Inactive google redirect virus and something else

[Inactive] google redirect virus and something else

it seems my redirect virus is gone malwarebytes cleared it out i think
but i also have something bigger i think

my explorer.exe seems infected and doesn;t want to start
(i'm using taskmanager and cmd to do everything now)


when i try control panel it says

::{26EE0668-A00A-44D7-9371-BEB064C98683} contains a virus

i can't do much anymore and i'm considering a full format on all harddrives..
unless you guys can help me


btw i'm not able to post the last log becuz i get bsod from it...

GMER 1.0.15.15507 - http://www.gmer.net
Rootkit scan 2010-11-06 01:28:20
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-6 SAMSUNG_HD161GJ 1AC01118
Running: 7oeb8wvc.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kxldqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8C2D5CAE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAlpcSendWaitReceivePort [0x8C2D816E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8C2D7B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8C2D7B8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8C2D7CA2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8C2D7A8A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8C2D7BDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8C2D7ADE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8C2D7C50]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8C2D5CD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8C2D5ADA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8C2D5CF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8C2D8548]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8C2D67F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8C2D7B64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8C2D7BB4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8C2D7CCC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8C2D7AB6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8C2D7C1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8C2D7B0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8C2D7C7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8C2D66BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePort [0x8C2D857E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePortEx [0x8C2D8142]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8C2D5D1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8C2D5D3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8C2D5B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8C2D5C44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8C2D5C56]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8C3D7BAE]
Code \Device\mfehidk01.sys ZwMapViewOfSection [0x8A7140C2]
Code \Device\mfehidk01.sys ZwTerminateProcess [0x8A7140F4]
Code \Device\mfehidk01.sys ZwUnmapViewOfSection [0x8A7140DB]
Code \Device\mfehidk01.sys ZwYieldExecution [0x8A7140A9]
Code \Device\mfehidk01.sys NtMapViewOfSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 82E3C128 5 Bytes JMP 8A7140AD \Device\mfehidk01.sys
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E54579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E78F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 214 82E80714 4 Bytes [AE, 5C, 2D, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 28C 82E8078C 4 Bytes [6E, 81, 2D, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82E807F0 8 Bytes [34, 7B, 2D, 8C, 8C, 7B, 2D, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82E807FC 4 Bytes [A2, 7C, 2D, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82E80818 4 Bytes [8A, 7A, 2D, 8C]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83019F59 5 Bytes JMP 8C3D35D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 83033C5F 5 Bytes JMP 8C3D5012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwTerminateProcess 83072B3D 5 Bytes JMP 8A7140F8 \Device\mfehidk01.sys
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8308CCDC 5 Bytes JMP 8A7140DF \Device\mfehidk01.sys
PAGE ntkrnlpa.exe!NtMapViewOfSection 8308FED7 7 Bytes JMP 8A7140C6 \Device\mfehidk01.sys
PAGE ntkrnlpa.exe!ZwCreateProcessEx 830EBE52 7 Bytes JMP 8C3D7BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? System32\Drivers\spjv.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 91488CA0 5 Bytes JMP 867F31D8
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91623000, 0x341E0C, 0xE8000020]
.text az95y4jy.SYS 91DBB000 12 Bytes [44, 68, 22, 83, EE, 66, 22, ...] {INC ESP; PUSH 0x66ee8322; AND AL, [EBX-0x7cddb860]}
.text az95y4jy.SYS 91DBB00D 9 Bytes [47, 22, 83, 48, 6B, 22, 83, ...] {INC EDI; AND AL, [EBX-0x7cdd94b8]; ADD [EAX], AL}
.text az95y4jy.SYS 91DBB017 20 Bytes [00, DE, 57, B4, 8B, E6, 55, ...]
.text az95y4jy.SYS 91DBB02C 149 Bytes [00, 00, 00, 00, D0, F1, E4, ...]
.text az95y4jy.SYS 91DBB0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? \Device\mfehidk01.sys The system cannot find the path specified. !
? \Device\mfeavfk01.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[584] ntdll.dll!NtCreateFile 77174A10 5 Bytes JMP 001B0FEF
.text C:\Windows\system32\services.exe[584] ntdll.dll!NtCreateProcess 77174AE0 5 Bytes JMP 001B0FB9
.text C:\Windows\system32\services.exe[584] ntdll.dll!NtProtectVirtualMemory 77175360 5 Bytes JMP 001B0FCA
.text C:\Windows\system32\services.exe[584] kernel32.dll!GetStartupInfoA 75621DF0 5 Bytes JMP 001C0F7C
.text C:\Windows\system32\services.exe[584] kernel32.dll!CreateProcessW 7562202D 5 Bytes JMP 001C00CA
.text C:\Windows\system32\services.exe[584] kernel32.dll!CreateProcessA 75622062 5 Bytes JMP 001C0F3F
.text C:\Windows\system32\services.exe[584] kernel32.dll!CreateNamedPipeW 75651FD6 5 Bytes JMP 001C0025
