOWS\system32\XAudio2_1.dll
2009-06-26 19:20:15 ----A---- D:\WINDOWS\system32\XAPOFX1_0.dll
2009-06-26 19:20:14 ----A---- D:\WINDOWS\system32\xactengine3_1.dll
2009-06-26 19:20:14 ----A---- D:\WINDOWS\system32\X3DAudio1_4.dll
2009-06-25 03:39:55 ----D---- D:\Documents and Settings\Absurd\Application Data\M-Audio
2009-06-25 00:19:41 ----A---- D:\WINDOWS\system32\wbsys.dll
2009-06-24 22:11:48 ----A---- D:\WINDOWS\system32\sysprs7.dll
2009-06-24 22:11:48 ----A---- D:\WINDOWS\system32\ssprs.dll
2009-06-24 22:11:48 ----A---- D:\WINDOWS\system32\lsprst7.dll
2009-06-24 22:11:48 ----A---- D:\WINDOWS\system32\clauth2.dll
2009-06-24 22:11:48 ----A---- D:\WINDOWS\system32\clauth1.dll
2009-06-24 20:47:37 ----A---- D:\WINDOWS\system32\Synsopos.exe
2009-06-24 20:47:36 ----D---- D:\Program Files\Syncrosoft
2009-06-24 20:47:36 ----A---- D:\WINDOWS\system32\SynsoLChk.dll
2009-06-24 20:47:36 ----A---- D:\WINDOWS\system32\SYNSOACC.dll
2009-06-23 03:30:12 ----D---- D:\Program Files\SoundSpectrum
2009-06-23 03:30:12 ----D---- D:\Program Files\Common Files\Real
2009-06-23 03:11:42 ----D---- D:\Documents and Settings\All Users\Application Data\ElectricSheep
2009-06-23 01:11:24 ----D---- D:\Documents and Settings\Absurd\Application Data\dBpoweramp
2009-06-22 10:45:39 ----D---- D:\Program Files\Common Files\Voyetra
2009-06-22 08:06:09 ----D---- D:\WINDOWS\system32\Lang
2009-06-22 07:57:10 ----A---- D:\WINDOWS\system32\RtkCoInstXP.dll
2009-06-22 07:49:11 ----A---- D:\WINDOWS\system32\nvusmb.exe
2009-06-22 07:47:56 ----A---- D:\WINDOWS\system32\fdco_l2052.dll
2009-06-22 07:47:56 ----A---- D:\WINDOWS\system32\fdco_l1046.dll
2009-06-22 07:47:56 ----A---- D:\WINDOWS\system32\fdco_l1042.dll
2009-06-22 07:47:56 ----A---- D:\WINDOWS\system32\fdco_l1041.dll
2009-06-22 07:47:56 ----A---- D:\WINDOWS\system32\fdco_l1040.dll
2009-06-22 07:47:56 ----A---- D:\WINDOWS\system32\fdco_l1036.dll
2009-06-22 07:47:56 ----A---- D:\WINDOWS\system32\fdco_l1034.dll
2009-06-22 07:47:56 ----A---- D:\WINDOWS\system32\fdco_l1031.dll
2009-06-22 07:47:56 ----A---- D:\WINDOWS\system32\fdco_l1028.dll
2009-06-22 07:47:56 ----A---- D:\WINDOWS\system32\bdco1ins.dll
2009-06-22 03:35:00 ----D---- D:\WINDOWS\system32\Futuremark
2009-06-21 21:52:07 ----D---- D:\Documents and Settings\Absurd\Application Data\AccurateRip
2009-06-21 21:52:06 ----A---- D:\WINDOWS\system32\SpoonUninstall.exe
2009-06-21 19:15:39 ----D---- D:\Documents and Settings\All Users\Application Data\Steinberg
2009-06-21 19:11:20 ----D---- D:\Documents and Settings\Absurd\Application Data\Steinberg
2009-06-21 18:15:53 ----D---- D:\Documents and Settings\All Users\Application Data\Identities
2009-06-21 18:15:52 ----A---- D:\WINDOWS\dsdxirmv.exe
2009-06-20 07:36:33 ----A---- D:\WINDOWS\recorsta.ini
2009-06-20 07:36:33 ----A---- D:\WINDOWS\jamkeys.ini
2009-06-20 07:36:33 ----A---- D:\WINDOWS\jam.ini
2009-06-20 07:36:33 ----A---- D:\WINDOWS\ARCADE.INI
2009-06-20 07:36:32 ----A---- D:\WINDOWS\teachpno.ini
2009-06-19 19:03:04 ----D---- D:\Documents and Settings\Absurd\Application Data\Yahoo!
2009-06-19 19:02:38 ----D---- D:\Program Files\Yahoo!
2009-06-19 18:59:49 ----D---- D:\Documents and Settings\Absurd\Application Data\TweakNow RegCleaner
2009-06-19 17:43:21 ----D---- D:\Documents and Settings\Absurd\Application Data\Auslogics
2009-06-19 17:43:17 ----D---- D:\Program Files\Auslogics
2009-06-19 09:55:59 ----D---- D:\Program Files\LUXONIX
2009-06-19 09:33:53 ----D---- D:\Documents and Settings\Absurd\Application Data\Cakewalk
2009-06-19 09:33:48 ----D---- D:\Documents and Settings\All Users\Application Data\Cakewalk
2009-06-19 07:56:59 ----D---- D:\WINDOWS\UltraDefrag
2009-06-19 03:39:59 ----HD---- D:\BJPrinter
2009-06-18 16:20:12 ----D---- D:\Program Files\Belarc
2009-06-18 08:36:01 ----HDC---- D:\Documents and Settings\All Users\Application Data\{2ED18044-7049-4E7A-A58D-4017348FCDB7}
2009-06-18 08:35:47 ----D---- D:\Documents and Settings\All Users\Application Data\Native Instruments
2009-06-18 08:35:41 ----HDC---- D:\Documents and Settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}
2009-06-18 02:12:47 ----D---- D:\Program Files\Image-Line
2009-06-16 22:52:49 ----D---- D:\Program Files\Common Files\Software Update Utility
2009-06-16 22:49:38 ----D---- D:\Documents and Settings\All Users\Application Data\AOL Downloads
2009-06-13 17:31:25 ----D---- D:\Program Files\Sonnox
2009-06-13 03:02:30 ----HDC---- D:\WINDOWS\$NtUninstallKB960803$
2009-06-13 03:01:35 ----HDC---- D:\WINDOWS\$NtUninstallKB923561$

======List of files/folders modified in the last 1 months======

2009-07-12 18:54:49 ----D---- D:\WINDOWS\Prefetch
2009-07-12 18:54:31 ----D---- D:\Documents and Settings\Absurd\Application Data\DMCache
2009-07-12 18:52:04 ----D---- D:\Documents and Settings\Absurd\Application Data\IDM
2009-07-12 10:01:20 ----D---- D:\Program Files\Mozilla Firefox
2009-07-11 20:12:26 ----D---- D:\WINDOWS\system32\drivers
2009-07-11 20:12:07 ----D---- D:\WINDOWS
2009-07-11 18:33:34 ----D---- D:\WINDOWS\system32\CatRoot2
2009-07-11 14:42:15 ----D---- D:\WINDOWS\temp
2009-07-11 14:31:15 ----A---- D:\WINDOWS\SchedLgU.Txt
2009-07-11 14:01:10 ----D---- D:\Documents and Settings\Absurd\Application Data\Digidesign
2009-07-11 13:52:53 ----A---- D:\WINDOWS\system32\msvcsv60.dll
2009-07-11 13:03:20 ----AHD---- D:\Program Files\WindowsUpdate
2009-07-11 13:03:20 ----AHD---- D:\Program Files\Common Files\Microsoft Shared
2009-07-11 13:03:20 ----AHD---- D:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-11 13:02:59 ----AD---- D:\Program Files\Outlook Express
2009-07-11 13:02:59 ----AD---- D:\Program Files\Common Files\System
2009-07-11 10:28:26 ----A---- D:\WINDOWS\win.ini
2009-07-11 10:28:26 ----A---- D:\WINDOWS\system.ini
2009-07-11 09:41:47 ----A---- D:\WINDOWS\NeroDigital.ini
2009-07-11 06:52:51 ----D---- D:\WINDOWS\Debug
2009-07-11 06:50:37 ----D---- D:\WINDOWS\system32\config
2009-07-11 06:35:41 ----D---- D:\Program Files
2009-07-11 06:35:41 ----D---- D:\Documents and Settings\All Users\Application Data\Viewpoint
2009-07-11 06:35:17 ----SHD---- D:\WINDOWS\Installer
2009-07-11 06:35:17 ----HD---- D:\Program Files\InstallShield Installation Information
2009-07-11 06:31:45 ----D---- D:\Program Files\Common Files\Wise Installation Wizard
2009-07-11 06:31:45 ----D---- D:\Documents and Settings\Absurd\Application Data\SUPERAntiSpyware.com
2009-07-11 06:31:44 ----D---- D:\Program Files\SUPERAntiSpyware
2009-07-11 06:30:04 ----D---- D:\Program Files\Common Files
2009-07-11 06:24:51 ----D---- D:\Program Files\Common Files\Apple
2009-07-11 06:22:48 ----D---- D:\Documents and Settings\Absurd\Application Data\Macromedia
2009-07-11 06:22:06 ----D---- D:\WINDOWS\Downloaded Installations
2009-07-11 06:15:37 ----D---- D:\Program Files\HotItemFinder
2009-07-11 06:14:59 ----D---- D:\Program Files\Matroska Pack
2009-07-11 06:10:50 ----HD---- D:\WINDOWS\inf
2009-07-11 06:09:19 ----D---- D:\Program Files\InventoryBuilder
2009-07-11 06:09:06 ----D---- D:\Program Files\AuctionYen
2009-07-11 06:08:52 ----D---- D:\WINDOWS\system32
2009-07-11 05:02:39 ----D---- D:\WINDOWS\WinSxS
2009-07-11 05:00:08 ----D---- D:\Program Files\Common Files\Adobe
2009-07-11 04:49:38 ----D---- D:\Documents and Settings\Absurd\Application Data\Adobe
2009-07-11 04:14:41 ----D---- D:\Documents and Settings\All Users\Application Data\Autodesk
2009-07-11 04:14:40 ----D---- D:\Program Files\Common Files\Autodesk Shared
2009-07-11 04:14:31 ----D---- D:\WINDOWS\Help
2009-07-11 04:09:09 ----RSD---- D:\WINDOWS\assembly
2009-07-11 04:09:04 ----RSD---- D:\WINDOWS\Fonts
2009-07-11 04:01:32 ----D---- D:\Documents and Settings\All Users\Application Data\avg8
2009-07-11 03:58:24 ----SD---- D:\Documents and Settings\Absurd\Application Data\Microsoft
2009-07-10 19:24:40 ----D---- D:\WINDOWS\system32\CatRoot
2009-07-10 17:46:58 ----D---- D:\WINDOWS\ERDNT
2009-07-10 14:31:57 ----D---- D:\WINDOWS\system32\wbem
2009-07-10 14:31:57 ----D---- D:\WINDOWS\Registration
2009-07-10 14:31:42 ----DC---- D:\WINDOWS\system32\DRVSTORE
2009-07-10 14:31:28 ----RSHDC---- D:\WINDOWS\system32\dllcache
2009-07-10 13:04:00 ----D---- D:\Program Files\Java
2009-07-10 11:44:09 ----D---- D:\WINDOWS\Minidump
2009-07-10 11:19:43 ----D---- D:\WINDOWS\system32\ReinstallBackups
2009-07-10 07:53:11 ----D---- D:\Documents and Settings
2009-07-08 12:23:00 ----SD---- D:\WINDOWS\Tasks
2009-07-07 17:36:55 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2009-07-07 13:26:58 ----D---- D:\Program Files\M-Audio
2009-07-06 23:59:00 ----D---- D:\WINDOWS\system32\DirectX
2009-07-06 23:58:53 ----D---- D:\Documents and Settings\All Users\Application Data\Ubisoft
2009-07-06 23:58:40 ----D---- D:\Documents and Settings\Absurd\Application Data\SystemRequirementsLab
2009-07-06 23:58:39 ----D---- D:\Program Files\SystemRequirementsLab
2009-07-06 23:57:48 ----D---- D:\Program Files\NVIDIA Corporation
2009-07-06 23:09:10 ----D---- D:\WINDOWS\pss
2009-07-03 08:15:50 ----D---- D:\WINDOWS\security
2009-07-03 07:52:30 ----D---- D:\Program Files\Windows Media Connect 2
2009-07-03 07:31:45 ----D---- D:\Program Files\Drumagog40
2009-07-03 07:26:02 ----D---- D:\Program Files\Adobe
2009-07-02 21:24:30 ----D---- D:\WINDOWS\RegisteredPackages
2009-07-01 15:32:41 ----AD---- D:\Documents and Settings\All Users\Application Data\TEMP
2009-07-01 02:33:40 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2009-06-29 07:44:33 ----A---- D:\WINDOWS\system32\CmdLineExt.dll
2009-06-27 13:08:13 ----D---- D:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2009-06-27 13:08:13 ----D---- D:\Documents and Settings\Absurd\Application Data\PACE Anti-Piracy
2009-06-25 00:30:52 ----A---- D:\WINDOWS\ODBC.INI
2009-06-22 14:28:07 ----A---- D:\WINDOWS\system32\BASSMOD.dll
2009-06-22 10:32:54 ----D---- D:\Program Files\Internet Download Manager
2009-06-21 21:44:05 ----D---- D:\Documents and Settings\Absurd\Application Data\Ableton
2009-06-21 20:46:28 ----A---- D:\WINDOWS\LEXSTAT.INI
2009-06-20 04:34:20 ----D---- D:\Program Files\IK Multimedia
2009-06-19 19:15:23 ----D---- D:\Program Files\SmartFTP Client
2009-06-19 10:43:52 ----D---- D:\Program Files\Common Files\Native Instruments
2009-06-19 04:28:26 ----D---- D:\WINDOWS\system32\LogFiles
2009-06-19 04:25:28 ----D---- D:\Program Files\GIGABYTE
2009-06-19 02:53:00 ----A---- D:\WINDOWS\Zmodeler.ini
2009-06-19 02:52:21 ----D---- D:\Program Files\ZModeler
2009-06-19 02:40:54 ----D---- D:\Program Files\McDSP
2009-06-19 02:36:35 ----D---- D:\Program Files\Google
2009-06-19 01:47:15 ----D---- D:\Documents and Settings\All Users\Application Data\Alibre Design
2009-06-18 08:35:46 ----D---- D:\Program Files\Native Instruments
2009-06-18 07:59:56 ----SD---- D:\WINDOWS\Downloaded Program Files
2009-06-16 22:52:50 ----D---- D:\Program Files\AIM6
2009-06-15 06:52:49 ----D---- D:\WINDOWS\AppPatch
2009-06-14 01:52:23 ----D---- D:\Documents and Settings\All Users\Application Data\IK Multimedia
2009-06-13 03:00:25 ----HD---- D:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; D:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; D:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-11 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; D:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-11 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; D:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-11 108552]
R1 BANTExt;Belarc SMBios Access; D:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 cdrbsdrv;cdrbsdrv; D:\WINDOWS\system32\drivers\cdrbsdrv.sys [2008-09-08 33408]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; D:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-01-19 101776]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; D:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-01-19 31504]
R1 kbdhid;Keyboard HID Driver; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 nvport;NVIDIA PORT IO Control Driver; \??\D:\WINDOWS\system32\Drivers\nvport.sys []
R1 PQNTDrv;PQNTDrv; D:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R1 prodrv06;StarForce Protection Environment Driver v6; D:\WINDOWS\System32\drivers\prodrv06.sys [2003-10-10 52128]
R2 Nsynas32;Nsynas32; D:\WINDOWS\system32\drivers\Nsynas32.sys [2001-04-09 17784]
R3 CLEDX;Team H2O CLEDX service; D:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; D:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; D:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; D:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-12-18 28816]
R3 MA_CMIDI;M-Audio USB Driver; D:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 21888]
R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM); D:\WINDOWS\system32\DRIVERS\mausb.sys [2008-03-11 143624]
R3 mouhid;Mouse HID Driver; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-25 6301344]
R3 NVR0Dev;NVR0Dev; \??\D:\WINDOWS\nvoclock.sys []
R3 pfc;Padus ASPI Shell; D:\WINDOWS\system32\drivers\pfc.sys [2006-03-29 9856]
R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device; D:\WINDOWS\system32\DRIVERS\superwebcam.sys [2006-06-27 31872]
R3 USB20L;Linksys USB 2.0 10/100 Adapter; D:\WINDOWS\system32\DRIVERS\USB200M.sys [2002-09-23 14208]
R3 usbaudio;USB Audio Driver (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 Wdf01000;Wdf01000; D:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; D:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-26 61984]
S3 61883;61883 Unit Device; D:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 ahvy4zx3;ahvy4zx3; D:\WINDOWS\system32\drivers\ahvy4zx3.sys []
S3 Ambfilt;Ambfilt; D:\WINDOWS\system32\drivers\Ambfilt.sys []
S3 Arp1394;1394 ARP Client Protocol; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 Avc;AVC Device; D:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 BCM43XX;Linksys Wireless-N PCI Adapter WMP300N; D:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-07-07 564224]
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cpuz130;cpuz130; \??\D:\DOCUME~1\Absurd\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 cpuz132;cpuz132; \??\D:\WINDOWS\system32\drivers\cpuz132_x32.sys []
S3 ENTECH;ENTECH; \??\D:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 ETDrv;ETDrv; \??\D:\WINDOWS\system32\Drivers\ETDrv.sys []
S3 GVTDrv;GVTDrv; \??\D:\WINDOWS\system32\Drivers\GVTDrv.sys []
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; D:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-12-18 20240]
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM); D:\WINDOWS\system32\DRIVERS\mausb.sys [2008-03-11 143624]
S3 Monfilt;Monfilt; D:\WINDOWS\system32\drivers\Monfilt.sys []
S3 MSDV;Microsoft DV Camera and VCR; D:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); D:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 ultradfg;ultradfg; D:\WINDOWS\System32\DRIVERS\ultradfg.sys [2009-05-13 33792]
S3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbstor;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VirtualFD;VirtualFD; \??\D:\Documents and Settings\Absurd\Desktop\virtual_floppy\virtual floppy\vfd.sys []
S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver; D:\WINDOWS\system32\DRIVERS\WMP300Nv1.sys []
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 dwshd;dwshd; D:\WINDOWS\System32\drivers\dwshd.sys []
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Autodata Limited License Service;Autodata Limited License Service; D:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [2008-07-14 72704]
R2 avg8emc;AVG Free8 E-mail Scanner; E:\AVG\avgemc.exe [2009-07-11 906520]
R2 avg8wd;AVG Free8 WatchDog; E:\AVG\avgwdsvc.exe [2009-07-11 298776]
R2 Bonjour Service;Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 cmdAgent;COMODO Internet Security Helper Service; D:\Program Files\COMODO\Firewall\cmdagent.exe [2009-01-19 618232]
R2 DigiRefresh;Digidesign MME Refresh Service; G:\digidesign\Digidesign\Drivers\MMERefresh.exe [2007-10-31 77824]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 LexBceS;LexBce Server; D:\WINDOWS\system32\LEXBCES.EXE [2004-05-24 311296]
R2 MA_CMIDI_InstallerService;M-Audio Series II MIDI Installer; D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe [2007-01-08 94208]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 nTuneService;nTune Service; D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\system32\nvsvc32.exe [2008-12-25 163908]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; D:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; D:\WINDOWS\system32\PnkBstrA.exe [2008-04-06 66872]
R3 NMIndexingService;NMIndexingService; D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S2 gupdate1c9cd3721a28848;Google Update Service (gupdate1c9cd3721a28848); D:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-05 133104]
S3 Adobe LM Service;Adobe LM Service; D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-08-13 72704]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 digiSPTIService;digiSPTIService; G:\digidesign\Digidesign\Pro Tools\digiSPTIService.exe [2007-10-31 159744]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-11 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-02-19 121360]
S3 LPDSVC;TCP/IP Print Server; D:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF----------------- Edited by AbsurdNY

Share this post


Link to post
Share on other sites
AbsurdNY   

info.txt logfile of random's system information tool 1.06 2009-07-12 18:56:42

 

======Uninstall list======

 

@BIOS -->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9 -removeonly

-->D:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->D:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->D:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->D:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->D:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->D:\WINDOWS\UNRecode.exe /UNINSTALL

-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf

7-Zip 4.65-->"D:\Program Files\7-Zip\Uninstall.exe"

ADM 1.0.1-->"G:\VST\AudioRealism\ADM\unins000.exe"

Adobe After Effects 7.0-->msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge 1.0-->MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}

Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}

Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe ExtendScript Toolkit 1.0-->MsiExec.exe /I{B74D4E10-0000-0000-0000-EDED00000102}

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}

Adobe Flash Player 10 ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}

Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3-->D:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe

Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}

Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}

Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}

Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}

AIM 6-->D:\Program Files\AIM6\uninst.exe

Alchemy-->G:\VST\Alchemy\Alchemy\AlchemyUninstall.exe

Alien Skin Blow Up-->C:\PHOTOS~2\ADOBEP~1\Plug-Ins\ALIENS~1\BLOWUP~1\Unwise32.exe C:\PHOTOS~2\ADOBEP~1\Plug-Ins\ALIENS~1\BLOWUP~1\INSTALL.LOG

Alien Skin Exposure-->C:\PHOTOS~2\ADOBEP~1\Plug-Ins\ALIENS~1\Exposure\Unwise32.exe C:\PHOTOS~2\ADOBEP~1\Plug-Ins\ALIENS~1\Exposure\INSTALL.LOG

Alien Skin Eye Candy 5 Impact-->C:\PHOTOS~2\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\Unwise32.exe C:\PHOTOS~2\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~1\INSTALL.LOG

Alien Skin Eye Candy 5 Nature-->C:\PHOTOS~2\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~2\Unwise32.exe C:\PHOTOS~2\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~2\INSTALL.LOG

Alien Skin Eye Candy 5 Textures-->C:\PHOTOS~2\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~3\UNWISE.EXE C:\PHOTOS~2\ADOBEP~1\Plug-Ins\ALIENS~1\EYECAN~3\INSTALL.LOG

Alien Skin Image Doctor 1.0-->C:\PHOTOS~2\ADOBEP~1\Plug-Ins\IMAGED~1\UNWISE.EXE C:\PHOTOS~2\ADOBEP~1\Plug-Ins\IMAGED~1\INSTALL.LOG

Alien Skin Snap Art-->C:\PHOTOS~2\ADOBEP~1\Plug-Ins\ALIENS~1\SNAPAR~1\Unwise32.exe C:\PHOTOS~2\ADOBEP~1\Plug-Ins\ALIENS~1\SNAPAR~1\INSTALL.LOG

Alien Skin Xenofex 2.0-->C:\PHOTOS~2\ADOBEP~1\Plug-Ins\ALIENS~2\UNWISE.EXE C:\PHOTOS~2\ADOBEP~1\Plug-Ins\ALIENS~2\INSTALL.LOG

AMD Processor Driver-->D:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly

AmpegSVX-->D:\Program Files\InstallShield Installation Information\{CF1D7323-8A0A-49C7-83B0-088DB90721E2}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly

AmpliTube Jimi Hendrix-->D:\Program Files\InstallShield Installation Information\{66BA35B0-1911-47EF-B170-1DCFFDA362F1}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly

AmpliTube Metal-->D:\Program Files\InstallShield Installation Information\{9EDEF5B1-B740-4DFF-AC16-E2428E1713E8}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly

AmpliTube X-GEAR-->D:\Program Files\InstallShield Installation Information\{21E77392-C30A-4AA2-8CA7-5728316939D6}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly

AmpliTube2-->D:\Program Files\InstallShield Installation Information\{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly

Analog Channel-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{7E6941CA-15B4-4AC5-A54D-2A1C739323B6}\setup.exe" -l0x9 -removeonly

Antares Autotune VST RTAS TDM v5.08-->"D:\Program Files\Antares Audio Technologies\unins000.exe"

Antares AVOX Bundle VST RTAS v1.1.3-->"D:\Program Files\Antares Audio Technologies\unins002.exe"

Antares Harmony Engine VST RTAS v1.0-->"D:\Program Files\Antares Audio Technologies\unins001.exe"

Antares Tube VST v1.02-->C:\vst\Antares\Tube\UNWISE.EXE C:\vst\Antares\Tube\INSTALL.LOG

Audacity 1.2.6-->"C:\Audacity\unins000.exe"

AudioRealism v1.10 (remove only)-->"G:\VST\AudioRealism\uninstall.exe"

AusLogics Disk Defrag-->"D:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"

Auto Gordian Knot 2.45-->D:\Program Files\AutoGK\uninst.exe

AVG Free 8.5-->E:\AVG\setup.exe /UNINSTALL

AviSynth 2.5-->"D:\Program Files\AviSynth 2.5\Uninstall.exe"

Belarc Advisor 7.2-->"D:\PROGRA~1\Belarc\Advisor\Uninstall.exe" "D:\PROGRA~1\Belarc\Advisor\INSTALL.LOG"

BioShock-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe" -l0x9 -removeonly

Bomb Factory (48k Edition) v3.15-->D:\PROGRA~1\DIGIDE~1\DAE\UNWISE.EXE D:\PROGRA~1\DIGIDE~1\DAE\INSTALL.LOG

Bomb Factory BF-3A-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A4F297D8-F1F2-4CF5-B051-BEC1E678E0C4}\Setup.exe" -l0x9 FromUninstall

Brainworx BX Control VST RTAS v1.0-->"D:\Program Files\Brainworx Music\Uninstall\unins000.exe"

Cakewalk Beatscape 1.0.1-->"C:\Cakewalk Sonar 8\Beatscape\unins000.exe"

Cakewalk Rapture 1.2.1-->"C:\Cakewalk Sonar 8\Rapture\unins000.exe"

Call of Juarez-->D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF} /Z"UNINSTALL"

CCleaner (remove only)-->"C:\CCleaner\uninst.exe"

CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}

Celemony Melodyne Plugin VST RTAS v1.0-->"D:\Program Files\Celemony\Melodyne plugin\Uninstall\unins000.exe"

Channel G-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{EF15D5CD-45A8-4551-92BB-65F918659C46}\setup.exe" -l0x9 -removeonly

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Chrome Tone-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{08505163-1986-42E1-A9B8-6568022CF4E6}\setup.exe" -l0x9 -removeonly

COMODO Firewall Pro-->D:\Program Files\COMODO\Firewall\cfpconfg.exe -u

Company of Heroes-->MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519}

CompressorBank-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C1EBE4D0-D8E6-49DE-BEE0-F4D5EDFC3784}\setup.exe" -l0x9 -removeonly

Cosmonaut Voice-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{CD19D839-C01C-4BE7-A356-BF5782BA4AE5}\Setup.exe" -l0x9 FromUninstall

CPUID CPU-Z 1.51-->"C:\Rivatuner\CPU-Z\unins000.exe"

Critical Update for Windows Media Player 11 (KB959772)-->"D:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

Crysis WARHEAD®-->"D:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe" REMOVE=TRUE MODIFY=FALSE

Crysis WARHEAD®-->D:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe

CSR-->D:\Program Files\InstallShield Installation Information\{648C1BFD-6A70-46D8-B855-F84D95C2DC34}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly

dBpoweramp Music Converter-->"D:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>D:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat

Digidesign Free Bomb Factory Plug-Ins 7.4-->D:\Program Files\InstallShield Installation Information\{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}\Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly

Digidesign Music Production Toolkit 7.4-->D:\Program Files\InstallShield Installation Information\{487807C8-1FE9-45D5-A1F2-593C78D2DFDD}\setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly

Digidesign Pro Tools M-Powered 7.4-->D:\Program Files\InstallShield Installation Information\{14AA664E-9BFA-44C4-A083-83A2998679BA}\setup.exe -runfromtemp -l0x0009 -removeonly

Digidesign Shared Plug-Ins 7.4-->D:\Program Files\InstallShield Installation Information\{AFE354A5-640F-4A23-94C8-0B441E8967CA}\Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly

Digidesign Structure Free 1.0.5316-->"D:\Program Files\Digidesign\Structure\unins000.exe"

DISCODSP DISCOVERY v2.3 (NORD EDITION)-->G:\VST\discoDSP\DISCOV~1\UNWISE.EXE G:\VST\discoDSP\DISCOV~1\INSTALL.LOG

Download Updater (AOL LLC)-->D:\Program Files\Common Files\Software Update Utility\uninstall.exe

DreamStation DXi2-->D:\WINDOWS\DSDXIRMV.EXE C:\CAKEWALK SONAR 8\SHARED COMPONENTS\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2

Drumagog 4-->D:\WINDOWS\iun6002.exe "D:\Program Files\Drumagog40\irunin.ini"

EA Download Manager-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033

EasyTune4-->D:\WINDOWS\ISUNINST.EXE -f"D:\Program Files\Gigabyte\EasyTune4\Uninst.isu" -c"D:\Program Files\Gigabyte\EasyTune4\uninstdrv.dll"

Enigma-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{1F145099-1224-4C5B-84F2-7AE6DC699F1A}\setup.exe" -l0x9 -removeonly

ERUNT 1.1j-->"D:\Program Files\ERUNT\unins000.exe"

EVGA Precision 1.4.0-->"D:\Program Files\EVGA Precision\uninstall.exe"

EZdrummer-->MsiExec.exe /I{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}

EZplayer pro-->MsiExec.exe /I{8967ABFB-CBCA-4EC0-8DE8-A01135267C16}

EZXCocktail-->MsiExec.exe /I{147567F0-8575-4BE0-B5B3-62706C67FA5A}

EZXDfh-->MsiExec.exe /I{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}

FabFilter Pro-C VST RTAS v1.0.1-->"D:\Program Files\FabFilter\unins000.exe"

Fast Track Pro-->D:\Program Files\InstallShield Installation Information\{3E67F68D-3797-4B6A-B02C-27BC98DFEBDA}\setup.exe -runfromtemp -l0x0009 -removeonly

FilterBank-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{F46D6852-0C1D-48F3-AECB-A1F8D9979FF1}\setup.exe" -l0x9 -removeonly

FL Studio 8-->C:\FL Studio XXL 8\uninstall.exe

FLUX Spring Pack Bundle v1.0.4.14-->"D:\Program Files\Flux\unins000.exe"

Focusrite Forte Suite-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{8EB46D3F-03E9-4188-80D6-24BA2DA13263}\Setup.exe" -l0x9 FromUninstall

Focusrite Saffire Bundle VST v2.0-->C:\vst\SAFFIR~1.0\UNINST~1\UNWISE.EXE C:\vst\SAFFIR~1.0\UNINST~1\INSTALL.LOG

G-Force-->D:\Program Files\SoundSpectrum\G-Force\Uninstall.exe

GoldWave v5.51-->"C:\Goldwave\GoldWave\unstall.exe" "GoldWave v5.51" "C:\Goldwave\GoldWave\unstall.log"

Google Update-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

GRID-->"D:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0009 -removeonly

GUI for dvdauthor 1.07-->D:\Program Files\GUI for dvdauthor\uninst.exe

HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->D:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Windows Media Format 11 SDK (KB929399)-->"D:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"D:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB942288-v3)-->"D:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"D:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB961118)-->"D:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

IL Autogun-->C:\FL Studio XXL 8\uninstall.exe

IL Download Manager-->D:\Program Files\Image-Line\Downloader\uninstall.exe

Image Line ToxicIII v1.41 VSTi-->G:\VST\ToxicIII\UNWISE.EXE G:\VST\ToxicIII\INSTALL.LOG

InterLok Driver Kit-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E75B079A-A2BC-49EF-BE8F-F713A86C62DA}

Interlok driver setup x32-->MsiExec.exe /X{25613C10-27D2-410B-942B-D922D5C3A7BE}

Internet Download Manager-->D:\Program Files\Internet Download Manager\Uninstall.exe

iZotope Trash-->"D:\Program Files\iZotope\Trash\unins000.exe"

iZotope Vinyl-->"G:\digidesign\Digidesign\Pro Tools\plugins\Vinyl\unins000.exe"

Java 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}

Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}

KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}

K-Lite Mega Codec Pack 3.9.0-->"D:\Program Files\K-Lite Codec Pack\unins000.exe"

Korg Legacy Collection VSTi v1.0.02-->G:\VST\Korg\LEGACY~1\UNWISE.EXE G:\VST\Korg\LEGACY~1\INSTALL.LOG

KORG M1 Le-->MsiExec.exe /X{9624502C-3D39-41A0-8917-858EC16769CE}

KORG USB-MIDI Driver Tools for Windows-->MsiExec.exe /I{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}

Lexmark 640 Series-->D:\WINDOWS\system32\spool\drivers\w32x86\3\LXDAUN5C.EXE -dLexmark 640 Series

Logitech SetPoint-->"D:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly

Luxonix Purity VSTi v1.1-->"D:\Program Files\LUXONIX\Purity\Uninstall\unins000.exe"

M42 Nebula VSTi v1.0-->G:\VST\M42_v1\UNWISE.EXE G:\VST\M42_v1\INSTALL.LOG

Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Matroska Pack-->D:\Program Files\Matroska Pack\uninstall.exe

M-Audio Series II MIDI-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{379BD39E-F13E-458F-96D8-56BD7F2CC516}\setup.exe" -l0x9 -removeonly

MediaMonkey 2.5-->"C:\MediaMonkey\unins000.exe"

Melodyne 3.2-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}\setup.exe" -l0x9 -removeonly

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->D:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Character Code Conversion Routines for HKSCS-2004-->MsiExec.exe /I{77AE2F50-6015-461D-8416-308C8FF192A8}

Microsoft Compression Client Pack 1.0 for Windows XP-->"D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"D:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"D:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}

Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual J# 2.0 Redistributable Package-->D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe

Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{66F0AC35-4805-44BC-A3D4-347D4196F9B3}

Miroslav Philharmonik-->D:\Program Files\InstallShield Installation Information\{BA0D0121-A3BA-487D-9C78-7AB0E676C722}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly

Mixed In Key 2.5-->C:\Mixed In Key\Uninstall.exe

Mozilla Firefox (3.0.11)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSN-->D:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}

Native Instruments Absynth 4-->G:\Native Instruments\Absynth 4\uninstall.exe

Native Instruments Battery 3-->G:\NATIVE~1\BATTER~1\UNWISE.EXE G:\NATIVE~1\BATTER~1\INSTALL.LOG

Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS-->G:\NATIVE~1\FM8\UNWISE.EXE G:\NATIVE~1\FM8\INSTALL.LOG

Native Instruments Guitar Rig 3-->C:\PROGRA~1\NATIVE~1\GUITAR~2\UNWISE.EXE C:\PROGRA~1\NATIVE~1\GUITAR~2\INSTALL.LOG

Native Instruments Massive-->C:\NATIVE~1\Massive\UNWISE.EXE C:\NATIVE~1\Massive\INSTALL.LOG

Native Instruments Reaktor v5.1.2.009 VSTi DXi RTAS-->G:\NATIVE~1\REAKTO~1\UNWISE.EXE G:\NATIVE~1\REAKTO~1\INSTALL.LOG

Native Instruments Service Center-->"D:\Documents and Settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}\Service Center Setup.exe" REMOVE=TRUE MODIFY=FALSE

Native Instruments Service Center-->D:\Documents and Settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}\Service Center Setup.exe

Native Instruments Traktor DJ Studio 3-->D:\PROGRA~1\NATIVE~1\TRAKTO~1\UNWISE.EXE D:\PROGRA~1\NATIVE~1\TRAKTO~1\INSTALL.LOG

Native Instruments Traktor-->"D:\Documents and Settings\All Users\Application Data\{2ED18044-7049-4E7A-A58D-4017348FCDB7}\Traktor Setup.exe" REMOVE=TRUE MODIFY=FALSE

Native Instruments Traktor-->D:\Documents and Settings\All Users\Application Data\{2ED18044-7049-4E7A-A58D-4017348FCDB7}\Traktor Setup.exe

Nero 8-->MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891033}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NomadFactory Blue Tubes Analog TrackBox VST RTAS v1.3-->"D:\Program Files\Nomad Factory\Blue Tubes Analog TrackBox\Uninstall\unins000.exe"

NomadFactory Blue Tubes Dynamics Pack VST RTAS v3.1-->"D:\Program Files\Nomad Factory\Uninstall\unins000.exe"

NomadFactory Blue Tubes Dynamics Pack VST RTAS v3.2-->"D:\Program Files\Nomad Factory\Blue Tubes Dynamics Pack\Uninstall\unins000.exe"

NomadFactory Blue Tubes Effects Pack VST RTAS v3.2-->"D:\Program Files\Nomad Factory\Blue Tubes Effects Pack\Uninstall\unins000.exe"

NomadFactory Blue Tubes Equalizers Pack VST RTAS v3.2-->"D:\Program Files\Nomad Factory\Blue Tubes Equalizers Pack\Uninstall\unins000.exe"

NomadFactory BlueVerb DRV-2080 VST RTAS v1.4-->"D:\Program Files\Nomad Factory\BlueVerb DRV-2080\Uninstall\unins000.exe"

NomadFactory Essential Studio Suite VST RTAS v1.5-->"D:\Program Files\Nomad Factory\Essential Studio Suite\Uninstall\unins000.exe"

NomadFactory Limiting Amplifier LM-662 VST RTAS v1.3-->"D:\Program Files\Nomad Factory\Limiting Amplifier LM-662\Uninstall\unins000.exe"

NomadFactory Liquid Bundle VST RTAS v2.4-->"D:\Program Files\Nomad Factory\Liquid Bundle\Uninstall\unins000.exe"

NomadFactory Program Equalizer EQP-4 VST RTAS v1.3-->"D:\Program Files\Nomad Factory\Program Equalizer EQP-4\Uninstall\unins000.exe"

NomadFactory Rock Amp Legends VST RTAS v1.5-->"D:\Program Files\Nomad Factory\Rock Amp Legends\Uninstall\unins000.exe"

NomadFactory Studio Channel SC-226 VST RTAS v1.3-->"D:\Program Files\Nomad Factory\Studio Channel SC-226\Uninstall\unins000.exe"

Norton PartitionMagic 8.0-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}

NVIDIA Drivers-->D:\WINDOWS\system32\nvuide.exe UninstallGUI

NVIDIA nTune-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033

NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}

NVIDIA PureVideo Decoder-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall

Ohm Force - Ohmicide RTAS-->D:\WINDOWS\unvise32.exe d:\program files\common files\digidesign\dae\plug-ins\Ohm Force\Ohmicide RTAS\uninstal.log

Ohm Force - Ohmicide VST-->D:\WINDOWS\unvise32.exe G:\VST\Ohm Force\Ohmicide VST\uninstal.log

OpenAL-->"D:\Program Files\OpenAL\OpenALwEAX.exe" /U

Opera 9.64-->MsiExec.exe /X{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}

Overloud BREVERB VST RTAS v1.1-->"D:\Program Files\Overloud\Uninstall\unins000.exe"

PCDJ DEX (remove only)-->"C:\PC DJ\PCDJ DEX\uninstall.exe"

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

PDFCreator-->C:\PDFCreator\unins000.exe

Pitch'n'Time RTAS v2.1-->D:\PROGRA~1\DIGIDE~1\DAE\Plug-Ins\PROGRA~1\DIGIDE~1\PnT\UNWISE.EXE D:\PROGRA~1\DIGIDE~1\DAE\Plug-Ins\PROGRA~1\DIGIDE~1\PnT\INSTALL.LOG

Pluggo 3.6.1-->MsiExec.exe /I{6030B0B7-EE59-40E7-9A19-4EC13EF0310C}

PoiZone-->D:\Program Files\Image-Line\PoiZone\uninstall.exe

Prototype-->"F:\Games\Prototype.LossyRepack\Prototype\Uninstall\unins000.exe"

PSP Audioware Neon HR VST RTAS-->C:\PSPNEO~1\PSPNEO~1\UNINST~1\UNWISE.EXE C:\PSPNEO~1\PSPNEO~1\UNINST~1\INSTALL.LOG

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

REAPER-->"E:\Reaper\Uninstall.exe"

Reason 4.0-->"E:\reason\Reason\Uninstall Reason\unins000.exe"

ReCycle 2.1.2-->"C:\ReCycle\unins000.exe"

Rob Papen BLUE Version 1.6.3b-->"G:\VST\Rob Papen\unins000.exe"

Rob Papen Predator V1.1.1-->"G:\VST\predator\unins000.exe"

Roger Nichols Digital DETAILER VST RTAS v1.2-->"D:\Program Files\Roger Nichols Digital, Inc\Uninstall\unins000.exe"

Roger Nichols Digital DYNAM-IZER VST RTAS v1.2-->"D:\Program Files\Roger Nichols Digital, Inc\Uninstall\unins001.exe"

Roger Nichols Digital FINIS VST RTAS v1.2-->"D:\Program Files\Roger Nichols Digital, Inc\Uninstall\unins002.exe"

Roger Nichols Digital FREQUAL-IZER VST RTAS v1.2-->"D:\Program Files\Roger Nichols Digital, Inc\Uninstall\unins003.exe"

Roger Nichols Digital InspectorXL VST RTAS v1.2-->"D:\Program Files\Roger Nichols Digital, Inc\Uninstall\unins004.exe"

Roger.Nichols.Digital.SPL-IZER.VST.RTAS v1.01-->"D:\Program Files\Roger Nichols Digital, Inc\SPL-IZER\Uninstall\unins000.exe"

SampleMoog-->D:\Program Files\InstallShield Installation Information\{218AA20E-F016-4385-9F74-04FF8E596FB2}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly

SampleTank 2.5-->D:\Program Files\InstallShield Installation Information\{6559654F-2F38-491F-8411-211517C3E635}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly

SampleTron-->D:\Program Files\InstallShield Installation Information\{81974750-D4B1-4690-B168-D31F9A599542}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly

Security Update for Windows Media Encoder (KB954156)-->"D:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"D:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB936782)-->"D:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"D:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"D:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"D:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"D:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"D:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950759)-->"D:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"D:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"D:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"D:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"D:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376)-->"D:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"D:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"D:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"D:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"D:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"D:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953838)-->"D:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"D:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"D:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954459)-->"D:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954600)-->"D:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"D:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956390)-->"D:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"D:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"D:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"D:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"D:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"D:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"D:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"D:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958215)-->"D:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"D:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958687)-->"D:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"D:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"D:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960714)-->"D:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960715)-->"D:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"D:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961373)-->"D:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"D:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB968537)-->"D:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969897)-->"D:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969898)-->"D:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"D:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Serato Scratch Studio Edition RTAS v1.0-->C:\PROGRA~1\Serato\SCRATC~1\UNWISE.EXE C:\PROGRA~1\Serato\SCRATC~1\INSTALL.LOG

Serato.Pitch.n.Time.RTAS.v2.2.1-->D:\PROGRA~1\DIGIDE~1\DAE\Serato\UNWISE.EXE D:\PROGRA~1\DIGIDE~1\DAE\Serato\INSTALL.LOG

SmartFTP Client 2.5.1006.16-->"D:\Program Files\SmartFTP Client\unins000.exe"

Softube Vintage Amp Room VST RTAS v1.05-->"D:\Program Files\Vintage Amp Room\Uninstall\unins000.exe"

Sonalksis Plug-Ins for Windows 2.00-->"D:\WINDOWS\unins000.exe"

SONAR 8.0 Producer Edition-->"C:\Cakewalk Sonar 8\SONAR 8 Producer Edition\unins000.exe"

Sonik Synth 2-->C:\SONIKS~1\UNWISE.EXE C:\SONIKS~1\INSTALL.LOG

Sonnox Oxford Inflator Native VST v1.5.1-->"D:\Program Files\Sonnox\Uninstall\Sonnox Oxford Inflator Native VST\unins000.exe"

Sonnox Oxford Limiter Native VST v1.1.1-->"D:\Program Files\Sonnox\Uninstall\Sonnox Oxford Limiter Native VST\unins000.exe"

Sonnox Oxford R3 Dynamics Native VST v1.3.1-->"D:\Program Files\Sonnox\Uninstall\Sonnox Oxford R3 Dynamics Native VST\unins000.exe"

Sonnox Oxford R3 EQ Native VST v1.6.1-->"D:\Program Files\Sonnox\Uninstall\Sonnox Oxford R3 EQ Native VST\unins000.exe"

Sonnox Oxford Reverb Native VST v1.0-->"D:\Program Files\Sonnox\Uninstall\Sonnox Oxford Reverb Native VST\unins000.exe"

Sony CD Architect 5.2-->MsiExec.exe /X{9B10CE2B-4450-46C5-95F7-CBA0C5D4BE73}

Sony DVD Architect Studio 4.5-->MsiExec.exe /X{DC1E0881-66E8-4884-9B5B-580F957F5B9A}

Sony Inflator RTAS v1.0-->D:\PROGRA~1\DIGIDE~1\DAE\Plug-Ins\DAE\Plug-Ins\Inflator\UNWISE.EXE D:\PROGRA~1\DIGIDE~1\DAE\Plug-Ins\DAE\Plug-Ins\Inflator\INSTALL.LOG

Spybot - Search & Destroy-->"E:\Spybot - Search & Destroy\unins000.exe"

SpyHunter-->"D:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "D:\Program Files\Enigma Software Group\SpyHunter\install.log" -u

Steinberg Hypersonic v1.12.808-->G:\VST\HYPERS~1\HYPERS~1\UNWISE.EXE G:\VST\HYPERS~1\HYPERS~1\INSTALL.LOG

Street Hacker Update 1.1.3-->"C:\Program Files\Street Hacker\unins000.exe"

Super Webcam-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{36F4AF22-A159-4E0F-AABE-67638D2B939D}\setup.exe" -l0x9 -removeonly

SyncroSoft Emu (Remove only)-->D:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe

Syncrosoft's License Control-->D:\PROGRA~1\SYNCRO~1\UNWISE.EXE D:\PROGRA~1\SYNCRO~1\INSTALL.LOG

Synth One-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{1980CB8C-DFB1-4B8F-9CD6-3DBF79785304}\setup.exe" -l0x9 -removeonly

System Requirements Lab-->D:\Program Files\SystemRequirementsLab\Uninstall.exe

Teach Me Piano Deluxe-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{80F6C967-CCE7-4AE3-9244-481187928E18}\setup.exe"

TL Space Native 7.4-->D:\Program Files\InstallShield Installation Information\{A09ABB28-33D6-4662-8282-C46D480BE863}\setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly

Tom Clancy's Ghost Recon Advanced Warfighter® 2-->"D:\Program Files\InstallShield Installation Information\{F78AC3C0-578C-49AB-BD4E-3107A6036A13}\Setup.exe" -runfromtemp -l0x0009 -removeonly

Tom Clancy's H.A.W.X-->"D:\Program Files\InstallShield Installation Information\{6E36A172-06FB-4BC8-B7FC-D30D219E6776}\setup.exe" -runfromtemp -l0x0009 -removeonly

Torq 1.0.7 (Build 010 -- July 10 2008)-->"C:\Maudio\Torq\Uninstall\unins000.exe"

Toxic Biohazard-->C:\FL Studio XXL 8\uninstall.exe

T-RackS 24-->D:\WINDOWS\IsUninst.exe -fc:\vst\Uninst.isu

T-RackS 3 Deluxe-->D:\Program Files\InstallShield Installation Information\{423C4130-EBC3-410A-B3A0-37BBF9D607D5}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly

TrancerOne Vers. 1.0-->"G:\VST\TrancerOne\unins000.exe"

TweakNow RegCleaner-->"C:\Tweak Now Reg Cleaner\TweakNow RegCleaner\unins000.exe"

Ultra Defragmenter-->"D:\WINDOWS\UltraDefrag\uninstall.exe"

UltraTools-->D:\WINDOWS\IsUninst.exe -fc:\UltraTools\Uninst.isu

Update for Windows XP (KB951072-v2)-->"D:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"D:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update for Windows XP (KB955839)-->"D:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Update for Windows XP (KB961503)-->"D:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"D:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

URS Classic Console Strip Pro VST RTAS v1.0-->"D:\Program Files\URS Plugins\Uninstall\unins000.exe"

URS Everything EQ Bundle TDM v4.0-->D:\WINDOWS\unvise32.exe C:\Program Files\URS\uninstal.log

VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG

VLC media player 1.0.0-->C:\VLC Player\VLC\uninstall.exe

VobSub v2.23 (Remove Only)-->"D:\Program Files\Gabest\VobSub\uninstall.exe"

Voce Bundle-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{E6C5FC97-8195-44CC-A520-C88394C947BC}\Setup.exe" -l0x9 FromUninstall

Vst To Rtas Adapter V2.1-->"C:\VST To RTAS Adapter\Vst To Rtas Adapter V2.1\Vst To Rtas Adapter V2.1 Uninstall.exe"

Waves Mercury Bundle-->G:\DIGIDE~1\DIGIDE~1\PROTOO~1\plugins\WAVESM~1\Logs\WAVESM~1\UNWISE.EXE G:\DIGIDE~1\DIGIDE~1\PROTOO~1\plugins\WAVESM~1\Logs\WAVESM~1\INSTALL.LOG

Windows Imaging Component-->"D:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->D:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}

Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}

Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}

Windows Live OneCare safety scanner-->RunDll32.exe "D:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}

Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}

Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Format 11 runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"D:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"D:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"D:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe

WinZip 11.2-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}

Xara3D6-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B3783869-5D14-4838-A042-910DF816D070}\setup.exe" -l0x9

Xpand!-->"D:\Program Files\Digidesign\unins000.exe"

XviD MPEG4 Video Codec (remove only)-->"D:\WINDOWS\system32\xvid-uninstall.exe"

Zero-X BeatSlicer-->D:\WINDOWS\Uzerox_bs.EXE /A D:\WINDOWS\Uzerox_bs.LOG "Zero-X BeatSlicer Uninstall"

 

=====HijackThis Backups=====

 

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Avast\avgpp.dll (file missing) [2009-02-21]

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Avast\avgssie.dll (file missing) [2009-02-21]

O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file) [2009-02-21]

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-02-21]

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local [2009-02-21]

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.145.124.55:80 [2009-02-21]

 

======Hosts File======

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

======Security center information======

 

AV: AVG Anti-Virus Free

FW: COMODO Firewall

 

======System event log======

 

Computer Name: UNPARALL-5F4EE2

Event Code: 7023

Message: The Application Management service terminated with the following error:

The specified module could not be found.

 

 

Record Number: 18089

Source Name: Service Control Manager

Time Written: 20090711061522.000000-240

Event Type: error

User:

 

Computer Name: UNPARALL-5F4EE2

Event Code: 7023

Message: The Application Management service terminated with the following error:

The specified module could not be found.

 

 

Record Number: 18086

Source Name: Service Control Manager

Time Written: 20090711061521.000000-240

Event Type: error

User:

 

Computer Name: UNPARALL-5F4EE2

Event Code: 7023

Message: The Application Management service terminated with the following error:

The specified module could not be found.

 

 

Record Number: 18083

Source Name: Service Control Manager

Time Written: 20090711061521.000000-240

Event Type: error

User:

 

Computer Name: UNPARALL-5F4EE2

Event Code: 7023

Message: The Application Management service terminated with the following error:

The specified module could not be found.

 

 

Record Number: 18080

Source Name: Service Control Manager

Time Written: 20090711061521.000000-240

Event Type: error

User:

 

Computer Name: UNPARALL-5F4EE2

Event Code: 7023

Message: The Application Management service terminated with the following error:

The specified module could not be found.

 

 

Record Number: 18077

Source Name: Service Control Manager

Time Written: 20090711061521.000000-240

Event Type: error

User:

 

=====Application event log=====

 

Computer Name: UNPARALL-5F4EE2

Event Code: 1000

Message: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

 

Record Number: 26

Source Name: Application Error

Time Written: 20090706153728.000000-240

Event Type: error

User:

 

Computer Name: UNPARALL-5F4EE2

Event Code: 1000

Message: Faulting application m-audiotaskbaricon.exe, version 1.2.0.10, faulting module unknown, version 0.0.0.0, fault address 0x10078a40.

 

Record Number: 25

Source Name: Application Error

Time Written: 20090706153709.000000-240

Event Type: error

User:

 

Computer Name: UNPARALL-5F4EE2

Event Code: 1000

Message: Faulting application rundll32.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x10078a40.

 

Record Number: 24

Source Name: Application Error

Time Written: 20090706153707.000000-240

Event Type: error

User:

 

Computer Name: UNPARALL-5F4EE2

Event Code: 1000

Message: Faulting application rundll32.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x00ab8a40.

 

Record Number: 22

Source Name: Application Error

Time Written: 20090706153649.000000-240

Event Type: error

User:

 

Computer Name: UNPARALL-5F4EE2

Event Code: 1000

Message: Faulting application idman.exe, version 5.17.5.0, faulting module unknown, version 0.0.0.0, fault address 0x10078a40.

 

Record Number: 21

Source Name: Application Error

Time Written: 20090706153638.000000-240

Event Type: error

User:

 

======Environment variables======

 

"CLASSPATH"=.;D:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

"ComSpec"=%SystemRoot%\system32\cmd.exe

"devmgr_show_nonpresent_devices"=1

"FP_NO_HOST_CHECK"=NO

"KMP_DUPLICATE_LIB_OK"=TRUE

"NUMBER_OF_PROCESSORS"=1

"OS"=Windows_NT

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;D:\Program Files\Common Files\iZotope\Runtimes;D:\Program Files\Common Files\Adobe\AGL;D:\Program Files\QuickTime\QTSystem

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD

"PROCESSOR_LEVEL"=15

"PROCESSOR_REVISION"=2f02

"QTJAVA"=D:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"windir"=%SystemRoot%

 

-----------------EOF-----------------

Share this post


Link to post
Share on other sites
AbsurdNY   

This is the log as got when I double clicked GMER:

 

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-07-12 20:56:33

Windows 5.1.2600 Service Pack 3

 

 

---- System - GMER 1.0.15 ----

 

SSDT sptd.sys ZwEnumerateKey [0xB9EC5E2C]

SSDT sptd.sys ZwEnumerateValueKey [0xB9EC61BA]

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs 849BE1E8

 

AttachedDevice \FileSystem\Ntfs \Ntfs DigiFilt.sys (Digidesign Filter Driver/Digidesign, A Division of Avid Technology, Inc.)

 

Device \FileSystem\Fastfat \Fat 839AC7A0

 

AttachedDevice \FileSystem\Fastfat \Fat DigiFilt.sys (Digidesign Filter Driver/Digidesign, A Division of Avid Technology, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

 

---- EOF - GMER 1.0.15 ----

 

 

This is the full scan log:

 

 

 

 

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-07-12 19:53:57

Windows 5.1.2600 Service Pack 3

 

 

---- System - GMER 1.0.15 ----

 

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB616D906]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB616CE66]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB616D4C2]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xB616E0D0]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB616CBC0]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB616EDC0]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB616DAEC]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB616C796]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB616DD3A]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xB616DEEA]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xB616C4F8]

SSDT sptd.sys ZwEnumerateKey [0xB9EC5E2C]

SSDT sptd.sys ZwEnumerateValueKey [0xB9EC61BA]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB616EA42]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB616D0AC]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB616D6FA]

SSDT sptd.sys ZwOpenKey [0xB9EC00B0]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xB616C228]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB616D33C]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xB616C3A0]

SSDT sptd.sys ZwQueryKey [0xB9EC6292]

SSDT sptd.sys ZwQueryValueKey [0xB9EC6112]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB616E496]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB616CCDE]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB616E7FA]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB616EBF0]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xB616E296]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB616D046]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB616D230]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB616CA8A]

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB616C958]

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text ntkrnlpa.exe!ZwCallbackReturn + 2468 80501CA0 4 Bytes JMP C2B616DE

.text ntkrnlpa.exe!ZwCallbackReturn + 24E8 80501D20 4 Bytes JMP C52CB616

? D:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.

.text USBPORT.SYS!DllUnload B90768AC 5 Bytes JMP 846B31C8

? System32\Drivers\ahvy4zx3.SYS The system cannot find the path specified. !

 

---- User code sections - GMER 1.0.15 ----

 

.text D:\WINDOWS\system32\rundll32.exe[240] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\rundll32.exe[240] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\rundll32.exe[240] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\rundll32.exe[240] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\rundll32.exe[240] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\rundll32.exe[240] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\system32\rundll32.exe[240] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\rundll32.exe[240] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\rundll32.exe[240] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\rundll32.exe[240] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\rundll32.exe[240] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgnsx.exe[296] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgnsx.exe[296] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgnsx.exe[296] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgnsx.exe[296] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgnsx.exe[296] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgnsx.exe[296] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text E:\AVG\avgnsx.exe[296] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgnsx.exe[296] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgnsx.exe[296] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgnsx.exe[296] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgnsx.exe[296] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[448] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[448] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[448] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[448] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[448] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[448] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[448] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[448] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[448] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\system32\svchost.exe[448] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[448] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\RUNDLL32.EXE[544] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\RUNDLL32.EXE[544] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\RUNDLL32.EXE[544] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\RUNDLL32.EXE[544] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\RUNDLL32.EXE[544] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\RUNDLL32.EXE[544] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\system32\RUNDLL32.EXE[544] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\RUNDLL32.EXE[544] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\RUNDLL32.EXE[544] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\RUNDLL32.EXE[544] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\RUNDLL32.EXE[544] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\M-AudioTaskBarIcon.exe[564] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\M-AudioTaskBarIcon.exe[564] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\M-AudioTaskBarIcon.exe[564] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\M-AudioTaskBarIcon.exe[564] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\M-AudioTaskBarIcon.exe[564] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\M-AudioTaskBarIcon.exe[564] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\M-AudioTaskBarIcon.exe[564] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\M-AudioTaskBarIcon.exe[564] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\M-AudioTaskBarIcon.exe[564] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\System32\M-AudioTaskBarIcon.exe[564] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\M-AudioTaskBarIcon.exe[564] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Mozilla Firefox\firefox.exe[608] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Mozilla Firefox\firefox.exe[608] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Mozilla Firefox\firefox.exe[608] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Mozilla Firefox\firefox.exe[608] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Mozilla Firefox\firefox.exe[608] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Mozilla Firefox\firefox.exe[608] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\Program Files\Mozilla Firefox\firefox.exe[608] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Mozilla Firefox\firefox.exe[608] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Mozilla Firefox\firefox.exe[608] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Mozilla Firefox\firefox.exe[608] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Mozilla Firefox\firefox.exe[608] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jusched.exe[612] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jusched.exe[612] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jusched.exe[612] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jusched.exe[612] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jusched.exe[612] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jusched.exe[612] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\Program Files\Java\jre6\bin\jusched.exe[612] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jusched.exe[612] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jusched.exe[612] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jusched.exe[612] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jusched.exe[612] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgwdsvc.exe[632] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgwdsvc.exe[632] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgwdsvc.exe[632] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgwdsvc.exe[632] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgwdsvc.exe[632] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgwdsvc.exe[632] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgwdsvc.exe[632] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgwdsvc.exe[632] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgwdsvc.exe[632] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text E:\AVG\avgwdsvc.exe[632] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgwdsvc.exe[632] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\winlogon.exe[720] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\winlogon.exe[720] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\winlogon.exe[720] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\winlogon.exe[720] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\winlogon.exe[720] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\winlogon.exe[720] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\winlogon.exe[720] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\winlogon.exe[720] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\winlogon.exe[720] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\system32\winlogon.exe[720] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\winlogon.exe[720] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Bonjour\mDNSResponder.exe[740] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Bonjour\mDNSResponder.exe[740] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Bonjour\mDNSResponder.exe[740] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Bonjour\mDNSResponder.exe[740] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Bonjour\mDNSResponder.exe[740] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Bonjour\mDNSResponder.exe[740] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Bonjour\mDNSResponder.exe[740] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Bonjour\mDNSResponder.exe[740] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Bonjour\mDNSResponder.exe[740] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\Program Files\Bonjour\mDNSResponder.exe[740] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Bonjour\mDNSResponder.exe[740] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\services.exe[764] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\services.exe[764] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\services.exe[764] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\services.exe[764] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\services.exe[764] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\services.exe[764] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\services.exe[764] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\services.exe[764] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\services.exe[764] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\system32\services.exe[764] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\services.exe[764] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\lsass.exe[776] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\lsass.exe[776] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\lsass.exe[776] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\lsass.exe[776] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\lsass.exe[776] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\lsass.exe[776] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\lsass.exe[776] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\lsass.exe[776] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\lsass.exe[776] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\system32\lsass.exe[776] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\lsass.exe[776] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[844] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[844] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[844] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[844] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[844] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[844] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[844] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[844] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[844] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[844] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[844] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[964] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[964] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[964] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[964] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[964] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[964] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[964] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[964] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\system32\svchost.exe[964] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[964] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1056] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1056] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1056] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1056] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1056] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1056] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1056] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\system32\svchost.exe[1056] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1056] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\COMODO\Firewall\cmdagent.exe[1096] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00375810 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\COMODO\Firewall\cmdagent.exe[1096] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00375740 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\COMODO\Firewall\cmdagent.exe[1096] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003753D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\COMODO\Firewall\cmdagent.exe[1096] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 003716D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\COMODO\Firewall\cmdagent.exe[1096] USER32.dll!keybd_event 7E466783 5 Bytes JMP 00371550 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\COMODO\Firewall\cmdagent.exe[1096] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00371860 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\COMODO\Firewall\cmdagent.exe[1096] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00371230 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\COMODO\Firewall\cmdagent.exe[1096] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 003713C0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\COMODO\Firewall\cmdagent.exe[1096] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [45, 88]