.text C:\Windows\system32\services.exe[584] kernel32.dll!CreatePipe 75654A8B 5 Bytes JMP 001C00A5
.text C:\Windows\system32\services.exe[584] kernel32.dll!VirtualProtect 756650AB 5 Bytes JMP 001C0079
.text C:\Windows\system32\services.exe[584] kernel32.dll!LoadLibraryExW 7566B6BF 5 Bytes JMP 001C0F97
.text C:\Windows\system32\services.exe[584] kernel32.dll!LoadLibraryExA 7566BC8B 5 Bytes JMP 001C0FA8
.text C:\Windows\system32\services.exe[584] kernel32.dll!CreateFileW 75670B5D 5 Bytes JMP 001C0FCA
.text C:\Windows\system32\services.exe[584] kernel32.dll!GetProcAddress 75671837 5 Bytes JMP 001C0F1A
.text C:\Windows\system32\services.exe[584] kernel32.dll!LoadLibraryA 75672864 5 Bytes JMP 001C0FB9
.text C:\Windows\system32\services.exe[584] kernel32.dll!LoadLibraryW 756728B2 5 Bytes JMP 001C004A
.text C:\Windows\system32\services.exe[584] kernel32.dll!CreateFileA 756728FC 5 Bytes JMP 001C0FE5
.text C:\Windows\system32\services.exe[584] kernel32.dll!GetStartupInfoW 75677CB5 5 Bytes JMP 001C0F6B
.text C:\Windows\system32\services.exe[584] kernel32.dll!CreateNamedPipeA 756AD4DF 5 Bytes JMP 001C0000
.text C:\Windows\system32\services.exe[584] kernel32.dll!WinExec 756AE695 5 Bytes JMP 001C0F50
.text C:\Windows\system32\services.exe[584] kernel32.dll!VirtualProtectEx 756AF651 5 Bytes JMP 001C0094
.text C:\Windows\system32\services.exe[584] msvcrt.dll!_open 76D97E48 5 Bytes JMP 0020000A
.text C:\Windows\system32\services.exe[584] msvcrt.dll!_wsystem 76DCB04F 5 Bytes JMP 0020005B
.text C:\Windows\system32\services.exe[584] msvcrt.dll!system 76DCB16F 5 Bytes JMP 00200FD4
.text C:\Windows\system32\services.exe[584] msvcrt.dll!_creat 76DCED29 5 Bytes JMP 0020002F
.text C:\Windows\system32\services.exe[584] msvcrt.dll!_wcreat 76DD038E 5 Bytes JMP 0020004A
.text C:\Windows\system32\services.exe[584] msvcrt.dll!_wopen 76DD0570 5 Bytes JMP 00200FEF
.text C:\Windows\system32\services.exe[584] ADVAPI32.dll!RegOpenKeyA 7585D2ED 5 Bytes JMP 001D0000
.text C:\Windows\system32\services.exe[584] ADVAPI32.dll!RegCreateKeyA 7585D3C1 5 Bytes JMP 001D0F9E
.text C:\Windows\system32\services.exe[584] ADVAPI32.dll!RegCreateKeyExA 75861B71 5 Bytes JMP 001D004A
.text C:\Windows\system32\services.exe[584] ADVAPI32.dll!RegCreateKeyW 75861CC0 5 Bytes JMP 001D002F
.text C:\Windows\system32\services.exe[584] ADVAPI32.dll!RegOpenKeyW 75863129 5 Bytes JMP 001D0FE5
.text C:\Windows\system32\services.exe[584] ADVAPI32.dll!RegCreateKeyExW 7586B946 5 Bytes JMP 001D0F83
.text C:\Windows\system32\services.exe[584] ADVAPI32.dll!RegOpenKeyExA 7586BC0D 5 Bytes JMP 001D0FCA
.text C:\Windows\system32\services.exe[584] ADVAPI32.dll!RegOpenKeyExW 7586BEC4 5 Bytes JMP 001D0FB9
.text C:\Windows\system32\services.exe[584] WS2_32.dll!socket 75903F00 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\lsass.exe[608] ntdll.dll!NtCreateFile 77174A10 5 Bytes JMP 00690FEF
.text C:\Windows\system32\lsass.exe[608] ntdll.dll!NtCreateProcess 77174AE0 5 Bytes JMP 00690FC3
.text C:\Windows\system32\lsass.exe[608] ntdll.dll!NtProtectVirtualMemory 77175360 5 Bytes JMP 00690FD4
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!GetStartupInfoA 75621DF0 5 Bytes JMP 006B0F72
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreateProcessW 7562202D 5 Bytes JMP 006B00DB
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreateProcessA 75622062 5 Bytes JMP 006B0F46
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreateNamedPipeW 75651FD6 5 Bytes JMP 006B001B
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreatePipe 75654A8B 5 Bytes JMP 006B009B
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!VirtualProtect 756650AB 5 Bytes JMP 006B0076
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!LoadLibraryExW 7566B6BF 5 Bytes JMP 006B0065
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!LoadLibraryExA 7566BC8B 5 Bytes JMP 006B0040
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreateFileW 75670B5D 5 Bytes JMP 006B0FE5
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!GetProcAddress 75671837 5 Bytes JMP 006B0F2B
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!LoadLibraryA 75672864 5 Bytes JMP 006B0FB9
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!LoadLibraryW 756728B2 5 Bytes JMP 006B0F9E
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreateFileA 756728FC 1 Byte [E9]
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreateFileA 756728FC 5 Bytes JMP 006B0000
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!GetStartupInfoW 75677CB5 5 Bytes JMP 006B00B6
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!CreateNamedPipeA 756AD4DF 5 Bytes JMP 006B0FD4
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!WinExec 756AE695 5 Bytes JMP 006B0F57
.text C:\Windows\system32\lsass.exe[608] kernel32.dll!VirtualProtectEx 756AF651 5 Bytes JMP 006B0F8D
.text C:\Windows\system32\lsass.exe[608] msvcrt.dll!_open 76D97E48 5 Bytes JMP 00860000
.text C:\Windows\system32\lsass.exe[608] msvcrt.dll!_wsystem 76DCB04F 5 Bytes JMP 00860051
.text C:\Windows\system32\lsass.exe[608] msvcrt.dll!system 76DCB16F 5 Bytes JMP 00860036
.text C:\Windows\system32\lsass.exe[608] msvcrt.dll!_creat 76DCED29 5 Bytes JMP 00860FCA
.text C:\Windows\system32\lsass.exe[608] msvcrt.dll!_wcreat 76DD038E 5 Bytes JMP 0086001B
.text C:\Windows\system32\lsass.exe[608] msvcrt.dll!_wopen 76DD0570 5 Bytes JMP 00860FE5
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyA 7585D2ED 5 Bytes JMP 00700FEF
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyA 7585D3C1 5 Bytes JMP 00700FAF
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyExA 75861B71 5 Bytes JMP 00700051
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyW 75861CC0 5 Bytes JMP 00700040
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyW 75863129 5 Bytes JMP 0070000A
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegCreateKeyExW 7586B946 5 Bytes JMP 00700062
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyExA 7586BC0D 5 Bytes JMP 00700FD4
.text C:\Windows\system32\lsass.exe[608] ADVAPI32.dll!RegOpenKeyExW 7586BEC4 5 Bytes JMP 00700025
.text C:\Windows\system32\lsass.exe[608] WS2_32.dll!socket 75903F00 5 Bytes JMP 00710000
.text C:\Windows\system32\svchost.exe[768] ntdll.dll!NtCreateFile 77174A10 5 Bytes JMP 00310000
.text C:\Windows\system32\svchost.exe[768] ntdll.dll!NtCreateProcess 77174AE0 5 Bytes JMP 00310FDB
.text C:\Windows\system32\svchost.exe[768] ntdll.dll!NtProtectVirtualMemory 77175360 5 Bytes JMP 00310011
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!GetStartupInfoA 75621DF0 5 Bytes JMP 0032008A
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateProcessW 7562202D 5 Bytes JMP 003200E5
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateProcessA 75622062 5 Bytes JMP 00320F46
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateNamedPipeW 75651FD6 5 Bytes JMP 00320FC3
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreatePipe 75654A8B 5 Bytes JMP 00320F61
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!VirtualProtect 756650AB 5 Bytes JMP 00320054
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!LoadLibraryExW 7566B6BF 5 Bytes JMP 00320F7C
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!LoadLibraryExA 7566BC8B 5 Bytes JMP 00320FA1
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateFileW 75670B5D 5 Bytes JMP 00320FD4
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!GetProcAddress 75671837 5 Bytes JMP 00320F35
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!LoadLibraryA 75672864 5 Bytes JMP 0032002F
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!LoadLibraryW 756728B2 5 Bytes JMP 00320FB2
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateFileA 756728FC 5 Bytes JMP 00320FEF
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!GetStartupInfoW 75677CB5 5 Bytes JMP 003200A5
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!CreateNamedPipeA 756AD4DF 5 Bytes JMP 00320014
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!WinExec 756AE695 5 Bytes JMP 003200C0
.text C:\Windows\system32\svchost.exe[768] kernel32.dll!VirtualProtectEx 756AF651 5 Bytes JMP 00320079
.text C:\Windows\system32\svchost.exe[768] msvcrt.dll!_open 76D97E48 5 Bytes JMP 00360000
.text C:\Windows\system32\svchost.exe[768] msvcrt.dll!_wsystem 76DCB04F 5 Bytes JMP 0036005B
.text C:\Windows\system32\svchost.exe[768] msvcrt.dll!system 76DCB16F 5 Bytes JMP 00360FCA
.text C:\Windows\system32\svchost.exe[768] msvcrt.dll!_creat 76DCED29 5 Bytes JMP 0036002C
.text C:\Windows\system32\svchost.exe[768] msvcrt.dll!_wcreat 76DD038E 5 Bytes JMP 00360FE5
.text C:\Windows\system32\svchost.exe[768] msvcrt.dll!_wopen 76DD0570 5 Bytes JMP 0036001B
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyA 7585D2ED 5 Bytes JMP 00330FEF
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyA 7585D3C1 5 Bytes JMP 00330FBC
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyExA 75861B71 5 Bytes JMP 00330FA1
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyW 75861CC0 5 Bytes JMP 00330043
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyW 75863129 5 Bytes JMP 00330FDE
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegCreateKeyExW 7586B946 5 Bytes JMP 00330F86
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyExA 7586BC0D 5 Bytes JMP 00330FCD
.text C:\Windows\system32\svchost.exe[768] ADVAPI32.dll!RegOpenKeyExW 7586BEC4 5 Bytes JMP 0033001E
.text C:\Windows\system32\svchost.exe[768] WS2_32.dll!socket 75903F00 5 Bytes JMP 00350FEF
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtCreateFile 77174A10 5 Bytes JMP 00320FEF
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtCreateProcess 77174AE0 5 Bytes JMP 00320FCA
.text C:\Windows\system32\svchost.exe[864] ntdll.dll!NtProtectVirtualMemory 77175360 5 Bytes JMP 0032000A
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!GetStartupInfoA 75621DF0 5 Bytes JMP 0033009B
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!CreateProcessW 7562202D 5 Bytes JMP 00330F10
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!CreateProcessA 75622062 5 Bytes JMP 00330F2B
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!CreateNamedPipeW 75651FD6 5 Bytes JMP 00330FC3
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!CreatePipe 75654A8B 5 Bytes JMP 00330F7C
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!VirtualProtect 756650AB 5 Bytes JMP 0033008A
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!LoadLibraryExW 7566B6BF 5 Bytes JMP 00330FA8
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!LoadLibraryExA 7566BC8B 5 Bytes JMP 00330065
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!CreateFileW 75670B5D 5 Bytes JMP 00330FE5
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!GetProcAddress 75671837 5 Bytes JMP 003300C0
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!LoadLibraryA 75672864 5 Bytes JMP 0033002F
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!LoadLibraryW 756728B2 5 Bytes JMP 0033004A
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!CreateFileA 756728FC 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!CreateFileA 756728FC 5 Bytes JMP 00330000
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!GetStartupInfoW 75677CB5 5 Bytes JMP 00330F57
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!CreateNamedPipeA 756AD4DF 5 Bytes JMP 00330FD4
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!WinExec 756AE695 5 Bytes JMP 00330F46
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!VirtualProtectEx 756AF651 5 Bytes JMP 00330F8D