.text D:\Program Files\COMODO\Firewall\cmdagent.exe[1096] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 003750E0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\COMODO\Firewall\cmdagent.exe[1096] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 00375260 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\svchost.exe[1152] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\svchost.exe[1152] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\svchost.exe[1152] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\svchost.exe[1152] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\svchost.exe[1152] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\svchost.exe[1152] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\svchost.exe[1152] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\System32\svchost.exe[1152] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\System32\svchost.exe[1152] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1204] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1204] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1204] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1204] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1204] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1204] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1204] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\system32\svchost.exe[1204] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1204] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text E:\Spybot - Search & Destroy\TeaTimer.exe[1284] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text E:\Spybot - Search & Destroy\TeaTimer.exe[1284] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text E:\Spybot - Search & Destroy\TeaTimer.exe[1284] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text E:\Spybot - Search & Destroy\TeaTimer.exe[1284] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text E:\Spybot - Search & Destroy\TeaTimer.exe[1284] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text E:\Spybot - Search & Destroy\TeaTimer.exe[1284] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text E:\Spybot - Search & Destroy\TeaTimer.exe[1284] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text E:\Spybot - Search & Destroy\TeaTimer.exe[1284] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text E:\Spybot - Search & Destroy\TeaTimer.exe[1284] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text E:\Spybot - Search & Destroy\TeaTimer.exe[1284] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text E:\Spybot - Search & Destroy\TeaTimer.exe[1284] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!NtClose 7C90CFEE

Edited by AbsurdNY

Share this post


Link to post
Share on other sites
AbsurdNY   

.text D:\WINDOWS\system32\svchost.exe[1376] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1376] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1376] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1376] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1376] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1376] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1376] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\system32\svchost.exe[1376] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[1376] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\spoolsv.exe[1556] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\spoolsv.exe[1556] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\spoolsv.exe[1556] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\spoolsv.exe[1556] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\spoolsv.exe[1556] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\system32\spoolsv.exe[1556] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\spoolsv.exe[1556] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\spoolsv.exe[1556] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\spoolsv.exe[1556] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\spoolsv.exe[1556] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\LEXPPS.EXE[1564] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\LEXPPS.EXE[1564] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\LEXPPS.EXE[1564] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\LEXPPS.EXE[1564] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\LEXPPS.EXE[1564] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\LEXPPS.EXE[1564] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\system32\LEXPPS.EXE[1564] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\LEXPPS.EXE[1564] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\LEXPPS.EXE[1564] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\LEXPPS.EXE[1564] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\LEXPPS.EXE[1564] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[1640] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[1640] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[1640] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[1640] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[1640] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[1640] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[1640] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[1640] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[1640] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[1640] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[1640] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1692] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1692] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1692] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1692] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1692] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1692] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1692] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1692] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1692] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1692] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1692] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jqs.exe[1708] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jqs.exe[1708] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jqs.exe[1708] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jqs.exe[1708] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jqs.exe[1708] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jqs.exe[1708] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jqs.exe[1708] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jqs.exe[1708] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\Program Files\Java\jre6\bin\jqs.exe[1708] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jqs.exe[1708] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Java\jre6\bin\jqs.exe[1708] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Google\Update\GoogleUpdate.exe[1880] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Google\Update\GoogleUpdate.exe[1880] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Google\Update\GoogleUpdate.exe[1880] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Google\Update\GoogleUpdate.exe[1880] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Google\Update\GoogleUpdate.exe[1880] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Google\Update\GoogleUpdate.exe[1880] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Google\Update\GoogleUpdate.exe[1880] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Google\Update\GoogleUpdate.exe[1880] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\Program Files\Google\Update\GoogleUpdate.exe[1880] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Google\Update\GoogleUpdate.exe[1880] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Google\Update\GoogleUpdate.exe[1880] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aolsoftware.exe[1932] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aolsoftware.exe[1932] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aolsoftware.exe[1932] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aolsoftware.exe[1932] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aolsoftware.exe[1932] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aolsoftware.exe[1932] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aolsoftware.exe[1932] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aolsoftware.exe[1932] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aolsoftware.exe[1932] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\Program Files\AIM6\aolsoftware.exe[1932] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aolsoftware.exe[1932] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\Explorer.EXE[1936] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\Explorer.EXE[1936] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\Explorer.EXE[1936] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\Explorer.EXE[1936] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\Explorer.EXE[1936] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\Explorer.EXE[1936] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\Explorer.EXE[1936] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\Explorer.EXE[1936] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\Explorer.EXE[1936] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\Explorer.EXE[1936] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\Explorer.EXE[1936] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aim6.exe[2060] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aim6.exe[2060] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aim6.exe[2060] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aim6.exe[2060] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aim6.exe[2060] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aim6.exe[2060] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aim6.exe[2060] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aim6.exe[2060] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aim6.exe[2060] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\Program Files\AIM6\aim6.exe[2060] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\AIM6\aim6.exe[2060] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[2076] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[2076] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[2076] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[2076] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[2076] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[2076] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[2076] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[2076] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[2076] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[2076] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[2076] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\IoctlSvc.exe[2112] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\IoctlSvc.exe[2112] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\IoctlSvc.exe[2112] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\IoctlSvc.exe[2112] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\IoctlSvc.exe[2112] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\IoctlSvc.exe[2112] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\system32\IoctlSvc.exe[2112] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\IoctlSvc.exe[2112] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\IoctlSvc.exe[2112] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\IoctlSvc.exe[2112] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\IoctlSvc.exe[2112] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\PnkBstrA.exe[2124] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\PnkBstrA.exe[2124] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\PnkBstrA.exe[2124] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\PnkBstrA.exe[2124] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\PnkBstrA.exe[2124] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\PnkBstrA.exe[2124] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\PnkBstrA.exe[2124] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\PnkBstrA.exe[2124] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\PnkBstrA.exe[2124] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\system32\PnkBstrA.exe[2124] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\PnkBstrA.exe[2124] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[2240] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[2240] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[2240] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[2240] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[2240] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[2240] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[2240] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[2240] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[2240] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\system32\svchost.exe[2240] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\svchost.exe[2240] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgemc.exe[2304] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgemc.exe[2304] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgemc.exe[2304] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgemc.exe[2304] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgemc.exe[2304] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgemc.exe[2304] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgemc.exe[2304] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgemc.exe[2304] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgemc.exe[2304] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text E:\AVG\avgemc.exe[2304] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text E:\AVG\avgemc.exe[2304] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2344] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003A5810 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2344] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003A5740 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2344] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003A53D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2344] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 003A16D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2344] USER32.dll!keybd_event 7E466783 5 Bytes JMP 003A1550 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2344] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003A1860 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2344] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 003A1230 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2344] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 003A13C0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2344] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [48, 88]

.text D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2344] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 003A50E0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2344] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 003A5260 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3336] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3336] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3336] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3336] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3336] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3336] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\system32\notepad.exe[3336] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3336] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3336] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3336] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3336] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3444] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3444] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3444] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3444] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3444] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3444] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\WINDOWS\system32\notepad.exe[3444] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3444] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3444] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3444] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\WINDOWS\system32\notepad.exe[3444] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[3476] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[3476] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[3476] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[3476] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[3476] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[3476] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[3476] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[3476] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[3476] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[3476] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[3476] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\Documents and Settings\Absurd\Desktop\gmer\gmer.exe[3664] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\Documents and Settings\Absurd\Desktop\gmer\gmer.exe[3664] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\Documents and Settings\Absurd\Desktop\gmer\gmer.exe[3664] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\Documents and Settings\Absurd\Desktop\gmer\gmer.exe[3664] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\Documents and Settings\Absurd\Desktop\gmer\gmer.exe[3664] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\Documents and Settings\Absurd\Desktop\gmer\gmer.exe[3664] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\Documents and Settings\Absurd\Desktop\gmer\gmer.exe[3664] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\Documents and Settings\Absurd\Desktop\gmer\gmer.exe[3664] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\Documents and Settings\Absurd\Desktop\gmer\gmer.exe[3664] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\Documents and Settings\Absurd\Desktop\gmer\gmer.exe[3664] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\Documents and Settings\Absurd\Desktop\gmer\gmer.exe[3664] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Internet Download Manager\IEMonitor.exe[3844] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Internet Download Manager\IEMonitor.exe[3844] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Internet Download Manager\IEMonitor.exe[3844] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Internet Download Manager\IEMonitor.exe[3844] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Internet Download Manager\IEMonitor.exe[3844] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Internet Download Manager\IEMonitor.exe[3844] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Internet Download Manager\IEMonitor.exe[3844] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Internet Download Manager\IEMonitor.exe[3844] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Internet Download Manager\IEMonitor.exe[3844] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }

.text D:\Program Files\Internet Download Manager\IEMonitor.exe[3844] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 D:\WINDOWS\system32\guard32.dll

.text D:\Program Files\Internet Download Manager\IEMonitor.exe[3844] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 D:\WINDOWS\system32\guard32.dll

Edited by AbsurdNY

Share this post


Link to post
Share on other sites
AbsurdNY   

---- Kernel IAT/EAT - GMER 1.0.15 ----

 

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [b9EC0AD4] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [b9EC0C1A] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [b9EC0B9C] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [b9EC1748] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [b9EC161E] sptd.sys

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [b9D18710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [b9D18770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [b9D18990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [b9D18950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [b9D18950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [b9D18770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [b9D18710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [b9D18990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [b9D18990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [b9D18950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [b9D18770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [b9D18710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [b9D18950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [b9D18990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [b9D18710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [b9D18770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [b9D18710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [b9D18770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [b9D18950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [b9D18990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [b9D18950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [b9D18770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [b9D18710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

 

---- User IAT/EAT - GMER 1.0.15 ----

 

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aolsoftware.exe[1932] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [015FA621] d:\program files\aim6\services\imApp\ver6_9_15_1\imAppService.dll (imAppService EE Application Service/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT D:\Program Files\AIM6\aim6.exe[2060] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] D:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs 849BE1E8

 

AttachedDevice \FileSystem\Ntfs \Ntfs DigiFilt.sys (Digidesign Filter Driver/Digidesign, A Division of Avid Technology, Inc.)

 

Device \FileSystem\Fastfat \FatCdrom 839AC7A0

 

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

 

Device \Driver\NetBT \Device\NetBT_Tcpip_{F2D3389C-9E25-4EA2-94FB-5051F48C68FB} 842645C0

Device \Driver\usbohci \Device\USBPDO-0 846B21E8

Device \Driver\usbehci \Device\USBPDO-1 846A61E8

Device \Driver\PCI_NTPNP2794 \Device\00000055 sptd.sys

 

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

 

Device \Driver\prodrv06 \Device\ProDrv06 E1FEC008

Device \Driver\Ftdisk \Device\HarddiskVolume1 849C01E8

Device \Driver\Ftdisk \Device\HarddiskVolume2 849C01E8

Device \Driver\Cdrom \Device\CdRom0 8469A1E8

Device \Driver\Ftdisk \Device\HarddiskVolume3 849C01E8

Device \Driver\Cdrom \Device\CdRom1 8469A1E8

Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdePort1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\nvata \Device\00000073 849BF1E8

Device \Driver\nvata \Device\00000073 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\Ftdisk \Device\HarddiskVolume4 849C01E8

Device \Driver\Ftdisk \Device\HarddiskVolume5 849C01E8

Device \Driver\Ftdisk \Device\HarddiskVolume6 849C01E8

Device \Driver\prohlp02 \Device\ProHlp02 E19BD7D8

Device \Driver\NetBT \Device\NetBt_Wins_Export 842645C0

Device \Driver\NetBT \Device\NetbiosSmb 842645C0

 

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

 

Device \Driver\usbohci \Device\USBFDO-0 846B21E8

Device \Driver\usbehci \Device\USBFDO-1 846A61E8

Device \Driver\nvata \Device\NvAta0 849BF1E8

Device \Driver\nvata \Device\NvAta0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 842527A0

Device \Driver\nvata \Device\NvAta1 849BF1E8

Device \Driver\nvata \Device\NvAta1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \FileSystem\MRxSmb \Device\LanmanRedirector 842527A0

Device \Driver\Ftdisk \Device\FtControl 849C01E8

Device \Driver\ahvy4zx3 \Device\Scsi\ahvy4zx31Port4Path0Target0Lun0 8468D1E8

Device \Driver\ahvy4zx3 \Device\Scsi\ahvy4zx31Port4Path0Target0Lun0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \Driver\ahvy4zx3 \Device\Scsi\ahvy4zx31 8468D1E8

Device \Driver\ahvy4zx3 \Device\Scsi\ahvy4zx31 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device \FileSystem\Fastfat \Fat 839AC7A0

 

AttachedDevice \FileSystem\Fastfat \Fat DigiFilt.sys (Digidesign Filter Driver/Digidesign, A Division of Avid Technology, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

 

Device \FileSystem\Cdfs \Cdfs 844F87A0

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5A 0xE0 0x9D 0x94 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA5 0xC2 0xB3 0x21 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x12 0xD9 0x30 0x27 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5A 0xE0 0x9D 0x94 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA5 0xC2 0xB3 0x21 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1E 0xB6 0xCD 0x81 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5A 0xE0 0x9D 0x94 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA5 0xC2 0xB3 0x21 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x12 0xD9 0x30 0x27 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{1727FC36-5D3D-4896-9DEE-AFE8A6A530BF}\Version

Reg HKLM\SOFTWARE\Classes\CLSID\{1727FC36-5D3D-4896-9DEE-AFE8A6A530BF}\Version@Version 0xAC 0x6B 0x4E 0xF9 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{524c79c3-e349-42ec-ac21-97f6e2154ab8}@Model 194

Reg HKLM\SOFTWARE\Classes\CLSID\{524c79c3-e349-42ec-ac21-97f6e2154ab8}@Therad 15

Reg HKLM\SOFTWARE\Classes\CLSID\{524c79c3-e349-42ec-ac21-97f6e2154ab8}@MData 0x2B 0x8F 0x78 0x29 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x7B 0x84 0x7B 0x03 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xCD 0x56 0xA9 0x70 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{81206d2a-a17d-4619-be46-ef500303c97f}@Model 124

Reg HKLM\SOFTWARE\Classes\CLSID\{81206d2a-a17d-4619-be46-ef500303c97f}@Therad 30

Reg HKLM\SOFTWARE\Classes\CLSID\{81206d2a-a17d-4619-be46-ef500303c97f}@MData 0x2B 0x8F 0x78 0x29 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43994940-0A76-B9E2-F1CB-C506B574D3E1}

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43994940-0A76-B9E2-F1CB-C506B574D3E1}@hafdokpcgjhpicod 0x6E 0x62 0x61 0x6C ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43994940-0A76-B9E2-F1CB-C506B574D3E1}@jafdokpcgjhpicodiifh 0x66 0x61 0x61 0x6C ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43994940-0A76-B9E2-F1CB-C506B574D3E1}@panepddoiadpipfamhcalkabhkefmmlo 0x65 0x61 0x61 0x6C ...

 

---- EOF - GMER 1.0.15 ----

Edited by AbsurdNY

Share this post


Link to post
Share on other sites
Katana   

There is no obvious sign of infection, let's dig a bit deeper.

 

Information

 

The following program/s are regarded as either "Rogue", being bundled with "Adware" or having dubious reputations

 

Spy Hunter << Used to be listed as Rogue

 

I recommend that you remove Via Add/Remove Programs

 

----------------------------------------------------------------------------------------

Step 1

 

Malwarebytes' Anti-Malware

I notice that you have MBAM installed, please do the following

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------------------------------------------------------------------------------------

Step 2

 

 

Download and Run ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix:

 

Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop

  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

  • Double click combofix.exe & follow the prompts.

  • When finished, it will produce a log. Please save that log to post in your next reply

  • Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

----------------------------------------------------------------------------------------

Step 3

 

Kaspersky Online Scanner .

Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal

NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin

Go Here http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

 

Read the Requirements and limitations before you click Accept.

Once the database has downloaded, click My Computer in the left pane

Now go and put the kettle on !

When the scan has completed, click Save Report As...

Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)

Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

 

 

**Note**

 

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

 

 

----------------------------------------------------------------------------------------

Logs/Information to Post in Reply

Please post the following logs/Information in your reply

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

  • MalwareBytes Log
  • ComboFix Log
  • Kaspersky Log
  • How are things running now ?

 

---------------------------------------------------------------------------------------------------

---------------------------------------------------------------------------------------------------

Additional Notes

 

 

 

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

 

Adobe Reader is a large program and uses unnecessary space.

If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.

  • Please go to this link Adobe Acrobat Reader Download Link
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

Share this post


Link to post
Share on other sites
AbsurdNY   

Here is the MBAM and the Combofix logs. The Kaspersky scan is still running and is going to take a while to finish because it has been running for over 7 hours and its only on 52% finished. It has found 13 infected objects so far though. Also, I shut down my AVG virus software in the taskbar but it did not shut down the whole program and I could not figure out how to shut the whole thing down. I tried with the task manager but it just kept coming back.

 

Malwarebytes' Anti-Malware 1.38

Database version: 2420

Windows 5.1.2600 Service Pack 3

 

7/13/2009 8:16:09 PM

mbam-log-2009-07-13 (20-16-09).txt

 

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)

Objects scanned: 779876

Time elapsed: 6 hour(s), 38 minute(s), 49 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

ComboFix 09-07-13.01 - Absurd 07/13/2009 20:38.6.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2367 [GMT -4:00]

Running from: d:\documents and settings\Absurd\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

d:\$recycle.bin\S-1-5-21-1092947429-3021453888-962744471-1000

d:\windows\system32\Drivers\yndtahyu.sys

d:\windows\system32\lsprst7.dll

d:\windows\system32\msvcsv60.dll

d:\windows\system32\sliblww.dll

d:\windows\system32\soleth.dll

d:\windows\system32\sslibjte.dll

d:\windows\system32\sslibjye.dll

d:\windows\system32\sslibrty.dll

d:\windows\system32\sslibsfh.dll

d:\windows\system32\sslibytr.dll

d:\windows\system32\ssprs.dll

d:\windows\system32\tmp83.tmp

d:\windows\system32\tmp84.tmp

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_flcz

 

 

((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))

.

 

2009-07-12 22:55 . 2009-07-12 22:56 -------- d-----w- D:\rsit

2009-07-11 13:08 . 2009-07-11 13:13 -------- d-----w- d:\documents and settings\Absurd\Application Data\vlc

2009-07-11 12:59 . 2009-07-11 08:01 2052888 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll

2009-07-11 10:45 . 2009-07-13 14:28 -------- d--h--w- D:\$AVG8.VAULT$

2009-07-11 10:30 . 2009-06-14 20:07 1004800 ----a-w- d:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll

2009-07-11 08:09 . 2009-07-11 11:09 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-07-11 08:06 . 2009-07-11 08:06 -------- d-----w- d:\documents and settings\Absurd\Local Settings\Application Data\AVG Security Toolbar

2009-07-11 08:02 . 2009-07-11 08:02 11952 ----a-w- d:\windows\system32\avgrsstx.dll

2009-07-11 08:02 . 2009-07-11 08:02 327688 ----a-w- d:\windows\system32\drivers\avgldx86.sys

2009-07-11 08:02 . 2009-07-11 08:02 27784 ----a-w- d:\windows\system32\drivers\avgmfx86.sys

2009-07-11 08:02 . 2009-07-13 22:20 -------- d-----w- d:\windows\system32\drivers\Avg

2009-07-11 08:02 . 2009-07-11 10:30 -------- d-----w- d:\documents and settings\All Users\Application Data\AVG Security Toolbar

2009-07-11 08:01 . 2009-07-11 08:01 108552 ----a-w- d:\windows\system32\drivers\avgtdix.sys

2009-07-10 21:29 . 2009-07-10 21:29 -------- d-----w- d:\program files\ERUNT

2009-07-10 20:10 . 2009-07-11 16:33 -------- d-----w- d:\documents and settings\Absurd\Application Data\REAPER

2009-07-10 18:31 . 2009-07-10 18:31 -------- d-----w- d:\windows\system32\wbem\Repository

2009-07-10 18:31 . 2009-07-10 18:31 -------- d-----w- d:\windows\nview

2009-07-10 18:31 . 2009-07-10 18:31 -------- d-----w- d:\documents and settings\All Users\Application Data\nView_Profiles

2009-07-10 18:31 . 2009-07-10 18:31 -------- d-----w- d:\program files\AMD

2009-07-10 18:30 . 2009-07-10 18:30 -------- d-----w- d:\program files\AGEIA Technologies

2009-07-10 18:30 . 2009-07-10 18:30 -------- d-----w- d:\windows\system32\AGEIA

2009-07-10 18:30 . 2009-07-10 18:30 -------- d-----w- D:\NVIDIA

2009-07-10 18:22 . 2009-07-10 18:22 -------- d-----w- d:\windows\nview(2)

2009-07-10 17:54 . 2009-07-10 18:31 -------- d-----w- d:\program files\Driver Sweeper

2009-07-10 17:02 . 2009-07-10 17:02 152576 ----a-w- d:\documents and settings\Absurd\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2009-07-10 12:15 . 2009-07-10 12:42 -------- d-----w- d:\documents and settings\Studio\Application Data\Digidesign

2009-07-10 12:10 . 2009-07-10 12:10 -------- d-----w- d:\documents and settings\Studio\Application Data\Waves Audio

2009-07-10 12:10 . 2009-07-10 12:10 -------- d-----w- d:\documents and settings\Studio\Local Settings\Application Data\Apple Computer

2009-07-10 12:10 . 2009-07-10 12:10 -------- d-----w- d:\documents and settings\Studio\Application Data\M-Audio