.text C:\Windows\system32\svchost.exe[864] msvcrt.dll!_open 76D97E48 5 Bytes JMP 00360FEF
.text C:\Windows\system32\svchost.exe[864] msvcrt.dll!_wsystem 76DCB04F 5 Bytes JMP 0036004E
.text C:\Windows\system32\svchost.exe[864] msvcrt.dll!system 76DCB16F 5 Bytes JMP 00360033
.text C:\Windows\system32\svchost.exe[864] msvcrt.dll!_creat 76DCED29 5 Bytes JMP 00360011
.text C:\Windows\system32\svchost.exe[864] msvcrt.dll!_wcreat 76DD038E 5 Bytes JMP 00360022
.text C:\Windows\system32\svchost.exe[864] msvcrt.dll!_wopen 76DD0570 5 Bytes JMP 00360000
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyA 7585D2ED 5 Bytes JMP 00340FE5
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyA 7585D3C1 5 Bytes JMP 00340025
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyExA 75861B71 5 Bytes JMP 00340036
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyW 75861CC0 5 Bytes JMP 00340F9E
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyW 75863129 5 Bytes JMP 00340000
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyExW 7586B946 5 Bytes JMP 00340047
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyExA 7586BC0D 5 Bytes JMP 00340FCA
.text C:\Windows\system32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyExW 7586BEC4 5 Bytes JMP 00340FAF
.text C:\Windows\system32\svchost.exe[864] WS2_32.dll!socket 75903F00 5 Bytes JMP 0035000A
.text C:\Windows\System32\svchost.exe[992] ntdll.dll!NtCreateFile 77174A10 5 Bytes JMP 00F70FEF
.text C:\Windows\System32\svchost.exe[992] ntdll.dll!NtCreateProcess 77174AE0 5 Bytes JMP 00F70FD4
.text C:\Windows\System32\svchost.exe[992] ntdll.dll!NtProtectVirtualMemory 77175360 5 Bytes JMP 00F70014
.text C:\Windows\System32\svchost.exe[992] kernel32.dll!GetStartupInfoA 75621DF0 5 Bytes JMP 00F80F21
.text C:\Windows\System32\svchost.exe[992] kernel32.dll!CreateProcessW 7562202D 5 Bytes JMP 00F8008A
.text C:\Windows\System32\svchost.exe[992] kernel32.dll!CreateProcessA 75622062 5 Bytes JMP 00F80EEB
.text C:\Windows\System32\svchost.exe[992] kernel32.dll!CreateNamedPipeW 75651FD6 5 Bytes JMP 00F80FA5
.text C:\Windows\System32\svchost.exe[992] kernel32.dll!CreatePipe 75654A8B 5 Bytes JMP 00F80040
.text C:\Windows\System32\svchost.exe[992] kernel32.dll!VirtualProtect 756650AB 5 Bytes JMP 00F80F3C
.text C:\Windows\System32\svchost.exe[992] kernel32.dll!LoadLibraryExW 7566B6BF 5 Bytes JMP 00F80F57
.text C:\Windows\System32\svchost.exe[992] kernel32.dll!LoadLibraryExA 7566BC8B 5 Bytes JMP 00F80F68
.text C:\Windows\System32\svchost.exe[992] kernel32.dll!CreateFileW 75670B5D 5 Bytes JMP 00F80FD4
.text C:\Windows\System32\svchost.exe[992] kernel32.dll!GetProcAddress 75671837 5 Bytes JMP 00F80EDA
.text C:\Windows\System32\svchost.exe[992] kernel32.dll!LoadLibraryA 75672864 5 Bytes JMP 00F80F94
.text C:\Windows\System32\svchost.exe[992] kernel32.dll!LoadLibraryW 756728B2 5 Bytes JMP 00F80F83
.text C:\Windows\System32\svchost.exe[992] kernel32.dll!CreateFileA 756728FC 5 Bytes JMP 00F80FE5
.text C:\Windows\System32\svchost.exe[992] kernel32.dll!GetStartupInfoW 75677CB5 5 Bytes JMP 00F8005B
.text C:\Windows\System32\svchost.exe[992] kernel32.dll!CreateNamedPipeA 756AD4DF 5 Bytes JMP 00F80000
.text C:\Windows\System32\svchost.exe[992] kernel32.dll!WinExec 756AE695 5 Bytes JMP 00F80EFC
.text C:\Windows\System32\svchost.exe[992] kernel32.dll!VirtualProtectEx 756AF651 5 Bytes JMP 00F8002F
.text C:\Windows\System32\svchost.exe[992] msvcrt.dll!_open 76D97E48 5 Bytes JMP 01080FEF
.text C:\Windows\System32\svchost.exe[992] msvcrt.dll!_wsystem 76DCB04F 5 Bytes JMP 01080065
.text C:\Windows\System32\svchost.exe[992] msvcrt.dll!system 76DCB16F 5 Bytes JMP 01080054
.text C:\Windows\System32\svchost.exe[992] msvcrt.dll!_creat 76DCED29 5 Bytes JMP 01080FDE
.text C:\Windows\System32\svchost.exe[992] msvcrt.dll!_wcreat 76DD038E 5 Bytes JMP 01080039
.text C:\Windows\System32\svchost.exe[992] msvcrt.dll!_wopen 76DD0570 5 Bytes JMP 01080014
.text C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyA 7585D2ED 5 Bytes JMP 00FE0000
.text C:\Windows\System32\svchost.exe[992]

 

ADVAPI32.dll!RegCreateKeyA 7585D3C1 5 Bytes JMP 00FE0FC7
.text C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExA 75861B71 5 Bytes JMP 00FE0F9B
.text C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyW 75861CC0 5 Bytes JMP 00FE0FB6
.text C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyW 75863129 5 Bytes JMP 00FE0011
.text C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExW 7586B946 5 Bytes JMP 00FE0062
.text C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExA 7586BC0D 5 Bytes JMP 00FE0022
.text C:\Windows\System32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExW 7586BEC4 5 Bytes JMP 00FE0033
.text C:\Windows\System32\svchost.exe[992] WS2_32.dll!socket 75903F00 5 Bytes JMP 00FF0000
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtCreateFile 77174A10 5 Bytes JMP 006D0FE5
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtCreateProcess 77174AE0 5 Bytes JMP 006D0FCA
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtProtectVirtualMemory 77175360 5 Bytes JMP 006D0000
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!GetStartupInfoA 75621DF0 5 Bytes JMP 006E0F73
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateProcessW 7562202D 5 Bytes JMP 006E0F47
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateProcessA 75622062 5 Bytes JMP 006E00DC
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateNamedPipeW 75651FD6 5 Bytes JMP 006E003D
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreatePipe 75654A8B 5 Bytes JMP 006E009C
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!VirtualProtect 756650AB 5 Bytes JMP 006E0081
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 7566B6BF 5 Bytes JMP 006E0070