2009-07-10 12:10 . 2009-07-10 12:15 -------- d-----w- d:\documents and settings\Studio\Application Data\PACE Anti-Piracy

2009-07-10 12:10 . 2009-07-10 12:10 -------- d-----w- d:\documents and settings\Studio\Local Settings\Application Data\PACE Anti-Piracy

2009-07-07 17:27 . 2008-05-15 21:45 356864 ----a-w- d:\windows\system32\M-AudioTaskBarIcon.exe

2009-07-07 17:27 . 2008-03-11 20:37 143624 ----a-w- d:\windows\system32\drivers\mausb.sys

2009-07-07 17:27 . 2008-03-11 20:37 28680 ----a-w- d:\windows\system32\mausbasio.dll

2009-07-07 17:27 . 2008-03-11 20:37 2519712 ----a-w- d:\windows\system32\madiousb.dll

2009-07-06 22:05 . 2009-07-06 22:06 88616 ----a-w- d:\documents and settings\stickam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-05 23:26 . 2009-07-05 23:26 -------- d-----w- d:\documents and settings\Absurd\Application Data\Ubisoft

2009-07-03 23:08 . 2009-07-03 23:08 3128 ----a-r- d:\documents and settings\Absurd\Application Data\Microsoft\Installer\{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}\ARPPRODUCTICON.exe

2009-07-03 22:51 . 2009-07-03 22:51 3128 ----a-r- d:\documents and settings\Absurd\Application Data\Microsoft\Installer\{147567F0-8575-4BE0-B5B3-62706C67FA5A}\ARPPRODUCTICON.exe

2009-07-03 22:45 . 2009-07-03 22:45 3128 ----a-r- d:\documents and settings\Absurd\Application Data\Microsoft\Installer\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}\ARPPRODUCTICON.exe

2009-07-03 22:01 . 2009-07-03 22:01 -------- d-----w- d:\program files\Toontrack

2009-07-03 17:30 . 2001-11-19 23:05 3972 ----a-w- d:\windows\system32\drivers\PciBus.sys

2009-07-03 17:30 . 2004-06-22 19:44 5632 ----a-w- d:\windows\system32\drivers\Entech64.sys

2009-07-03 03:18 . 2009-03-27 05:16 12672 ----a-w- d:\windows\system32\drivers\cpuz132_x32.sys

2009-07-03 01:24 . 2009-07-03 01:24 -------- d-----w- d:\windows\system32\windows media

2009-07-03 00:06 . 2009-03-09 19:27 453456 ----a-w- d:\windows\system32\d3dx10_41.dll

2009-07-03 00:06 . 2009-03-09 19:27 4178264 ----a-w- d:\windows\system32\D3DX9_41.dll

2009-07-03 00:06 . 2009-03-09 19:27 1846632 ----a-w- d:\windows\system32\D3DCompiler_41.dll

2009-07-03 00:06 . 2009-03-16 18:18 69448 ----a-w- d:\windows\system32\XAPOFX1_3.dll

2009-07-03 00:06 . 2009-03-16 18:18 517448 ----a-w- d:\windows\system32\XAudio2_4.dll

2009-07-03 00:06 . 2009-03-16 18:18 235352 ----a-w- d:\windows\system32\xactengine3_4.dll

2009-07-03 00:06 . 2009-03-16 18:18 22360 ----a-w- d:\windows\system32\X3DAudio1_6.dll

2009-07-02 18:39 . 2009-07-02 18:39 -------- d-----w- d:\program files\Common Files\aliaswavefront shared

2009-07-02 18:39 . 2009-07-02 18:39 -------- d-----w- d:\program files\Common Files\Alias Shared

2009-07-02 18:38 . 2009-07-02 23:45 -------- d-----w- d:\program files\Microsoft DirectX SDK (April 2007)

2009-07-01 06:21 . 2006-04-14 19:00 208896 ------w- d:\windows\system32\nvuide.exe

2009-07-01 02:31 . 2009-06-08 13:20 198064 ----a-w- d:\documents and settings\Absurd\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll

2009-06-30 17:24 . 2005-08-30 20:19 1052672 ----a-w- d:\documents and settings\Absurd\Application Data\Macromedia\Dreamweaver 8\Configuration\Flash Player\FlashPlayerW.dll

2009-06-29 11:37 . 2009-06-29 11:37 -------- dc-h--w- d:\documents and settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}

2009-06-29 11:37 . 2008-08-17 11:39 2928992 -c--a-r- d:\documents and settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe

2009-06-29 11:31 . 2009-06-29 11:31 -------- d-----w- d:\program files\Electronic Arts

2009-06-29 11:30 . 2009-07-11 10:11 1942 ----a-w- d:\windows\system32\ealregsnapshot1.reg

2009-06-27 16:32 . 2009-06-27 16:32 -------- d-----w- d:\documents and settings\Absurd\Application Data\KORG

2009-06-27 15:54 . 2009-06-27 15:54 -------- d-----w- d:\documents and settings\All Users\Application Data\KORG

2009-06-27 15:54 . 2009-06-27 15:54 -------- d-----w- d:\program files\Common Files\KORG

2009-06-27 14:32 . 2009-06-27 14:32 -------- d-----w- d:\documents and settings\All Users\Application Data\Codemasters

2009-06-27 14:31 . 2009-07-03 17:30 86016 ----a-w- d:\windows\system32\OpenAL32.dll

2009-06-27 14:31 . 2009-07-03 03:29 -------- d-----w- d:\program files\OpenAL

2009-06-27 14:31 . 2009-06-27 14:31 444952 ----a-w- d:\windows\system32\wrap_oal.dll

2009-06-27 05:22 . 2007-02-26 22:15 61984 ----a-w- d:\windows\system32\drivers\xusb21.sys

2009-06-27 05:22 . 2007-02-26 22:15 1421216 ----a-w- d:\windows\system32\WdfCoInstaller01001.dll

2009-06-27 05:22 . 2009-06-27 05:22 -------- d-----w- d:\program files\Microsoft Xbox 360 Accessories

2009-06-25 07:39 . 2009-06-25 07:39 -------- d-----w- d:\documents and settings\Absurd\Application Data\M-Audio

2009-06-25 04:19 . 2003-02-27 01:27 36864 ----a-w- d:\windows\system32\wbsys.dll

2009-06-25 02:11 . 2009-06-25 02:11 1025 ----a-w- d:\windows\system32\sysprs7.dll

2009-06-25 02:11 . 2009-06-25 02:11 1025 ----a-w- d:\windows\system32\clauth2.dll

2009-06-25 02:11 . 2009-06-25 02:11 1025 ----a-w- d:\windows\system32\clauth1.dll

2009-06-25 00:48 . 2005-05-10 00:08 33792 ----a-w- d:\windows\system32\drivers\cledx.sys

2009-06-25 00:47 . 2002-11-25 18:46 16896 ----a-w- d:\windows\system32\drivers\synasUSB.sys

2009-06-25 00:47 . 2002-11-25 21:36 45056 ----a-w- d:\windows\system32\Synsopos.exe

2009-06-25 00:47 . 2009-06-25 00:47 -------- d-----w- d:\program files\Syncrosoft

2009-06-25 00:47 . 2005-02-01 08:34 700416 ----a-w- d:\windows\system32\SYNSOACC.dll

2009-06-25 00:47 . 2004-05-11 04:58 147456 ----a-w- d:\windows\system32\SynsoLChk.dll

2009-06-25 00:47 . 2001-04-09 18:03 17784 ----a-w- d:\windows\system32\drivers\NSynas32.sys

2009-06-23 07:43 . 2009-06-23 07:43 -------- d-----w- d:\documents and settings\Absurd\G-Force V-Bar

2009-06-23 07:30 . 2009-06-23 07:51 -------- d-----w- d:\documents and settings\Absurd\G-Force

2009-06-23 07:30 . 2009-06-23 07:30 -------- d-----w- d:\program files\SoundSpectrum

2009-06-23 07:30 . 2009-06-23 07:30 -------- d-----w- d:\program files\Common Files\Real

2009-06-23 07:11 . 2009-06-23 07:14 -------- d-----w- d:\documents and settings\All Users\Application Data\ElectricSheep

2009-06-23 05:11 . 2009-06-23 05:11 -------- d-----w- d:\documents and settings\Absurd\Application Data\dBpoweramp

2009-06-22 14:45 . 2009-06-22 14:45 -------- d-----w- d:\program files\Common Files\Voyetra

2009-06-22 14:33 . 2009-06-22 14:33 198064 ----a-w- d:\documents and settings\Absurd\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

2009-06-22 13:29 . 2006-07-02 02:39 36864 ----a-w- d:\windows\system32\drivers\AmdK8.sys

2009-06-22 13:13 . 2009-07-11 10:10 -------- d-----w- d:\documents and settings\Absurd\Local Settings\Application Data\eSupport.com

2009-06-22 12:06 . 2009-06-22 12:06 -------- d-----w- d:\windows\system32\Lang

2009-06-22 11:57 . 2009-02-09 06:34 35840 ----a-w- d:\windows\system32\RtkCoInstXP.dll

2009-06-22 11:49 . 2006-12-18 20:33 356352 ----a-w- d:\windows\system32\nvusmb.exe

2009-06-22 11:47 . 2006-02-17 16:27 159232 ----a-w- d:\windows\system32\fdco_l1034.dll

2009-06-22 11:47 . 2006-02-17 16:27 158720 ----a-w- d:\windows\system32\fdco_l1046.dll

2009-06-22 11:47 . 2006-02-17 16:27 156672 ----a-w- d:\windows\system32\fdco_l1042.dll

2009-06-22 11:47 . 2006-02-17 16:27 156672 ----a-w- d:\windows\system32\fdco_l1041.dll

2009-06-22 11:47 . 2006-02-17 16:27 158720 ----a-w- d:\windows\system32\fdco_l1040.dll

2009-06-22 11:47 . 2006-02-17 16:27 159232 ----a-w- d:\windows\system32\fdco_l1031.dll

2009-06-22 11:47 . 2006-02-17 16:27 159232 ----a-w- d:\windows\system32\fdco_l1036.dll

2009-06-22 11:47 . 2006-02-17 16:27 155136 ----a-w- d:\windows\system32\fdco_l2052.dll

2009-06-22 11:47 . 2006-02-17 16:27 155648 ----a-w- d:\windows\system32\fdco_l1028.dll

2009-06-22 11:47 . 2006-02-17 16:26 9728 ----a-w- d:\windows\system32\bdco1ins.dll

2009-06-22 07:35 . 2009-06-22 07:35 -------- d-----w- d:\windows\system32\Futuremark

2009-06-22 07:35 . 2008-09-17 18:14 27672 ----a-r- d:\windows\system32\drivers\Entech.sys

2009-06-22 01:52 . 2009-06-22 01:52 -------- d-----w- d:\documents and settings\Absurd\Application Data\AccurateRip

2009-06-22 01:52 . 2009-06-22 01:52 13841 ----a-w- d:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat

2009-06-22 01:52 . 2008-06-06 15:32 5082488 ----a-w- d:\windows\system32\SpoonUninstall.exe

2009-06-21 23:15 . 2009-06-21 23:15 -------- d-----w- d:\documents and settings\All Users\Application Data\Steinberg

2009-06-21 23:11 . 2009-06-21 23:24 -------- d-----w- d:\documents and settings\Absurd\Application Data\Steinberg

2009-06-21 22:33 . 2009-06-21 22:33 -------- d-----w- d:\documents and settings\Absurd\TruePianos Settings

2009-06-21 22:15 . 2009-06-21 22:15 118784 ----a-w- d:\windows\dsdxirmv.exe

2009-06-19 23:03 . 2009-06-19 23:03 -------- d-----w- d:\documents and settings\Absurd\Application Data\Yahoo!

2009-06-19 23:02 . 2009-07-08 16:12 -------- d-----w- d:\program files\Yahoo!

2009-06-19 22:59 . 2009-06-19 22:59 -------- d-----w- d:\documents and settings\Absurd\Application Data\TweakNow RegCleaner

2009-06-19 21:43 . 2009-06-19 21:43 -------- d-----w- d:\documents and settings\Absurd\Application Data\Auslogics

2009-06-19 21:43 . 2009-06-19 21:43 -------- d-----w- d:\program files\Auslogics

2009-06-19 13:55 . 2009-06-19 13:55 -------- d-----w- d:\program files\LUXONIX

2009-06-19 13:33 . 2009-06-21 22:32 -------- d-----w- d:\documents and settings\Absurd\Application Data\Cakewalk

2009-06-19 13:33 . 2009-06-25 00:40 -------- d-----w- d:\documents and settings\All Users\Application Data\Cakewalk

2009-06-19 11:56 . 2009-06-19 11:57 -------- d-----w- d:\windows\UltraDefrag

 

.

Edited by AbsurdNY

Share this post


Link to post
Share on other sites
AbsurdNY   

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-14 01:08 . 2008-04-05 03:41 -------- d-----w- d:\documents and settings\Absurd\Application Data\DMCache

2009-07-14 00:59 . 2008-05-04 09:02 -------- d-----w- d:\documents and settings\Absurd\Application Data\IDM

2009-07-13 17:22 . 2008-04-03 07:33 -------- d-----w- d:\program files\Enigma Software Group

2009-07-11 18:01 . 2008-04-09 03:32 -------- d-----w- d:\documents and settings\Absurd\Application Data\Digidesign

2009-07-11 17:52 . 2008-06-20 23:23 208 ----a-w- d:\windows\msocreg32.dat

2009-07-11 10:38 . 2008-04-02 18:43 56656 ----a-w- d:\documents and settings\Absurd\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-11 10:35 . 2008-06-23 00:28 -------- d-----w- d:\documents and settings\All Users\Application Data\Viewpoint

2009-07-11 10:35 . 2008-04-02 18:36 -------- d--h--w- d:\program files\InstallShield Installation Information

2009-07-11 10:31 . 2009-01-19 08:59 -------- d-----w- d:\documents and settings\Absurd\Application Data\SUPERAntiSpyware.com

2009-07-11 10:31 . 2009-01-19 08:31 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard

2009-07-11 10:31 . 2009-01-19 08:59 -------- d-----w- d:\program files\SUPERAntiSpyware

2009-07-11 10:24 . 2008-04-02 23:20 -------- d-----w- d:\program files\Common Files\Apple

2009-07-11 10:15 . 2009-01-27 04:01 -------- d-----w- d:\program files\HotItemFinder

2009-07-11 10:14 . 2008-11-15 04:19 -------- d-----w- d:\program files\Matroska Pack

2009-07-11 10:09 . 2009-01-23 05:36 -------- d-----w- d:\program files\InventoryBuilder

2009-07-11 10:09 . 2009-01-27 03:43 -------- d-----w- d:\program files\AuctionYen

2009-07-11 09:00 . 2008-04-05 09:18 -------- d-----w- d:\program files\Common Files\Adobe

2009-07-11 08:14 . 2009-04-11 11:51 -------- d-----w- d:\documents and settings\All Users\Application Data\Autodesk

2009-07-11 08:14 . 2009-04-11 11:51 -------- d-----w- d:\program files\Common Files\Autodesk Shared

2009-07-11 08:01 . 2008-10-28 00:25 -------- d-----w- d:\documents and settings\All Users\Application Data\avg8

2009-07-11 07:47 . 2009-06-04 22:12 1984 ----a-w- d:\windows\system32\d3d9caps.dat

2009-07-10 17:04 . 2009-02-22 19:28 -------- d-----w- d:\program files\Java

2009-07-10 11:53 . 2009-07-10 11:53 -------- d-----w- d:\documents and settings\Studio\Application Data\Logitech

2009-07-10 11:53 . 2009-07-10 11:53 88616 ----a-w- d:\documents and settings\Studio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-07 21:36 . 2009-01-19 08:20 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware

2009-07-07 21:36 . 2009-02-16 06:10 3561743 ----a-w- d:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-07-07 17:26 . 2008-06-08 06:00 -------- d-----w- d:\program files\M-Audio

2009-07-07 03:58 . 2008-04-21 17:04 -------- d-----w- d:\documents and settings\All Users\Application Data\Ubisoft

2009-07-07 03:58 . 2008-08-15 12:55 -------- d-----w- d:\documents and settings\Absurd\Application Data\SystemRequirementsLab

2009-07-07 03:58 . 2008-08-15 12:55 -------- d-----w- d:\program files\SystemRequirementsLab

2009-07-07 03:57 . 2008-08-15 08:49 -------- d-----w- d:\program files\NVIDIA Corporation

2009-07-03 11:52 . 2008-11-17 19:49 -------- d-----w- d:\program files\Windows Media Connect 2

2009-07-03 11:31 . 2008-06-28 00:29 -------- d-----w- d:\program files\Drumagog40

2009-07-01 19:32 . 2008-04-09 10:09 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP

2009-07-01 12:59 . 2009-06-26 23:20 -------- d-----w- d:\program files\EVGA Precision

2009-06-29 11:44 . 2008-04-09 07:39 107888 ----a-w- d:\windows\system32\CmdLineExt.dll

2009-06-27 17:08 . 2008-04-06 06:22 -------- d-----w- d:\documents and settings\All Users\Application Data\PACE Anti-Piracy

2009-06-27 17:08 . 2008-04-06 06:22 -------- d-----w- d:\documents and settings\Absurd\Application Data\PACE Anti-Piracy

2009-06-27 05:22 . 2009-06-27 05:22 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf

2009-06-22 14:32 . 2008-05-04 09:02 -------- d-----w- d:\program files\Internet Download Manager

2009-06-22 01:44 . 2009-06-02 14:41 -------- d-----w- d:\documents and settings\Absurd\Application Data\Ableton

2009-06-20 08:34 . 2008-06-23 18:18 -------- d-----w- d:\program files\IK Multimedia

2009-06-19 23:15 . 2009-01-22 07:07 -------- d-----w- d:\program files\SmartFTP Client

2009-06-19 14:43 . 2009-06-03 05:50 -------- d-----w- d:\program files\Common Files\Native Instruments

2009-06-19 08:25 . 2008-04-03 02:16 -------- d-----w- d:\program files\GIGABYTE

2009-06-19 07:41 . 2008-04-07 15:51 24944 ----a-w- d:\windows\system32\drivers\GVTDrv.sys

2009-06-19 06:52 . 2008-08-02 06:37 -------- d-----w- d:\program files\ZModeler

2009-06-19 06:40 . 2009-06-12 08:20 -------- d-----w- d:\program files\McDSP

2009-06-19 06:36 . 2008-09-18 09:01 -------- d-----w- d:\program files\Google

2009-06-19 05:47 . 2009-04-10 10:48 -------- d-----w- d:\documents and settings\All Users\Application Data\Alibre Design

2009-06-18 12:35 . 2008-08-05 04:52 -------- d-----w- d:\program files\Native Instruments

2009-06-17 15:27 . 2009-01-19 08:21 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2009-06-17 15:27 . 2009-01-19 08:21 19096 ----a-w- d:\windows\system32\drivers\mbam.sys

2009-06-17 02:52 . 2008-07-14 18:29 -------- d-----w- d:\program files\AIM6

2009-06-17 02:49 . 2009-06-17 02:49 -------- d-----w- d:\documents and settings\All Users\Application Data\AOL Downloads

2009-06-14 05:52 . 2008-06-21 22:09 -------- d-----w- d:\documents and settings\All Users\Application Data\IK Multimedia

2009-06-13 21:31 . 2009-06-13 21:31 -------- d-----w- d:\program files\Sonnox

2009-06-13 11:17 . 2009-06-13 11:17 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf

2009-06-12 09:56 . 2009-06-12 09:56 -------- d-----w- d:\documents and settings\Absurd\Application Data\FabFilter

2009-06-12 09:52 . 2009-06-12 09:52 -------- d-----w- d:\program files\URS Plugins

2009-06-12 09:39 . 2009-06-12 09:39 27041 ----a-w- d:\windows\unins000.dat

2009-06-12 09:39 . 2009-06-12 09:39 -------- d-----w- d:\program files\Sonalksis

2009-06-12 09:39 . 2009-06-12 09:39 678746 ----a-w- d:\windows\unins000.exe

2009-06-12 09:37 . 2009-06-12 09:37 -------- d-----w- d:\program files\Vintage Amp Room

2009-06-12 09:35 . 2009-06-12 09:35 -------- d-----w- d:\program files\Serato

2009-06-12 09:30 . 2009-06-12 09:28 -------- d-----w- d:\program files\Roger Nichols Digital, Inc

2009-06-12 09:23 . 2009-06-12 09:23 -------- d-----w- d:\program files\Overloud

2009-06-12 09:23 . 2008-06-28 00:27 -------- d-----w- d:\program files\Nomad Factory

2009-06-12 09:16 . 2009-06-12 09:16 -------- d-----w- d:\program files\Flux

2009-06-12 09:16 . 2009-06-12 09:16 -------- d-----w- d:\program files\FabFilter

2009-06-12 09:14 . 2009-06-12 09:14 -------- d-----w- d:\program files\Brainworx Music

2009-06-12 09:14 . 2009-06-12 09:14 -------- d-----w- d:\program files\Common Files\Voce Spin

2009-06-12 09:12 . 2009-06-01 23:28 -------- d-----w- d:\program files\Digidesign

2009-06-12 09:01 . 2009-06-12 09:01 -------- d-----w- d:\program files\Common Files\Melodyne plugin

2009-06-12 09:01 . 2009-06-12 09:01 -------- d-----w- d:\program files\Celemony

2009-06-12 08:18 . 2008-06-27 23:42 -------- d-----w- d:\program files\Antares Audio Technologies

2009-06-09 20:48 . 2009-06-05 13:57 -------- d-----w- d:\documents and settings\Absurd\Application Data\Propellerhead Software

2009-06-09 20:43 . 2009-06-05 13:57 -------- d-----w- d:\documents and settings\All Users\Application Data\Propellerhead Software

2009-06-06 14:15 . 2009-06-06 14:15 -------- d-----w- d:\documents and settings\Absurd\Application Data\UP

2009-06-06 08:07 . 2009-06-06 08:07 -------- d-----w- d:\documents and settings\Absurd\Application Data\MixMeister Technology

2009-06-06 06:35 . 2009-06-06 06:35 -------- d-----w- d:\program files\7-Zip

2009-06-02 14:41 . 2009-06-02 14:41 -------- d-----w- d:\documents and settings\All Users\Application Data\Ableton

2009-06-02 13:54 . 2009-06-02 13:54 -------- d-----w- d:\program files\Sonik Synth 2 Free

2009-06-02 13:43 . 2009-06-02 13:43 -------- d-----w- d:\documents and settings\All Users\Application Data\Structure

2009-06-01 13:20 . 2009-06-01 13:20 -------- d-----w- d:\program files\Common Files\Trillium Lane

2009-06-01 03:03 . 2008-05-10 04:32 67720 ---ha-w- d:\windows\system32\mlfcache.dat

2009-05-31 22:25 . 2009-05-31 22:25 292878 ----a-r- d:\documents and settings\Absurd\Application Data\Microsoft\Installer\{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}\NewShortcut6_504C9DBC7EE645B2A9CF47F39BEDA88E.exe

2009-05-31 22:25 . 2009-05-31 22:25 292878 ----a-r- d:\documents and settings\Absurd\Application Data\Microsoft\Installer\{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}\NewShortcut2_C8CBC5632A224D2D83650A01AF12D5F6.exe

2009-05-31 22:25 . 2009-05-31 22:25 292878 ----a-r- d:\documents and settings\Absurd\Application Data\Microsoft\Installer\{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}\NewShortcut1_F627668DCED74C3B92937B05B370A211.exe

2009-05-31 22:25 . 2009-05-31 22:25 292878 ----a-r- d:\documents and settings\Absurd\Application Data\Microsoft\Installer\{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}\ARPPRODUCTICON.exe

2009-05-31 22:25 . 2009-05-31 22:25 -------- d-----w- d:\program files\KORG

2009-05-30 19:25 . 2009-05-30 19:25 -------- d-----w- d:\documents and settings\Absurd\Application Data\Cycling '74

2009-05-30 18:17 . 2009-05-30 18:13 -------- d-----w- d:\program files\u-he

2009-05-30 18:17 . 2009-05-30 18:17 -------- d-----w- d:\documents and settings\All Users\Application Data\Celemony Software GmbH

2009-05-29 20:13 . 2009-05-29 20:13 -------- d-----w- d:\program files\Common Files\C74 Plug-in Support

2009-05-29 20:13 . 2009-05-29 20:13 -------- d-----w- d:\program files\Cycling '74

2009-05-29 14:27 . 2009-05-29 14:27 -------- d--h--w- d:\documents and settings\Absurd\Application Data\FDBTemp

2009-05-21 15:33 . 2009-02-16 01:31 410984 ----a-w- d:\windows\system32\deploytk.dll

2009-05-19 05:36 . 2009-06-17 02:49 2884832 ----a-w- d:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe

2009-05-19 05:36 . 2009-06-17 02:49 28 ----a-w- d:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat

2009-06-13 21:43 . 2008-06-18 20:00 134648 ----a-w- d:\program files\mozilla firefox\components\brwsrcmp.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "e:\avg\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-06-14 20:07 1004800 ----a-w- e:\avg\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "e:\avg\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "e:\avg\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

"SpybotSD TeaTimer"="e:\spybot - search & destroy\TeaTimer.exe" [2009-03-05 2260480]

"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\11b60ed9-558f-4a2f-bedc-e58aa3a9e0f8.exe" [2008-12-22 1830128]

"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2009-05-28 960944]

"EA Core"="d:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-12-25 86016]

"M-Audio Taskbar Icon"="d:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864]

"COMODO Firewall Pro"="d:\program files\COMODO\Firewall\cfp.exe" [2009-01-19 1797880]

"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

"AVG8_TRAY"="e:\avg\avgtray.exe" [2009-07-11 1948440]

"XboxStat"="d:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]

"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-12-25 13680640]

"H2O"="d:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]

"COMODO Internet Security"="d:\program files\COMODO\Firewall\cfp.exe" [2009-01-19 1797880]

"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2008-12-25 1657376]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - d:\windows\KHALMNPR.Exe [2008-12-19 76304]

 

d:\documents and settings\Absurd\Start Menu\Programs\Startup\

Adobe Gamma.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-14 113664]

ERUNT AutoBackup.lnk - d:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoChangeAnimation"= 0 (0x0)

"NoStrCmpLogical"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 0 (0x0)

"NoStrCmpLogical"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-02-19 04:30 72208 ----a-w- d:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-07-11 08:02 11952 ----a-w- d:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=d:\windows\system32\guard32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"Midi1"=ma_cmidn.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

path=

backup=d:\windows\pss\Logitech SetPoint.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WZCSVC"=2 (0x2)

"Viewpoint Manager Service"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=

"d:\\WINDOWS\\system32\\PnkBstrA.exe"=

"d:\\WINDOWS\\system32\\PnkBstrB.exe"=

"d:\\Program Files\\GIGABYTE\\EasyTune4\\update.exe"=

"d:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"d:\\Program Files\\AIM6\\aim6.exe"=

"g:\\Avast\\avgupd.exe"=

"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"d:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Program Files\\Messenger\\msmsgs.exe"=

"d:\\Program Files\\Internet Download Manager\\IDMan.exe"=

"f:\\Games\\grid\\GRID.exe"=

"f:\\Games\\HAWX\\HAWX.exe"=

"f:\\Games\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=

"f:\\Games\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=

 

R0 DigiFilter;DigiFilter;d:\windows\system32\drivers\DigiFilt.sys [4/4/2008 4:21 AM 16384]

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);d:\windows\system32\drivers\sfsync03.sys [12/6/2005 11:11 AM 35328]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [7/11/2009 4:02 AM 327688]

R1 AvgTdiX;AVG Free8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [7/11/2009 4:01 AM 108552]

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;d:\windows\system32\drivers\cmdguard.sys [7/8/2008 9:32 PM 101776]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;d:\windows\system32\drivers\cmdhlp.sys [7/8/2008 9:32 PM 31504]

R2 avg8emc;AVG Free8 E-mail Scanner;e:\avg\avgemc.exe [7/11/2009 4:01 AM 906520]

R2 avg8wd;AVG Free8 WatchDog;e:\avg\avgwdsvc.exe [7/11/2009 4:01 AM 298776]

R3 CLEDX;Team H2O CLEDX service;d:\windows\system32\drivers\cledx.sys [6/24/2009 8:48 PM 33792]

R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);d:\windows\system32\drivers\mausb.sys [7/7/2009 1:27 PM 143624]

R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;d:\windows\system32\drivers\superwebcam.sys [4/2/2008 4:50 PM 31872]

S2 gupdate1c9cd3721a28848;Google Update Service (gupdate1c9cd3721a28848);d:\program files\Google\Update\GoogleUpdate.exe [5/5/2009 12:08 AM 133104]

S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys --> d:\windows\system32\drivers\Ambfilt.sys [?]

S3 cpuz130;cpuz130;\??\d:\docume~1\Absurd\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> d:\docume~1\Absurd\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 cpuz132;cpuz132;d:\windows\system32\drivers\cpuz132_x32.sys [7/2/2009 11:18 PM 12672]

S3 ETDrv;ETDrv;d:\windows\system32\drivers\ETDrv.sys [6/19/2009 4:28 AM 185280]

S3 GVTDrv;GVTDrv;d:\windows\system32\drivers\GVTDrv.sys [4/7/2008 11:51 AM 24944]

S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);d:\windows\system32\drivers\mausb.sys [7/7/2009 1:27 PM 143624]

S3 ultradfg;ultradfg;d:\windows\system32\drivers\ultradfg.sys [5/13/2009 10:37 AM 33792]

S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;d:\windows\system32\DRIVERS\WMP300Nv1.sys --> d:\windows\system32\DRIVERS\WMP300Nv1.sys [?]

.

Contents of the 'Scheduled Tasks' folder

 

2009-07-14 d:\windows\Tasks\GoogleUpdateTaskMachine.job

- d:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 04:08]

 

2009-07-07 d:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job

- d:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-03 15:45]

 

2008-04-03 d:\windows\Tasks\Uniblue SpeedUpMyPC.job

- d:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-03 15:45]

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-Aim6 - (no file)

HKLM-Run-RivaTunerStartupDaemon - c:\rivatuner\RivaTuner v2.24\RivaTuner.exe

HKLM-Run-Flashget - (no file)

Notify-!SASWinLogon - (no file)

 

 

.

Share this post


Link to post
Share on other sites
AbsurdNY   

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Download All Links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - d:\program files\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm

Trusted Zone: stickam.com\www

FF - ProfilePath - d:\documents and settings\Absurd\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=

FF - prefs.js: browser.search.selectedEngine - AIM Search

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=

FF - component: d:\documents and settings\Absurd\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll

FF - component: e:\avg\Firefox\components\avgssff.dll

FF - component: e:\avg\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: e:\avg\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: e:\avg\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: e:\avg\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\opera\program\plugins\NP_IDM1.dll

FF - plugin: c:\opera\program\plugins\NP_IDM2.dll

FF - plugin: c:\opera\program\plugins\NP_IDM3.dll

FF - plugin: c:\opera\program\plugins\NP_IDM4.dll

FF - plugin: c:\opera\program\plugins\NP_IDM5.dll

FF - plugin: c:\opera\program\plugins\npdsplay.dll

FF - plugin: c:\opera\program\plugins\NPFgc1.dll

FF - plugin: c:\opera\program\plugins\NPFgc2.dll

FF - plugin: c:\opera\program\plugins\NPFgc3.dll

FF - plugin: c:\opera\program\plugins\npwmsdrm.dll

FF - plugin: d:\program files\Google\Update\1.2.131.11\npGoogleOneClick5.dll

FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: g:\downloads\adobe\Reader\browser\nppdf32.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-13 21:07

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-1390067357-1935655697-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43994940-0A76-B9E2-F1CB-C506B574D3E1}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"hafdokpcgjhpicod"=hex:6e,62,61,6c,69,70,69,6e,6c,63,6a,62,6e,62,62,62,6e,6b,

6f,63,69,62,6d,68,62,6f,6b,63,65,6f,6e,69,6f,6d,68,70,6c,64,62,67,6d,6f,64,\

"jafdokpcgjhpicodiifh"=hex:66,61,61,6c,6b,70,6a,62,6a,62,6c,69,00,06

"panepddoiadpipfamhcalkabhkefmmlo"=hex:65,61,61,6c,6c,70,70,61,68,66,00,69

 

[HKEY_USERS\S-1-5-21-1390067357-1935655697-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:3c,10,da,82,f9,db,48,11,d9,7f,fc,87,ab,11,47,28,5a,3f,7b,4b,1d,45,f1,

41,84,42,6d,4d,3d,24,51,57,25,d2,27,c9,eb,65,bd,32,54,d2,f5,3e,10,ea,57,f8,\

"??"=hex:aa,f8,e9,f9,d4,11,1c,24,45,24,ef,c9,3e,c1,c2,96

 

[HKEY_USERS\S-1-5-21-1390067357-1935655697-839522115-1004\Software\SecuROM\License information*]

"datasecu"=hex:7f,5a,ee,e1,27,1d,17,9c,36,3c,78,71,ae,d6,9c,1e,4d,33,67,56,28,

70,43,0c,e7,34,59,53,55,98,35,09,42,cb,42,d4,b6,5f,34,0c,d9,f6,28,24,d8,4e,\

"rkeysecu"=hex:a6,7d,d7,1e,77,4c,df,e3,ce,92,66,7b,ba,f5,0f,50

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1727FC36-5D3D-4896-9DEE-AFE8A6A530BF}\Version*Version]

"Version"=hex:ac,6b,4e,f9,2e,07,46,fc,be,30,0c,b0,01,30,18,29,be,30,0c,b0,01,

30,18,29,be,30,0c,b0,01,30,18,29,be,30,0c,b0,01,30,18,29,be,30,0c,b0,01,30,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{524c79c3-e349-42ec-ac21-97f6e2154ab8}]

@Denied: (Full) (Everyone)

"Model"=dword:000000c2

"Therad"=dword:0000000f

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):7b,84,7b,03,0a,a5,a2,62,4b,84,89,32,ad,57,a2,5d,12,ea,b6,3c,50,

6b,fd,90,36,06,f2,1d,df,0a,0c,f7,60,b0,95,3b,90,69,bd,1c,00,00,00,00,00,00,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):cd,56,a9,70,ca,1a,9c,a7,01,d5,66,44,1a,d2,f0,46,22,95,6b,de,bc,

28,54,81,bb,c5,ae,20,82,16,74,d3,0a,1b,7c,5b,63,37,84,0f,00,00,00,00,00,00,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81206d2a-a17d-4619-be46-ef500303c97f}]

@Denied: (Full) (Everyone)

"Model"=dword:0000007c

"Therad"=dword:0000001e

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(720)

d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

d:\program files\common files\logishrd\bluetooth\LBTServ.dll

d:\windows\System32\BCMLogon.dll

 

- - - - - - - > 'explorer.exe'(1892)

d:\windows\system32\nview.dll

d:\windows\system32\msi.dll

d:\windows\system32\WPDShServiceObj.dll

d:\program files\SmartFTP Client\smarthook.dll

d:\windows\system32\PortableDeviceTypes.dll

d:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

d:\windows\system32\LEXBCES.EXE

d:\windows\system32\LEXPPS.EXE

d:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe

d:\program files\Bonjour\mDNSResponder.exe

d:\program files\COMODO\Firewall\cmdagent.exe

g:\digidesign\Digidesign\Drivers\MMERefresh.exe

d:\program files\Java\jre6\bin\jqs.exe

d:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe

d:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

e:\avg\avgrsx.exe

e:\avg\avgnsx.exe

d:\program files\NVIDIA Corporation\nTune\nTuneService.exe

d:\windows\system32\nvsvc32.exe

d:\windows\system32\IoctlSvc.exe

d:\windows\system32\PnkBstrA.exe

d:\windows\system32\rundll32.exe

d:\windows\system32\rundll32.exe

e:\avg\avgcsrvx.exe

d:\program files\Common Files\Nero\Lib\NMIndexingService.exe

.

**************************************************************************

.

Completion time: 2009-07-14 21:14 - machine was rebooted

ComboFix-quarantined-files.txt 2009-07-14 01:13

 

Pre-Run: 4,706,291,712 bytes free

Post-Run: 4,595,122,176 bytes free

 

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

 

512 --- E O F --- 2009-07-04 07:00

Share this post


Link to post
Share on other sites
AbsurdNY   

Ok something keeps happening when I run Kaspersky and it keeps freezing up on me. i let it go for about 8 hours and then it froze but it did say it found 13 infections. Is there a offline version of Kaspersky I can run?

Share this post


Link to post
Share on other sites
Katana   

Is there a offline version of Kaspersky I can run?

Unfortunately no.

 

Try this scan instead

 

 

Active Scan

Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin

Please go to this site Link >> ActiveScan << LINK

  • Click the Scan Now button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small export to notepad button and save the report to your desktop.
  • Please post the report in your reply.

Share this post


Link to post
Share on other sites
AbsurdNY   

Ok this scanner is also having trouble running. It just gets stuck at 22% and does not scan no more files. I am going to try to use the Kaspersky scan one more time but this time I will run it in I.E. 8 instead of Firefox. Hopefully this works.

 

Here is what the ActiveScan 2.0 scan found up until it got stuck at 22%:

 

Files scanned: 345639

Files infected: 4

Suspicious files detected: 0

Vulnerabilities detected: 0

 

I will try to run Kaspersky once more and report back.

Share this post


Link to post
Share on other sites
AbsurdNY   

Finally the Kaspersky scan finished. It only took 18 and a half hours lol. Here is the log.

 

By the way. The D drive is my system drive. The C drive shows that it has a Windows system32 folder in it but that was a old folder. I used to have Windows installed on that hard drive. When I did a fresh install of Windows I used a different drive and I did not format the C drive because I had a lot of important data on there. I went in manually to the C drive to delete the Windows folder that was no longer used and I was able to delete most of it but a couple folders said access denied and would not let me delete them.

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Wednesday, July 15, 2009

Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Wednesday, July 15, 2009 09:44:33

Records in database: 2470652

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

J:\

K:\

 

Scan statistics:

Files scanned: 644028

Threat name: 9

Infected objects: 17

Suspicious objects: 0

Duration of the scan: 18:27:22

 

 

File name / Threat name / Threats count

C:\Draw 1\MioPocket_2.0_Release_32\MioAutoRun\Skin\GSThemes\showmio.exe Infected: Trojan-SMS.WinCE.Redoc.r 1

C:\windows\system32\drivers\setup\cmd.txt Infected: Trojan.BAT.Runner.s 1

C:\windows\system32\drivers\setup\hosts\hostsmon.exe Infected: Backdoor.Win32.Small.eiu 1

D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0169493.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0171101.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0172092.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0173084.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0173504.exe Infected: Virus.Win32.Virut.q 1

D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0174204.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0175422.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0180680.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\A0189344.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

D:\Documents and Settings\Absurd\DoctorWeb\Quarantine\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1

H:\Users\Absurd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D3IGE3Y7\wait[1].htm Infected: Trojan-Downloader.JS.Iframe.bew 1

H:\Users\Absurd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KEGLK3IY\ve[1].png Infected: Trojan.JS.Agent.ajr 1

H:\Users\Absurd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W9XJURSA\update[1].htm Infected: Trojan-Downloader.JS.LuckySploit.q 1

H:\Users\Absurd\AppData\Local\Temp\idman517.exe Infected: Trojan-PSW.Win32.Agent.nht 1

 

The selected area was scanned.

Edited by AbsurdNY

Share this post


Link to post
Share on other sites
Katana   

Custom CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

     

    File::
    C:\Draw 1\MioPocket_2.0_Release_32\MioAutoRun\Skin\GSThemes\showmio.exe
    H:\Users\Absurd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D3IGE3Y7\wait[1].htm
    H:\Users\Absurd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KEGLK3IY\ve[1].png
    H:\Users\Absurd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W9XJURSA\update[1].htm
    H:\Users\Absurd\AppData\Local\Temp\idman517.exe
    Folder::
    C:\windows\system32\drivers\setup
    D:\Documents and Settings\Absurd\DoctorWeb\Quarantine
    Driver::
    cpuz130
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"=-
    REGLOCKDEL::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{524c79c3-e349-42ec-ac21-97f6e2154ab8}]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{81206d2a-a17d-4619-be46-ef500303c97f}]
    RegNull::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1727FC36-5D3D-4896-9DEE-AFE8A6A530BF}\Version*Version]
    [HKEY_USERS\S-1-5-21-1390067357-1935655697-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43994940-0A76-B9E2-F1CB-C506B574D3E1}*]
    ADS::
  • Save this as CFScript.txt and place it on your desktop.

     

     

    Posted Image

     

     

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

 

 

How are things running now ?

Share this post


Link to post
Share on other sites
AbsurdNY   

Things seem like they are running the same to tell you the truth. The audio is still cutting out on most audio programs and the system seems like it lags a lot more then it normally used to a couple weeks ago. Here is the ComboFix log:

 

ComboFix 09-07-14.08 - Absurd 07/16/2009 6:37.7.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2507 [GMT -4:00]

Running from: d:\documents and settings\Absurd\Desktop\ComboFix.exe

Command switches used :: d:\documents and settings\Absurd\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

 

FILE ::

"c:\draw 1\MioPocket_2.0_Release_32\MioAutoRun\Skin\GSThemes\showmio.exe"

"h:\users\Absurd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D3IGE3Y7\wait[1].htm"

"h:\users\Absurd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KEGLK3IY\ve[1].png"

"h:\users\Absurd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W9XJURSA\update[1].htm"

"h:\users\Absurd\AppData\Local\Temp\idman517.exe"

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\draw 1\MioPocket_2.0_Release_32\MioAutoRun\Skin\GSThemes\showmio.exe

c:\windows\system32\drivers\setup

c:\windows\system32\drivers\setup\cmd.txt

c:\windows\system32\drivers\setup\hosts\hostsmon.exe

c:\windows\system32\drivers\setup\hosts\server.txt

c:\windows\system32\drivers\setup\irc\server.txt

c:\windows\system32\drivers\setup\mswinsck.ocx

c:\windows\system32\drivers\setup\servers.txt

c:\windows\system32\drivers\setup\startup.reg

d:\$recycle.bin\S-1-5-21-1092947429-3021453888-962744471-1000

d:\documents and settings\Absurd\DoctorWeb\Quarantine

d:\windows\system32\msvcsv60.dll

h:\users\Absurd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D3IGE3Y7\wait[1].htm

h:\users\Absurd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KEGLK3IY\ve[1].png

h:\users\Absurd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W9XJURSA\update[1].htm

h:\users\Absurd\AppData\Local\Temp\idman517.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_CPUZ130

-------\Service_cpuz130

 

 

((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))

.