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryExA 7566BC8B 5 Bytes JMP 006E005F
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateFileW 75670B5D 5 Bytes JMP 006E0011
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!GetProcAddress 75671837 5 Bytes JMP 006E0101
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryA 75672864 5 Bytes JMP 006E004E
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryW 756728B2 5 Bytes JMP 006E0FC7
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateFileA 756728FC 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateFileA 756728FC 5 Bytes JMP 006E0000
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!GetStartupInfoW 75677CB5 5 Bytes JMP 006E0F62
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateNamedPipeA 756AD4DF 5 Bytes JMP 006E002C
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!WinExec 756AE695 5 Bytes JMP 006E00C1
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!VirtualProtectEx 756AF651 5 Bytes JMP 006E0F8E
.text C:\Windows\System32\svchost.exe[1024] msvcrt.dll!_open 76D97E48 5 Bytes JMP 00FF0FE5
.text C:\Windows\System32\svchost.exe[1024] msvcrt.dll!_wsystem 76DCB04F 5 Bytes JMP 00FF0025
.text C:\Windows\System32\svchost.exe[1024] msvcrt.dll!system 76DCB16F 5 Bytes JMP 00FF0FA8
.text C:\Windows\System32\svchost.exe[1024] msvcrt.dll!_creat 76DCED29 5 Bytes JMP 00FF0FCA
.text C:\Windows\System32\svchost.exe[1024] msvcrt.dll!_wcreat 76DD038E 5 Bytes JMP 00FF0FB9
.text C:\Windows\System32\svchost.exe[1024] msvcrt.dll!_wopen 76DD0570 5 Bytes JMP 00FF0000
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyA 7585D2ED 5 Bytes JMP 00E50000
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyA 7585D3C1 5 Bytes JMP 00E50FAF
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExA 75861B71 5 Bytes JMP 00E50F94
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyW 75861CC0 5 Bytes JMP 00E50036
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyW 75863129 5 Bytes JMP 00E50FE5
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExW 7586B946 5 Bytes JMP 00E50F79
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExA 7586BC0D 5 Bytes JMP 00E50FD4
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExW 7586BEC4 5 Bytes JMP 00E5001B
.text C:\Windows\System32\svchost.exe[1024] WS2_32.dll!socket 75903F00 5 Bytes JMP 00EE0000
.text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtCreateFile 77174A10 5 Bytes JMP 00690FEF
.text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtCreateProcess 77174AE0 5 Bytes JMP 00690FAF
.text C:\Windows\system32\svchost.exe[1056] ntdll.dll!NtProtectVirtualMemory 77175360 5 Bytes JMP 00690FCA
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!GetStartupInfoA 75621DF0 5 Bytes JMP 006A007D
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateProcessW 7562202D 5 Bytes JMP 006A0EF2
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateProcessA 75622062 5 Bytes JMP 006A0F03
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateNamedPipeW 75651FD6 5 Bytes JMP 006A0FA8
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreatePipe 75654A8B 5 Bytes JMP 006A0F54
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!VirtualProtect 756650AB 5 Bytes JMP 006A0051
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 7566B6BF 5 Bytes JMP 006A0040
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!LoadLibraryExA 7566BC8B 5 Bytes JMP 006A0F83
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateFileW 75670B5D 5 Bytes JMP 006A0FD4
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!GetProcAddress 75671837 5 Bytes JMP 006A0ED7
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!LoadLibraryA 75672864 5 Bytes JMP 006A0014
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!LoadLibraryW 756728B2 5 Bytes JMP 006A0025
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateFileA 756728FC 5 Bytes JMP 006A0FEF
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!GetStartupInfoW 75677CB5 5 Bytes JMP 006A0F39
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!CreateNamedPipeA 756AD4DF 5 Bytes JMP 006A0FC3
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!WinExec 756AE695 5 Bytes JMP 006A0F14
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!VirtualProtectEx 756AF651 5 Bytes JMP 006A0062
.text C:\Windows\system32\svchost.exe[1056] msvcrt.dll!_open 76D97E48 5 Bytes JMP 00FA0FEF
.text C:\Windows\system32\svchost.exe[1056] msvcrt.dll!_wsystem 76DCB04F 5 Bytes JMP 00FA0039
.text C:\Windows\system32\svchost.exe[1056] msvcrt.dll!system 76DCB16F 5 Bytes JMP 00FA0FA8
.text C:\Windows\system32\svchost.exe[1056] msvcrt.dll!_creat 76DCED29 5 Bytes JMP 00FA0FD4
.text C:\Windows\system32\svchost.exe[1056] msvcrt.dll!_wcreat 76DD038E 5 Bytes JMP 00FA0FB9
.text C:\Windows\system32\svchost.exe[1056] msvcrt.dll!_wopen 76DD0570 5 Bytes JMP 00FA000A
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyA 7585D2ED 5 Bytes JMP 00F40FEF
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyA 7585D3C1 5 Bytes JMP 00F40FB9
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExA 75861B71 5 Bytes JMP 00F40051
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyW 75861CC0 5 Bytes JMP 00F40036
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyW 75863129 5 Bytes JMP 00F40FDE
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExW 7586B946 5 Bytes JMP 00F40062
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExA 7586BC0D 5 Bytes JMP 00F4000A
.text C:\Windows\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExW 7586BEC4 5 Bytes JMP 00F4001B
.text C:\Windows\system32\svchost.exe[1056] WS2_32.dll!socket 75903F00 5 Bytes JMP 00F9000A
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateFile 77174A10 5 Bytes JMP 00690FEF
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateProcess 77174AE0 5 Bytes JMP 00690FC3
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtProtectVirtualMemory 77175360 5 Bytes JMP 00690FD4
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!GetStartupInfoA 75621DF0 5 Bytes JMP 006A0F80
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CreateProcessW 7562202D 5 Bytes JMP 006A0F4A
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CreateProcessA 75622062 5 Bytes JMP 006A0F5B
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CreateNamedPipeW 75651FD6 5 Bytes JMP 006A0FD4
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CreatePipe 75654A8B 5 Bytes JMP 006A00A9
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!VirtualProtect 756650AB 5 Bytes JMP 006A0FA5
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExW 7566B6BF 5 Bytes JMP 006A007D
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExA 7566BC8B 5 Bytes JMP 006A0058
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CreateFileW 75670B5D 5 Bytes JMP 006A0FE5
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!GetProcAddress 75671837 5 Bytes JMP 006A0F39
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!LoadLibraryA 75672864 5 Bytes JMP 006A0036
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!LoadLibraryW 756728B2 5 Bytes JMP 006A0047
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CreateFileA 756728FC 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CreateFileA 756728FC 5 Bytes JMP 006A0000
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!GetStartupInfoW 75677CB5 5 Bytes JMP 006A00C4
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CreateNamedPipeA 756AD4DF 5 Bytes JMP 006A001B
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!WinExec 756AE695 5 Bytes JMP 006A00D5
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!VirtualProtectEx 756AF651 5 Bytes JMP 006A008E
.text C:\Windows\system32\svchost.exe[1248] msvcrt.dll!_open 76D97E48 5 Bytes JMP 00B30FE5
.text C:\Windows\system32\svchost.exe[1248] msvcrt.dll!_wsystem 76DCB04F 5 Bytes JMP 00B30F83
.text C:\Windows\system32\svchost.exe[1248] msvcrt.dll!system 76DCB16F 5 Bytes JMP 00B30F94
.text C:\Windows\system32\svchost.exe[1248] msvcrt.dll!_creat 76DCED29 5 Bytes JMP 00B3000A
.text C:\Windows\system32\svchost.exe[1248] msvcrt.dll!_wcreat 76DD038E 5 Bytes JMP 00B30FAF
.text C:\Windows\system32\svchost.exe[1248] msvcrt.dll!_wopen 76DD0570 5 Bytes JMP 00B30FD4
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyA 7585D2ED 5 Bytes JMP 006B0FEF
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyA 7585D3C1 5 Bytes JMP 006B0047
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExA 75861B71 5 Bytes JMP 006B0FA5
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyW 75861CC0 5 Bytes JMP 006B0FC0
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyW 75863129 5 Bytes JMP 006B0000
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExW 7586B946 5 Bytes JMP 006B0062
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExA 7586BC0D 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExA 7586BC0D 5 Bytes JMP 006B0011
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExW 7586BEC4 5 Bytes JMP 006B002C
.text C:\Windows\system32\svchost.exe[1248] WS2_32.dll!socket 75903F00 5 Bytes JMP 006C000A
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1324] kernel32.dll!LoadLibraryA 75672864 4 Bytes JMP 62309A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1324] kernel32.dll!LoadLibraryW 756728B2 4 Bytes JMP 62309AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtCreateFile 77174A10 5 Bytes JMP 006D0FEF
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtCreateProcess 77174AE0 5 Bytes JMP 006D0FC3
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!NtProtectVirtualMemory 77175360 5 Bytes JMP 006D0FDE
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!GetStartupInfoA 75621DF0 5 Bytes JMP 00500F68
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!CreateProcessW 7562202D 5 Bytes JMP 00500F1A
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!CreateProcessA 75622062 5 Bytes JMP 00500F2B
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!CreateNamedPipeW 75651FD6 5 Bytes JMP 00500047
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!CreatePipe 75654A8B 5 Bytes JMP 00500F79
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!VirtualProtect 756650AB 5 Bytes JMP 0050007D
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!LoadLibraryExW 7566B6BF 5 Bytes JMP 00500FAF
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!LoadLibraryExA 7566BC8B 5 Bytes JMP 00500FC0
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!CreateFileW 75670B5D 5 Bytes JMP 0050001B
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!GetProcAddress 75671837 5 Bytes JMP 005000C0
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!LoadLibraryA 75672864 5 Bytes JMP 00500FDB
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!LoadLibraryW 756728B2 5 Bytes JMP 0050006C
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!CreateFileA 756728FC 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!CreateFileA 756728FC 5 Bytes JMP 00500000
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!GetStartupInfoW 75677CB5 5 Bytes JMP 00500F57
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!CreateNamedPipeA 756AD4DF 5 Bytes JMP 00500036
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!WinExec 756AE695 5 Bytes JMP 00500F46
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!VirtualProtectEx 756AF651 5 Bytes JMP 00500F94
.text C:\Windows\system32\svchost.exe[1360] msvcrt.dll!_open 76D97E48 5 Bytes JMP 00F10FEF