 

2009-07-16 10:01 . 2009-07-16 10:01 -------- d-sh--w- d:\documents and settings\LocalService\IETldCache

2009-07-16 09:45 . 2009-07-16 09:45 -------- d-----w- d:\program files\Common Files\Diskeeper Corporation

2009-07-16 09:45 . 2009-07-16 09:45 -------- d-----w- d:\documents and settings\All Users\Application Data\Diskeeper Corporation

2009-07-16 09:34 . 2009-07-16 09:34 -------- d-----w- d:\documents and settings\Absurd\Application Data\Desktopicon

2009-07-15 08:10 . 2009-07-15 11:00 -------- d-----w- d:\program files\SynthEdit

2009-07-14 19:28 . 2009-07-14 19:28 -------- d-sh--w- d:\documents and settings\Absurd\IECompatCache

2009-07-14 19:25 . 2009-07-14 19:25 -------- d-sh--w- d:\documents and settings\Absurd\PrivacIE

2009-07-14 19:20 . 2009-07-14 19:20 -------- d-sh--w- d:\documents and settings\Absurd\IETldCache

2009-07-14 19:10 . 2009-07-14 19:13 -------- dc-h--w- d:\windows\ie8

2009-07-14 18:57 . 2008-06-19 21:24 28544 ----a-w- d:\windows\system32\drivers\pavboot.sys

2009-07-14 18:56 . 2009-07-14 18:56 -------- d-----w- d:\program files\Panda Security

2009-07-14 01:20 . 2009-07-14 05:04 -------- d-----w- d:\documents and settings\All Users\Application Data\NOS

2009-07-14 01:20 . 2009-07-14 05:04 -------- d-----w- d:\program files\NOS

2009-07-12 22:55 . 2009-07-12 22:56 -------- d-----w- D:\rsit

2009-07-11 13:08 . 2009-07-11 13:13 -------- d-----w- d:\documents and settings\Absurd\Application Data\vlc

2009-07-11 12:59 . 2009-07-11 08:01 2052888 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll

2009-07-11 10:45 . 2009-07-16 10:10 -------- d--h--w- D:\$AVG8.VAULT$

2009-07-11 10:30 . 2009-06-14 20:07 1004800 ----a-w- d:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll

2009-07-11 08:09 . 2009-07-16 04:29 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-07-11 08:06 . 2009-07-11 08:06 -------- d-----w- d:\documents and settings\Absurd\Local Settings\Application Data\AVG Security Toolbar

2009-07-11 08:02 . 2009-07-11 08:02 11952 ----a-w- d:\windows\system32\avgrsstx.dll

2009-07-11 08:02 . 2009-07-11 08:02 327688 ----a-w- d:\windows\system32\drivers\avgldx86.sys

2009-07-11 08:02 . 2009-07-11 08:02 27784 ----a-w- d:\windows\system32\drivers\avgmfx86.sys

2009-07-11 08:02 . 2009-07-15 21:39 -------- d-----w- d:\windows\system32\drivers\Avg

2009-07-11 08:02 . 2009-07-14 19:24 -------- d-----w- d:\documents and settings\All Users\Application Data\AVG Security Toolbar

2009-07-11 08:01 . 2009-07-11 08:01 108552 ----a-w- d:\windows\system32\drivers\avgtdix.sys

2009-07-10 21:29 . 2009-07-10 21:29 -------- d-----w- d:\program files\ERUNT

2009-07-10 20:10 . 2009-07-11 16:33 -------- d-----w- d:\documents and settings\Absurd\Application Data\REAPER

2009-07-10 18:31 . 2009-07-10 18:31 -------- d-----w- d:\windows\system32\wbem\Repository

2009-07-10 18:31 . 2009-07-10 18:31 -------- d-----w- d:\windows\nview

2009-07-10 18:31 . 2009-07-10 18:31 -------- d-----w- d:\documents and settings\All Users\Application Data\nView_Profiles

2009-07-10 18:31 . 2009-07-10 18:31 -------- d-----w- d:\program files\AMD

2009-07-10 18:30 . 2009-07-16 06:50 -------- d-----w- d:\program files\AGEIA Technologies

2009-07-10 18:30 . 2009-07-10 18:30 -------- d-----w- d:\windows\system32\AGEIA

2009-07-10 18:30 . 2009-07-10 18:30 -------- d-----w- D:\NVIDIA

2009-07-10 18:22 . 2009-07-10 18:22 -------- d-----w- d:\windows\nview(2)

2009-07-10 17:54 . 2009-07-10 18:31 -------- d-----w- d:\program files\Driver Sweeper

2009-07-10 17:02 . 2009-07-10 17:02 152576 ----a-w- d:\documents and settings\Absurd\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

2009-07-10 12:15 . 2009-07-10 12:42 -------- d-----w- d:\documents and settings\Studio\Application Data\Digidesign

2009-07-10 12:10 . 2009-07-10 12:10 -------- d-----w- d:\documents and settings\Studio\Application Data\Waves Audio

2009-07-10 12:10 . 2009-07-10 12:10 -------- d-----w- d:\documents and settings\Studio\Local Settings\Application Data\Apple Computer

2009-07-10 12:10 . 2009-07-10 12:10 -------- d-----w- d:\documents and settings\Studio\Application Data\M-Audio

2009-07-10 12:10 . 2009-07-10 12:15 -------- d-----w- d:\documents and settings\Studio\Application Data\PACE Anti-Piracy

2009-07-10 12:10 . 2009-07-10 12:10 -------- d-----w- d:\documents and settings\Studio\Local Settings\Application Data\PACE Anti-Piracy

2009-07-07 17:27 . 2008-05-15 21:45 356864 ----a-w- d:\windows\system32\M-AudioTaskBarIcon.exe

2009-07-07 17:27 . 2008-03-11 20:37 143624 ----a-w- d:\windows\system32\drivers\mausb.sys

2009-07-07 17:27 . 2008-03-11 20:37 28680 ----a-w- d:\windows\system32\mausbasio.dll

2009-07-07 17:27 . 2008-03-11 20:37 2519712 ----a-w- d:\windows\system32\madiousb.dll

2009-07-06 22:05 . 2009-07-06 22:06 88616 ----a-w- d:\documents and settings\stickam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-05 23:26 . 2009-07-05 23:26 -------- d-----w- d:\documents and settings\Absurd\Application Data\Ubisoft

2009-07-03 23:08 . 2009-07-03 23:08 3128 ----a-r- d:\documents and settings\Absurd\Application Data\Microsoft\Installer\{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}\ARPPRODUCTICON.exe

2009-07-03 22:51 . 2009-07-03 22:51 3128 ----a-r- d:\documents and settings\Absurd\Application Data\Microsoft\Installer\{147567F0-8575-4BE0-B5B3-62706C67FA5A}\ARPPRODUCTICON.exe

2009-07-03 22:45 . 2009-07-03 22:45 3128 ----a-r- d:\documents and settings\Absurd\Application Data\Microsoft\Installer\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}\ARPPRODUCTICON.exe

2009-07-03 22:01 . 2009-07-03 22:01 -------- d-----w- d:\program files\Toontrack

2009-07-03 17:30 . 2001-11-19 23:05 3972 ----a-w- d:\windows\system32\drivers\PciBus.sys

2009-07-03 17:30 . 2004-06-22 19:44 5632 ----a-w- d:\windows\system32\drivers\Entech64.sys

2009-07-03 03:18 . 2009-03-27 05:16 12672 ----a-w- d:\windows\system32\drivers\cpuz132_x32.sys

2009-07-03 01:24 . 2009-07-03 01:24 -------- d-----w- d:\windows\system32\windows media

2009-07-03 00:06 . 2009-03-09 19:27 453456 ----a-w- d:\windows\system32\d3dx10_41.dll

2009-07-03 00:06 . 2009-03-09 19:27 4178264 ----a-w- d:\windows\system32\D3DX9_41.dll

2009-07-03 00:06 . 2009-03-09 19:27 1846632 ----a-w- d:\windows\system32\D3DCompiler_41.dll

2009-07-03 00:06 . 2009-03-16 18:18 69448 ----a-w- d:\windows\system32\XAPOFX1_3.dll

2009-07-03 00:06 . 2009-03-16 18:18 517448 ----a-w- d:\windows\system32\XAudio2_4.dll

2009-07-03 00:06 . 2009-03-16 18:18 235352 ----a-w- d:\windows\system32\xactengine3_4.dll

2009-07-03 00:06 . 2009-03-16 18:18 22360 ----a-w- d:\windows\system32\X3DAudio1_6.dll

2009-07-02 18:39 . 2009-07-02 18:39 -------- d-----w- d:\program files\Common Files\aliaswavefront shared

2009-07-02 18:39 . 2009-07-02 18:39 -------- d-----w- d:\program files\Common Files\Alias Shared

2009-07-02 18:38 . 2009-07-02 23:45 -------- d-----w- d:\program files\Microsoft DirectX SDK (April 2007)

2009-07-01 06:21 . 2006-04-14 19:00 208896 ------w- d:\windows\system32\nvuide.exe

2009-07-01 02:31 . 2009-06-08 13:20 198064 ----a-w- d:\documents and settings\Absurd\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll

2009-06-30 17:24 . 2005-08-30 20:19 1052672 ----a-w- d:\documents and settings\Absurd\Application Data\Macromedia\Dreamweaver 8\Configuration\Flash Player\FlashPlayerW.dll

2009-06-29 11:37 . 2009-06-29 11:37 -------- dc-h--w- d:\documents and settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}

2009-06-29 11:37 . 2008-08-17 11:39 2928992 -c--a-r- d:\documents and settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe

2009-06-29 11:31 . 2009-06-29 11:31 -------- d-----w- d:\program files\Electronic Arts

2009-06-29 11:30 . 2009-07-11 10:11 1942 ----a-w- d:\windows\system32\ealregsnapshot1.reg

2009-06-27 16:32 . 2009-06-27 16:32 -------- d-----w- d:\documents and settings\Absurd\Application Data\KORG

2009-06-27 15:54 . 2009-06-27 15:54 -------- d-----w- d:\documents and settings\All Users\Application Data\KORG

2009-06-27 15:54 . 2009-06-27 15:54 -------- d-----w- d:\program files\Common Files\KORG

2009-06-27 14:32 . 2009-06-27 14:32 -------- d-----w- d:\documents and settings\All Users\Application Data\Codemasters

2009-06-27 14:31 . 2009-07-03 17:30 86016 ----a-w- d:\windows\system32\OpenAL32.dll

2009-06-27 14:31 . 2009-07-03 03:29 -------- d-----w- d:\program files\OpenAL

2009-06-27 14:31 . 2009-06-27 14:31 444952 ----a-w- d:\windows\system32\wrap_oal.dll

2009-06-27 05:22 . 2007-02-26 22:15 61984 ----a-w- d:\windows\system32\drivers\xusb21.sys

2009-06-27 05:22 . 2007-02-26 22:15 1421216 ----a-w- d:\windows\system32\WdfCoInstaller01001.dll

2009-06-27 05:22 . 2009-06-27 05:22 -------- d-----w- d:\program files\Microsoft Xbox 360 Accessories

2009-06-25 07:39 . 2009-06-25 07:39 -------- d-----w- d:\documents and settings\Absurd\Application Data\M-Audio

2009-06-25 04:19 . 2003-02-27 01:27 36864 ----a-w- d:\windows\system32\wbsys.dll

2009-06-25 02:11 . 2009-06-25 02:11 1025 ----a-w- d:\windows\system32\sysprs7.dll

2009-06-25 02:11 . 2009-06-25 02:11 1025 ----a-w- d:\windows\system32\clauth2.dll

2009-06-25 02:11 . 2009-06-25 02:11 1025 ----a-w- d:\windows\system32\clauth1.dll

2009-06-25 00:48 . 2005-05-10 00:08 33792 ----a-w- d:\windows\system32\drivers\cledx.sys

2009-06-25 00:47 . 2002-11-25 18:46 16896 ----a-w- d:\windows\system32\drivers\synasUSB.sys

2009-06-25 00:47 . 2002-11-25 21:36 45056 ----a-w- d:\windows\system32\Synsopos.exe

2009-06-25 00:47 . 2009-06-25 00:47 -------- d-----w- d:\program files\Syncrosoft

2009-06-25 00:47 . 2005-02-01 08:34 700416 ----a-w- d:\windows\system32\SYNSOACC.dll

2009-06-25 00:47 . 2004-05-11 04:58 147456 ----a-w- d:\windows\system32\SynsoLChk.dll

2009-06-25 00:47 . 2001-04-09 18:03 17784 ----a-w- d:\windows\system32\drivers\NSynas32.sys

2009-06-23 07:43 . 2009-06-23 07:43 -------- d-----w- d:\documents and settings\Absurd\G-Force V-Bar

2009-06-23 07:30 . 2009-06-23 07:51 -------- d-----w- d:\documents and settings\Absurd\G-Force

2009-06-23 07:30 . 2009-06-23 07:30 -------- d-----w- d:\program files\SoundSpectrum

2009-06-23 07:30 . 2009-06-23 07:30 -------- d-----w- d:\program files\Common Files\Real

2009-06-23 07:11 . 2009-06-23 07:14 -------- d-----w- d:\documents and settings\All Users\Application Data\ElectricSheep

2009-06-23 05:11 . 2009-06-23 05:11 -------- d-----w- d:\documents and settings\Absurd\Application Data\dBpoweramp

2009-06-22 14:45 . 2009-06-22 14:45 -------- d-----w- d:\program files\Common Files\Voyetra

2009-06-22 14:33 . 2009-06-22 14:33 198064 ----a-w- d:\documents and settings\Absurd\Application Data\IDM\idmmzcc3\components\idmmzcc.dll

2009-06-22 13:29 . 2006-07-02 02:39 36864 ----a-w- d:\windows\system32\drivers\AmdK8.sys

2009-06-22 13:13 . 2009-07-11 10:10 -------- d-----w- d:\documents and settings\Absurd\Local Settings\Application Data\eSupport.com

2009-06-22 12:06 . 2009-06-22 12:06 -------- d-----w- d:\windows\system32\Lang

2009-06-22 11:57 . 2009-02-09 06:34 35840 ----a-w- d:\windows\system32\RtkCoInstXP.dll

2009-06-22 11:49 . 2006-12-18 20:33 356352 ----a-w- d:\windows\system32\nvusmb.exe

2009-06-22 11:47 . 2006-02-17 16:27 159232 ----a-w- d:\windows\system32\fdco_l1034.dll

2009-06-22 11:47 . 2006-02-17 16:27 158720 ----a-w- d:\windows\system32\fdco_l1046.dll

2009-06-22 11:47 . 2006-02-17 16:27 156672 ----a-w- d:\windows\system32\fdco_l1042.dll

2009-06-22 11:47 . 2006-02-17 16:27 156672 ----a-w- d:\windows\system32\fdco_l1041.dll

2009-06-22 11:47 . 2006-02-17 16:27 158720 ----a-w- d:\windows\system32\fdco_l1040.dll

2009-06-22 11:47 . 2006-02-17 16:27 159232 ----a-w- d:\windows\system32\fdco_l1031.dll

2009-06-22 11:47 . 2006-02-17 16:27 159232 ----a-w- d:\windows\system32\fdco_l1036.dll

2009-06-22 11:47 . 2006-02-17 16:27 155136 ----a-w- d:\windows\system32\fdco_l2052.dll

2009-06-22 11:47 . 2006-02-17 16:27 155648 ----a-w- d:\windows\system32\fdco_l1028.dll

2009-06-22 11:47 . 2006-02-17 16:26 9728 ----a-w- d:\windows\system32\bdco1ins.dll

2009-06-22 07:35 . 2009-06-22 07:35 -------- d-----w- d:\windows\system32\Futuremark

2009-06-22 07:35 . 2008-09-17 18:14 27672 ----a-r- d:\windows\system32\drivers\Entech.sys

2009-06-22 01:52 . 2009-06-22 01:52 -------- d-----w- d:\documents and settings\Absurd\Application Data\AccurateRip

2009-06-22 01:52 . 2009-06-22 01:52 13841 ----a-w- d:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat

2009-06-22 01:52 . 2008-06-06 15:32 5082488 ----a-w- d:\windows\system32\SpoonUninstall.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-16 09:52 . 2008-04-05 03:41 -------- d-----w- d:\documents and settings\Absurd\Application Data\DMCache

2009-07-16 09:23 . 2009-06-15 10:45 28672 ----a-w- d:\documents and settings\Absurd\Application Data\IDM\NP_IDM5.dll

2009-07-16 09:23 . 2009-06-15 10:45 28672 ----a-w- d:\documents and settings\Absurd\Application Data\IDM\NP_IDM4.dll

2009-07-16 09:23 . 2009-06-15 10:45 28672 ----a-w- d:\documents and settings\Absurd\Application Data\IDM\NP_IDM3.dll

2009-07-16 09:23 . 2009-06-15 10:45 28672 ----a-w- d:\documents and settings\Absurd\Application Data\IDM\NP_IDM2.dll

2009-07-16 09:23 . 2009-06-15 10:45 28672 ----a-w- d:\documents and settings\Absurd\Application Data\IDM\NP_IDM1.dll

2009-07-16 09:23 . 2008-05-04 09:02 -------- d-----w- d:\documents and settings\Absurd\Application Data\IDM

2009-07-16 09:23 . 2008-08-15 12:55 -------- d-----w- d:\program files\SystemRequirementsLab

2009-07-16 03:22 . 2008-04-02 18:36 -------- d--h--w- d:\program files\InstallShield Installation Information

2009-07-14 17:07 . 2008-04-09 03:32 -------- d-----w- d:\documents and settings\Absurd\Application Data\Digidesign

2009-07-14 16:34 . 2008-06-20 23:23 208 ----a-w- d:\windows\msocreg32.dat

2009-07-13 17:22 . 2008-04-03 07:33 -------- d-----w- d:\program files\Enigma Software Group

2009-07-11 10:38 . 2008-04-02 18:43 56656 ----a-w- d:\documents and settings\Absurd\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-11 10:35 . 2008-06-23 00:28 -------- d-----w- d:\documents and settings\All Users\Application Data\Viewpoint

2009-07-11 10:31 . 2009-01-19 08:59 -------- d-----w- d:\documents and settings\Absurd\Application Data\SUPERAntiSpyware.com

2009-07-11 10:31 . 2009-01-19 08:31 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard

2009-07-11 10:31 . 2009-01-19 08:59 -------- d-----w- d:\program files\SUPERAntiSpyware

2009-07-11 10:24 . 2008-04-02 23:20 -------- d-----w- d:\program files\Common Files\Apple

2009-07-11 10:14 . 2008-11-15 04:19 -------- d-----w- d:\program files\Matroska Pack

2009-07-11 09:00 . 2008-04-05 09:18 -------- d-----w- d:\program files\Common Files\Adobe

2009-07-11 08:14 . 2009-04-11 11:51 -------- d-----w- d:\documents and settings\All Users\Application Data\Autodesk

2009-07-11 08:14 . 2009-04-11 11:51 -------- d-----w- d:\program files\Common Files\Autodesk Shared

2009-07-11 08:01 . 2008-10-28 00:25 -------- d-----w- d:\documents and settings\All Users\Application Data\avg8

2009-07-11 07:47 . 2009-06-04 22:12 1984 ----a-w- d:\windows\system32\d3d9caps.dat

2009-07-10 17:04 . 2009-02-22 19:28 -------- d-----w- d:\program files\Java

2009-07-10 11:53 . 2009-07-10 11:53 -------- d-----w- d:\documents and settings\Studio\Application Data\Logitech

2009-07-10 11:53 . 2009-07-10 11:53 88616 ----a-w- d:\documents and settings\Studio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-07 21:36 . 2009-01-19 08:20 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware

2009-07-07 21:36 . 2009-02-16 06:10 3561743 ----a-w- d:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-07-07 17:26 . 2008-06-08 06:00 -------- d-----w- d:\program files\M-Audio