.text C:\Windows\system32\svchost.exe[1360] msvcrt.dll!_wsystem 76DCB04F 5 Bytes JMP 00F10014
.text C:\Windows\system32\svchost.exe[1360] msvcrt.dll!system 76DCB16F 5 Bytes JMP 00F10F8D
.text C:\Windows\system32\svchost.exe[1360] msvcrt.dll!_creat 76DCED29 5 Bytes JMP 00F10FB9
.text C:\Windows\system32\svchost.exe[1360] msvcrt.dll!_wcreat 76DD038E 5 Bytes JMP 00F10FA8
.text C:\Windows\system32\svchost.exe[1360] msvcrt.dll!_wopen 76DD0570 5 Bytes JMP 00F10FCA
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyA 7585D2ED 5 Bytes JMP 006C0000
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyA 7585D3C1 5 Bytes JMP 006C002C
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExA 75861B71 5 Bytes JMP 006C004E
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyW 75861CC0 5 Bytes JMP 006C003D
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyW 75863129 5 Bytes JMP 006C0011
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegCreateKeyExW 7586B946 5 Bytes JMP 006C0F9B
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExA 7586BC0D 5 Bytes JMP 006C0FDB
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!RegOpenKeyExW 7586BEC4 5 Bytes JMP 006C0FB6
.text C:\Windows\system32\svchost.exe[1360] WS2_32.dll!socket 75903F00 5 Bytes JMP 00F00000
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!SetUnhandledExceptionFilter 75673142 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\system32\svchost.exe[1764] ntdll.dll!NtCreateFile 77174A10 5 Bytes JMP 00610FEF
.text C:\Windows\system32\svchost.exe[1764] ntdll.dll!NtCreateProcess 77174AE0 5 Bytes JMP 0061002F
.text C:\Windows\system32\svchost.exe[1764] ntdll.dll!NtProtectVirtualMemory 77175360 5 Bytes JMP 0061000A
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!GetStartupInfoA 75621DF0 5 Bytes JMP 00360F4D
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!CreateProcessW 7562202D 5 Bytes JMP 003600AC
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!CreateProcessA 75622062 5 Bytes JMP 00360F17
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!CreateNamedPipeW 75651FD6 5 Bytes JMP 00360036
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!CreatePipe 75654A8B 5 Bytes JMP 00360F72
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!VirtualProtect 756650AB 5 Bytes JMP 00360F83
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!LoadLibraryExW 7566B6BF 5 Bytes JMP 00360F94
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!LoadLibraryExA 7566BC8B 5 Bytes JMP 00360FA5
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!CreateFileW 75670B5D 5 Bytes JMP 00360014
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!GetProcAddress 75671837 5 Bytes JMP 00360F06
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!LoadLibraryA 75672864 5 Bytes JMP 00360FCA
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!LoadLibraryW 756728B2 5 Bytes JMP 00360047
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!CreateFileA 756728FC 5 Bytes JMP 00360FEF
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!GetStartupInfoW 75677CB5 5 Bytes JMP 00360F3C
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!CreateNamedPipeA 756AD4DF 5 Bytes JMP 00360025
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!WinExec 756AE695 5 Bytes JMP 00360091
.text C:\Windows\system32\svchost.exe[1764] kernel32.dll!VirtualProtectEx 756AF651 5 Bytes JMP 00360076
.text C:\Windows\system32\svchost.exe[1764] msvcrt.dll!_open 76D97E48 5 Bytes JMP 00600FEF
.text C:\Windows\system32\svchost.exe[1764] msvcrt.dll!_wsystem 76DCB04F 5 Bytes JMP 00600F7C
.text C:\Windows\system32\svchost.exe[1764] msvcrt.dll!system 76DCB16F 5 Bytes JMP 00600F97
.text C:\Windows\system32\svchost.exe[1764] msvcrt.dll!_creat 76DCED29 5 Bytes JMP 00600FC3
.text C:\Windows\system32\svchost.exe[1764] msvcrt.dll!_wcreat 76DD038E 5 Bytes JMP 00600FB2
.text C:\Windows\system32\svchost.exe[1764] msvcrt.dll!_wopen 76DD0570 5 Bytes JMP 00600FD4
.text C:\Windows\system32\svchost.exe[1764] ADVAPI32.dll!RegOpenKeyA 7585D2ED 5 Bytes JMP 005A0FEF
.text C:\Windows\system32\svchost.exe[1764] ADVAPI32.dll!RegCreateKeyA 7585D3C1 5 Bytes JMP 005A0F97
.text C:\Windows\system32\svchost.exe[1764] ADVAPI32.dll!RegCreateKeyExA 75861B71 5 Bytes JMP 005A001E
.text C:\Windows\system32\svchost.exe[1764] ADVAPI32.dll!RegCreateKeyW 75861CC0 5 Bytes JMP 005A0F86
.text C:\Windows\system32\svchost.exe[1764] ADVAPI32.dll!RegOpenKeyW 75863129 5 Bytes JMP 005A0FD4
.text C:\Windows\system32\svchost.exe[1764] ADVAPI32.dll!RegCreateKeyExW 7586B946 5 Bytes JMP 005A0F57
.text C:\Windows\system32\svchost.exe[1764] ADVAPI32.dll!RegOpenKeyExA 7586BC0D 5 Bytes JMP 005A0FC3
.text C:\Windows\system32\svchost.exe[1764] ADVAPI32.dll!RegOpenKeyExW 7586BEC4 5 Bytes JMP 005A0FA8
.text C:\Windows\system32\svchost.exe[1764] WS2_32.dll!socket 75903F00 5 Bytes JMP 005B0FEF
.text C:\Windows\system32\svchost.exe[1880] ntdll.dll!NtCreateFile 77174A10 5 Bytes JMP 00DE0FEF
.text C:\Windows\system32\svchost.exe[1880] ntdll.dll!NtCreateProcess 77174AE0 5 Bytes JMP 00DE0FCA
.text C:\Windows\system32\svchost.exe[1880] ntdll.dll!NtProtectVirtualMemory 77175360 5 Bytes JMP 00DE0000
.text C:\Windows\system32\svchost.exe[1880] kernel32.dll!GetStartupInfoA 75621DF0 5 Bytes JMP 006C00B3
.text C:\Windows\system32\svchost.exe[1880] kernel32.dll!CreateProcessW 7562202D 5 Bytes JMP 006C00F3
.text C:\Windows\system32\svchost.exe[1880] kernel32.dll!CreateProcessA 75622062 5 Bytes JMP 006C00D8
.text C:\Windows\system32\svchost.exe[1880] kernel32.dll!CreateNamedPipeW 75651FD6 5 Bytes JMP 006C002C
.text C:\Windows\system32\svchost.exe[1880] kernel32.dll!CreatePipe 75654A8B 5 Bytes JMP 006C00A2
.text C:\Windows\system32\svchost.exe[1880] kernel32.dll!VirtualProtect 756650AB 5 Bytes JMP 006C007D