2009-07-07 03:58 . 2008-04-21 17:04 -------- d-----w- d:\documents and settings\All Users\Application Data\Ubisoft

2009-07-07 03:58 . 2008-08-15 12:55 -------- d-----w- d:\documents and settings\Absurd\Application Data\SystemRequirementsLab

2009-07-07 03:57 . 2008-08-15 08:49 -------- d-----w- d:\program files\NVIDIA Corporation

2009-07-03 11:52 . 2008-11-17 19:49 -------- d-----w- d:\program files\Windows Media Connect 2

2009-07-01 19:32 . 2008-04-09 10:09 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP

2009-07-01 12:59 . 2009-06-26 23:20 -------- d-----w- d:\program files\EVGA Precision

2009-06-29 11:44 . 2008-04-09 07:39 107888 ----a-w- d:\windows\system32\CmdLineExt.dll

2009-06-27 17:08 . 2008-04-06 06:22 -------- d-----w- d:\documents and settings\All Users\Application Data\PACE Anti-Piracy

2009-06-27 17:08 . 2008-04-06 06:22 -------- d-----w- d:\documents and settings\Absurd\Application Data\PACE Anti-Piracy

2009-06-27 05:22 . 2009-06-27 05:22 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf

2009-06-22 14:32 . 2008-05-04 09:02 -------- d-----w- d:\program files\Internet Download Manager

2009-06-22 01:44 . 2009-06-02 14:41 -------- d-----w- d:\documents and settings\Absurd\Application Data\Ableton

2009-06-20 08:34 . 2008-06-23 18:18 -------- d-----w- d:\program files\IK Multimedia

2009-06-19 23:15 . 2009-01-22 07:07 -------- d-----w- d:\program files\SmartFTP Client

2009-06-19 14:43 . 2009-06-03 05:50 -------- d-----w- d:\program files\Common Files\Native Instruments

2009-06-19 08:25 . 2008-04-03 02:16 -------- d-----w- d:\program files\GIGABYTE

2009-06-19 07:41 . 2008-04-07 15:51 24944 ----a-w- d:\windows\system32\drivers\GVTDrv.sys

2009-06-19 06:52 . 2008-08-02 06:37 -------- d-----w- d:\program files\ZModeler

2009-06-19 06:40 . 2009-06-12 08:20 -------- d-----w- d:\program files\McDSP

2009-06-19 06:36 . 2008-09-18 09:01 -------- d-----w- d:\program files\Google

2009-06-19 05:47 . 2009-04-10 10:48 -------- d-----w- d:\documents and settings\All Users\Application Data\Alibre Design

2009-06-18 12:35 . 2008-08-05 04:52 -------- d-----w- d:\program files\Native Instruments

2009-06-17 15:27 . 2009-01-19 08:21 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2009-06-17 15:27 . 2009-01-19 08:21 19096 ----a-w- d:\windows\system32\drivers\mbam.sys

2009-06-17 02:52 . 2008-07-14 18:29 -------- d-----w- d:\program files\AIM6

2009-06-17 02:49 . 2009-06-17 02:49 -------- d-----w- d:\documents and settings\All Users\Application Data\AOL Downloads

2009-06-14 05:52 . 2008-06-21 22:09 -------- d-----w- d:\documents and settings\All Users\Application Data\IK Multimedia

2009-06-13 21:31 . 2009-06-13 21:31 -------- d-----w- d:\program files\Sonnox

2009-06-13 11:17 . 2009-06-13 11:17 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf

2009-06-12 09:56 . 2009-06-12 09:56 -------- d-----w- d:\documents and settings\Absurd\Application Data\FabFilter

2009-06-12 09:52 . 2009-06-12 09:52 -------- d-----w- d:\program files\URS Plugins

2009-06-12 09:39 . 2009-06-12 09:39 27041 ----a-w- d:\windows\unins000.dat

2009-06-12 09:39 . 2009-06-12 09:39 -------- d-----w- d:\program files\Sonalksis

2009-06-12 09:39 . 2009-06-12 09:39 678746 ----a-w- d:\windows\unins000.exe

2009-06-12 09:37 . 2009-06-12 09:37 -------- d-----w- d:\program files\Vintage Amp Room

2009-06-12 09:35 . 2009-06-12 09:35 -------- d-----w- d:\program files\Serato

2009-06-12 09:30 . 2009-06-12 09:28 -------- d-----w- d:\program files\Roger Nichols Digital, Inc

2009-06-12 09:23 . 2009-06-12 09:23 -------- d-----w- d:\program files\Overloud

2009-06-12 09:23 . 2008-06-28 00:27 -------- d-----w- d:\program files\Nomad Factory

2009-06-12 09:14 . 2009-06-12 09:14 -------- d-----w- d:\program files\Common Files\Voce Spin

2009-06-12 09:12 . 2009-06-01 23:28 -------- d-----w- d:\program files\Digidesign

2009-06-12 09:01 . 2009-06-12 09:01 -------- d-----w- d:\program files\Common Files\Melodyne plugin

2009-06-09 20:48 . 2009-06-05 13:57 -------- d-----w- d:\documents and settings\Absurd\Application Data\Propellerhead Software

2009-06-09 20:43 . 2009-06-05 13:57 -------- d-----w- d:\documents and settings\All Users\Application Data\Propellerhead Software

2009-06-06 14:15 . 2009-06-06 14:15 -------- d-----w- d:\documents and settings\Absurd\Application Data\UP

2009-06-06 08:07 . 2009-06-06 08:07 -------- d-----w- d:\documents and settings\Absurd\Application Data\MixMeister Technology

2009-06-06 06:35 . 2009-06-06 06:35 -------- d-----w- d:\program files\7-Zip

2009-06-02 14:41 . 2009-06-02 14:41 -------- d-----w- d:\documents and settings\All Users\Application Data\Ableton

2009-06-02 13:54 . 2009-06-02 13:54 -------- d-----w- d:\program files\Sonik Synth 2 Free

2009-06-02 13:43 . 2009-06-02 13:43 -------- d-----w- d:\documents and settings\All Users\Application Data\Structure

2009-06-01 13:20 . 2009-06-01 13:20 -------- d-----w- d:\program files\Common Files\Trillium Lane

2009-06-01 03:03 . 2008-05-10 04:32 67720 ---ha-w- d:\windows\system32\mlfcache.dat

2009-05-31 22:25 . 2009-05-31 22:25 292878 ----a-r- d:\documents and settings\Absurd\Application Data\Microsoft\Installer\{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}\NewShortcut6_504C9DBC7EE645B2A9CF47F39BEDA88E.exe

2009-05-31 22:25 . 2009-05-31 22:25 292878 ----a-r- d:\documents and settings\Absurd\Application Data\Microsoft\Installer\{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}\NewShortcut2_C8CBC5632A224D2D83650A01AF12D5F6.exe

2009-05-31 22:25 . 2009-05-31 22:25 292878 ----a-r- d:\documents and settings\Absurd\Application Data\Microsoft\Installer\{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}\NewShortcut1_F627668DCED74C3B92937B05B370A211.exe

2009-05-31 22:25 . 2009-05-31 22:25 292878 ----a-r- d:\documents and settings\Absurd\Application Data\Microsoft\Installer\{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}\ARPPRODUCTICON.exe

2009-05-31 22:25 . 2009-05-31 22:25 -------- d-----w- d:\program files\KORG

2009-05-30 19:25 . 2009-05-30 19:25 -------- d-----w- d:\documents and settings\Absurd\Application Data\Cycling '74

2009-05-30 18:17 . 2009-05-30 18:13 -------- d-----w- d:\program files\u-he

2009-05-30 18:17 . 2009-05-30 18:17 -------- d-----w- d:\documents and settings\All Users\Application Data\Celemony Software GmbH

2009-05-29 20:13 . 2009-05-29 20:13 -------- d-----w- d:\program files\Common Files\C74 Plug-in Support

2009-05-29 14:27 . 2009-05-29 14:27 -------- d--h--w- d:\documents and settings\Absurd\Application Data\FDBTemp

2009-05-21 15:33 . 2009-02-16 01:31 410984 ----a-w- d:\windows\system32\deploytk.dll

2009-05-19 05:36 . 2009-06-17 02:49 2884832 ----a-w- d:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe

2009-05-19 05:36 . 2009-06-17 02:49 28 ----a-w- d:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat

2009-05-19 05:36 . 2009-06-17 02:49 25 ----a-w- d:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat

2009-05-19 05:36 . 2009-06-17 02:49 1484856 ----a-w- d:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe

2009-05-19 05:36 . 2009-06-17 02:49 97072 ----a-w- d:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe

2009-05-19 05:36 . 2009-06-17 02:49 142040 ----a-w- d:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe

2009-05-19 05:36 . 2009-06-17 02:49 30512 ----a-w- d:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe

2009-06-13 21:43 . 2008-06-18 20:00 134648 ----a-w- d:\program files\mozilla firefox\components\brwsrcmp.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "e:\avg\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-06-14 20:07 1004800 ----a-w- e:\avg\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "e:\avg\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "e:\avg\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-12-25 86016]

"M-Audio Taskbar Icon"="d:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864]

"XboxStat"="d:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]

"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-12-25 13680640]

"COMODO Internet Security"="d:\program files\COMODO\Firewall\cfp.exe" [2009-01-19 1797880]

"COMODO Firewall Pro"="d:\program files\COMODO\Firewall\cfp.exe" [2009-01-19 1797880]

"AVG8_TRAY"="e:\avg\avgtray.exe" [2009-07-11 1948440]

"UnlockerAssistant"="c:\unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - d:\windows\KHALMNPR.Exe [2008-12-19 76304]

"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2008-12-25 1657376]

 

d:\documents and settings\Absurd\Start Menu\Programs\Startup\

Adobe Gamma.lnk - d:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-14 113664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoChangeAnimation"= 0 (0x0)

"NoStrCmpLogical"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"MemCheckBoxInRunDlg"= 0 (0x0)

"NoStrCmpLogical"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-02-19 04:30 72208 ----a-w- d:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-07-11 08:02 11952 ----a-w- d:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=d:\windows\system32\guard32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"Midi1"=ma_cmidn.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKLM\~\startupfolder\D:^Documents and Settings^Absurd^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]

path=

backup=d:\windows\pss\ERUNT AutoBackup.lnkStartup

 

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

path=

backup=d:\windows\pss\Logitech SetPoint.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Viewpoint Manager Service"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=

"d:\\WINDOWS\\system32\\PnkBstrA.exe"=

"d:\\WINDOWS\\system32\\PnkBstrB.exe"=

"d:\\Program Files\\GIGABYTE\\EasyTune4\\update.exe"=

"d:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"d:\\Program Files\\AIM6\\aim6.exe"=

"g:\\Avast\\avgupd.exe"=

"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"d:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Program Files\\Messenger\\msmsgs.exe"=

"d:\\Program Files\\Internet Download Manager\\IDMan.exe"=

"f:\\Games\\grid\\GRID.exe"=

"f:\\Games\\HAWX\\HAWX.exe"=

"f:\\Games\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=

"f:\\Games\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=

 

R0 DigiFilter;DigiFilter;d:\windows\system32\drivers\DigiFilt.sys [4/4/2008 4:21 AM 16384]

R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [7/14/2009 2:57 PM 28544]

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);d:\windows\system32\drivers\sfsync03.sys [12/6/2005 11:11 AM 35328]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [7/11/2009 4:02 AM 327688]

R1 AvgTdiX;AVG Free8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [7/11/2009 4:01 AM 108552]

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;d:\windows\system32\drivers\cmdguard.sys [7/8/2008 9:32 PM 101776]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;d:\windows\system32\drivers\cmdhlp.sys [7/8/2008 9:32 PM 31504]

R2 avg8emc;AVG Free8 E-mail Scanner;e:\avg\avgemc.exe [7/11/2009 4:01 AM 906520]

R2 avg8wd;AVG Free8 WatchDog;e:\avg\avgwdsvc.exe [7/11/2009 4:01 AM 298776]

R3 CLEDX;Team H2O CLEDX service;d:\windows\system32\drivers\cledx.sys [6/24/2009 8:48 PM 33792]

R3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);d:\windows\system32\drivers\mausb.sys [7/7/2009 1:27 PM 143624]

S2 gupdate1c9cd3721a28848;Google Update Service (gupdate1c9cd3721a28848);d:\program files\Google\Update\GoogleUpdate.exe [5/5/2009 12:08 AM 133104]

S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys --> d:\windows\system32\drivers\Ambfilt.sys [?]

S3 cpuz132;cpuz132;d:\windows\system32\drivers\cpuz132_x32.sys [7/2/2009 11:18 PM 12672]

S3 ETDrv;ETDrv;d:\windows\system32\drivers\ETDrv.sys [6/19/2009 4:28 AM 185280]

S3 GVTDrv;GVTDrv;d:\windows\system32\drivers\GVTDrv.sys [4/7/2008 11:51 AM 24944]

S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);d:\windows\system32\drivers\mausb.sys [7/7/2009 1:27 PM 143624]

S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;d:\windows\system32\drivers\superwebcam.sys [4/2/2008 4:50 PM 31872]

S3 ultradfg;ultradfg;d:\windows\system32\drivers\ultradfg.sys [5/13/2009 10:37 AM 33792]

S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;d:\windows\system32\DRIVERS\WMP300Nv1.sys --> d:\windows\system32\DRIVERS\WMP300Nv1.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"d:\windows\system32\rundll32.exe" "d:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

 

2009-07-16 d:\windows\Tasks\GoogleUpdateTaskMachine.job

- d:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 04:08]

 

2009-07-07 d:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job

- d:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-03 15:45]

 

2008-04-03 d:\windows\Tasks\Uniblue SpeedUpMyPC.job

- d:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-03 15:45]

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Download All Links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - d:\program files\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm

Trusted Zone: stickam.com\www

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

FF - ProfilePath - d:\documents and settings\Absurd\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=

FF - prefs.js: browser.search.selectedEngine - AIM Search

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=

FF - component: d:\documents and settings\Absurd\Application Data\Mozilla\Firefox\Profiles\lmgq9aad.default\extensions\mozilla_cc@internetdownloadmanager.com\components\idmmzcc.dll

FF - component: e:\avg\Firefox\components\avgssff.dll

FF - component: e:\avg\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: e:\avg\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: e:\avg\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: e:\avg\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\opera\program\plugins\NP_IDM1.dll

FF - plugin: c:\opera\program\plugins\NP_IDM2.dll

FF - plugin: c:\opera\program\plugins\NP_IDM3.dll

FF - plugin: c:\opera\program\plugins\NP_IDM4.dll

FF - plugin: c:\opera\program\plugins\NP_IDM5.dll

FF - plugin: c:\opera\program\plugins\npdsplay.dll

FF - plugin: c:\opera\program\plugins\NPFgc1.dll

FF - plugin: c:\opera\program\plugins\NPFgc2.dll

FF - plugin: c:\opera\program\plugins\NPFgc3.dll

FF - plugin: c:\opera\program\plugins\npwmsdrm.dll

FF - plugin: d:\program files\Google\Update\1.2.131.11\npGoogleOneClick5.dll

FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: g:\downloads\adobe\Reader\browser\nppdf32.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-16 06:49

Windows 5.1.2600 Service Pack 3 NTFS

 

detected NTDLL code modification:

ZwClose

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-1390067357-1935655697-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:3c,10,da,82,f9,db,48,11,d9,7f,fc,87,ab,11,47,28,5a,3f,7b,4b,1d,45,f1,

41,84,42,6d,4d,3d,24,51,57,25,d2,27,c9,eb,65,bd,32,54,d2,f5,3e,10,ea,57,f8,\

"??"=hex:aa,f8,e9,f9,d4,11,1c,24,45,24,ef,c9,3e,c1,c2,96

 

[HKEY_USERS\S-1-5-21-1390067357-1935655697-839522115-1004\Software\SecuROM\License information*]

"datasecu"=hex:7f,5a,ee,e1,27,1d,17,9c,36,3c,78,71,ae,d6,9c,1e,4d,33,67,56,28,

70,43,0c,e7,34,59,53,55,98,35,09,42,cb,42,d4,b6,5f,34,0c,d9,f6,28,24,d8,4e,\

"rkeysecu"=hex:a6,7d,d7,1e,77,4c,df,e3,ce,92,66,7b,ba,f5,0f,50

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(720)

d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

d:\program files\common files\logishrd\bluetooth\LBTServ.dll

d:\windows\System32\BCMLogon.dll

 

- - - - - - - > 'explorer.exe'(1424)

d:\windows\system32\nview.dll

d:\windows\system32\ieframe.dll

d:\windows\system32\msi.dll

d:\windows\system32\webcheck.dll

d:\windows\system32\WPDShServiceObj.dll

d:\program files\SmartFTP Client\smarthook.dll

d:\windows\system32\OneX.DLL

d:\windows\system32\eappprxy.dll

d:\windows\system32\PortableDeviceTypes.dll

d:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

d:\windows\system32\LEXBCES.EXE

d:\windows\system32\LEXPPS.EXE

d:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe

d:\program files\Bonjour\mDNSResponder.exe

d:\program files\COMODO\Firewall\cmdagent.exe

g:\digidesign\Digidesign\Drivers\MMERefresh.exe

c:\disk keeper\DkService.exe

d:\program files\Java\jre6\bin\jqs.exe

d:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe

d:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

d:\windows\system32\nvsvc32.exe

d:\windows\system32\IoctlSvc.exe

e:\avg\avgrsx.exe

e:\avg\avgnsx.exe

d:\windows\system32\PnkBstrA.exe

e:\avg\avgcsrvx.exe

d:\windows\system32\wscntfy.exe

d:\windows\system32\rundll32.exe

d:\windows\system32\rundll32.exe

d:\program files\Common Files\Nero\Lib\NMIndexingService.exe

.

**************************************************************************

.

Completion time: 2009-07-16 6:58 - machine was rebooted

ComboFix-quarantined-files.txt 2009-07-16 10:57

ComboFix2.txt 2009-07-14 01:14

 

Pre-Run: 6,198,063,104 bytes free

Post-Run: 6,031,626,240 bytes free

 

486 --- E O F --- 2009-07-04 07:00

Share this post


Link to post
Share on other sites
Katana   

Things seem like they are running the same to tell you the truth

Well the good news is that it isn't an infection causing it.

The bad news is that it's either a software or hardware problem.

 

Unfortunately you are now outside my area of knowledge, so I'm going to have to recommend that you visit one of the tech forums for assistance.

 

http://forums.pcpitstop.com/index.php?showforum=3

http://www.techsupportforum.com/

http://www.bleepingcomputer.com/forums/

http://forums.whatthetech.com/forums.html

 

All the forums/rooms above have good support for software/OS problems, and I'm sure they will be able to help.

 

 

----------------------------------------------------------------------------------------

 

 

Congratulations your logs look clean :)

 

Let's see if I can help you keep it that way

 

First lets tidy up

 

 

 

Uninstall Combofix

  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
  • Posted Image

 

Please download OTCleanup from HERE

Click the OTC.exe icon and then click the CleanUp button.

If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.

Let me know if there were any problems with OT CleanIt

 

 

 

You can also delete any logs we have produced, and empty your Recycle bin.

 

----------------------------------------------------------- -----------------------------------------------------------

 

The following is some info to help you stay safe and clean.

 

 

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

( Vista users must ensure that any programs are Vista compatible BEFORE installing )

 

Online Scanners

I would recommend a scan at one or more of the following sites at least once a month.

 

http://www.pandasecurity.com/activescan

http://www.kaspersky.com/kos/eng/partner/7...kavwebscan.html

 

!!! Make sure that all your programs are updated !!!

Secunia Software Inspector does all the work for you, .... see HERE for details

 

AntiSpyware

  • AntiSpyware is not the same thing as Antivirus.

    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.

    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.

    Most of the programs in this list have a free (for Home Users ) and paid versions,

    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.

  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner
Prevention
  • These programs don't detect malware, they help stop it getting on your machine in the first place.

    Each does a different job, so you can have more than one

  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections
Internet Browsers
  • Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.

    Using a different web browser can help stop malware getting on your machine.

    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
  • FireFox
    • With many addons available that make customization easy this is a very popular choice
    • NoScript and AdBlockPlus addons are essential
  • Opera
    • Another popular alternative
  • Netscape
    • Another popular alternative
    • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

  • Temporary Internet Files are mainly the files that are downloaded when you open a web page.

    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.

    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

     

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.

    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.

    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

     

    Both of these can be cleaned manually, but a quicker option is to use a program

  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place

 

The last and most important thing I can tell you is UPDATE.

If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.

Malware changes on a day to day basis. You should update every week at the very least.

 

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D

 

 

If you could post back one more time to let me know everything is OK, then I can have this thread archived.

 

Happy surfing K'

Share this post


Link to post
Share on other sites
AbsurdNY   

Thank you for all your help. I really appreciate it. I think I am going to just buy a new computer and a new audio interface for my audio production work and have it never touch the internet and then format and re-install Windows on this computer and use this for everything else. Thanks again for your help.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×