.text C:\Windows\system32\svchost.exe[1880] kernel32.dll!LoadLibraryExW 7566B6BF 5 Bytes JMP 006C0062
.text C:\Windows\system32\svchost.exe[1880] kernel32.dll!LoadLibraryExA 7566BC8B 5 Bytes JMP 006C0F9B
.text C:\Windows\system32\svchost.exe[1880] kernel32.dll!CreateFileW 75670B5D 5 Bytes JMP 006C0011
.text C:\Windows\system32\svchost.exe[1880] kernel32.dll!GetProcAddress 75671837 5 Bytes JMP 006C010E
.text C:\Windows\system32\svchost.exe[1880] kernel32.dll!LoadLibraryA 75672864 5 Bytes JMP 006C0FB6
.text C:\Windows\system32\svchost.exe[1880] kernel32.dll!LoadLibraryW 756728B2 5 Bytes JMP 006C003D
.text C:\Windows\system32\svchost.exe[1880] kernel32.dll!CreateFileA 756728FC 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1880] kernel32.dll!CreateFileA 756728FC 5 Bytes JMP 006C0000
.text C:\Windows\system32\svchost.exe[1880] kernel32.dll!GetStartupInfoW 75677CB5 5 Bytes JMP 006C0F6F
.text C:\Windows\system32\svchost.exe[1880] kernel32.dll!CreateNamedPipeA 756AD4DF 5 Bytes JMP 006C0FE5
.text C:\Windows\system32\svchost.exe[1880] kernel32.dll!WinExec 756AE695 5 Bytes JMP 006C0F5E
.text C:\Windows\system32\svchost.exe[1880] kernel32.dll!VirtualProtectEx 756AF651 5 Bytes JMP 006C0F8A
.text C:\Windows\system32\svchost.exe[1880] msvcrt.dll!_open 76D97E48 5 Bytes JMP 00DD0FEF
.text C:\Windows\system32\svchost.exe[1880] msvcrt.dll!_wsystem 76DCB04F 5 Bytes JMP 00DD0040
.text C:\Windows\system32\svchost.exe[1880] msvcrt.dll!system 76DCB16F 5 Bytes JMP 00DD002F
.text C:\Windows\system32\svchost.exe[1880] msvcrt.dll!_creat 76DCED29 5 Bytes JMP 00DD0FC3
.text C:\Windows\system32\svchost.exe[1880] msvcrt.dll!_wcreat 76DD038E 5 Bytes JMP 00DD001E
.text C:\Windows\system32\svchost.exe[1880] msvcrt.dll!_wopen 76DD0570 5 Bytes JMP 00DD0FD4
.text C:\Windows\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyA 7585D2ED 5 Bytes JMP 006D0000
.text C:\Windows\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyA 7585D3C1 5 Bytes JMP 006D0FD4
.text C:\Windows\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyExA 75861B71 5 Bytes JMP 006D006C
.text C:\Windows\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyW 75861CC0 5 Bytes JMP 006D005B
.text C:\Windows\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyW 75863129 5 Bytes JMP 006D0FEF
.text C:\Windows\system32\svchost.exe[1880] ADVAPI32.dll!RegCreateKeyExW 7586B946 5 Bytes JMP 006D0091
.text C:\Windows\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyExA 7586BC0D 5 Bytes JMP 006D002F
.text C:\Windows\system32\svchost.exe[1880] ADVAPI32.dll!RegOpenKeyExW 7586BEC4 5 Bytes JMP 006D004A
.text C:\Windows\system32\svchost.exe[1880] WS2_32.dll!socket 75903F00 5 Bytes JMP 006E0000

 

.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] ntdll.dll!NtCreateFile 77174A10 5 Bytes JMP 03970000
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] ntdll.dll!NtCreateProcess 77174AE0 5 Bytes JMP 03970011
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] ntdll.dll!NtProtectVirtualMemory 77175360 5 Bytes JMP 03970FDB
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] kernel32.dll!GetStartupInfoA 75621DF0 5 Bytes JMP 03780F57
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] kernel32.dll!CreateProcessW 7562202D 5 Bytes JMP 03780F2B
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] kernel32.dll!CreateProcessA 75622062 5 Bytes JMP 03780F3C
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] kernel32.dll!CreateNamedPipeW 75651FD6 5 Bytes JMP 03780FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] kernel32.dll!CreatePipe 75654A8B 5 Bytes JMP 03780080
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] kernel32.dll!VirtualProtect 756650AB 5 Bytes JMP 03780F8D
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] kernel32.dll!LoadLibraryExW 7566B6BF 5 Bytes JMP 03780FA8
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] kernel32.dll!LoadLibraryExA 7566BC8B 5 Bytes JMP 03780FB9
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] kernel32.dll!CreateFileW 75670B5D 5 Bytes JMP 0378001B
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] kernel32.dll!GetProcAddress 75671837 5 Bytes JMP 03780F1A
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] kernel32.dll!LoadLibraryA 75672864 5 Bytes JMP 0378004A
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] kernel32.dll!LoadLibraryW 756728B2 5 Bytes JMP 03780065
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] kernel32.dll!CreateFileA 756728FC 5 Bytes JMP 0378000A
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] kernel32.dll!GetStartupInfoW 75677CB5 5 Bytes JMP 0378009B
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] kernel32.dll!CreateNamedPipeA 756AD4DF 5 Bytes JMP 03780FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] kernel32.dll!WinExec 756AE695 5 Bytes JMP 037800B6
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] kernel32.dll!VirtualProtectEx 756AF651 5 Bytes JMP 03780F72
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] msvcrt.dll!_open 76D97E48 5 Bytes JMP 03960FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] msvcrt.dll!_wsystem 76DCB04F 5 Bytes JMP 03960028
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] msvcrt.dll!system 76DCB16F 5 Bytes JMP 03960FA1
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] msvcrt.dll!_creat 76DCED29 5 Bytes JMP 03960FCD
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] msvcrt.dll!_wcreat 76DD038E 5 Bytes JMP 03960FB2
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] msvcrt.dll!_wopen 76DD0570 5 Bytes JMP 03960FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] ADVAPI32.dll!RegOpenKeyA 7585D2ED 5 Bytes JMP 03790FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] ADVAPI32.dll!RegCreateKeyA 7585D3C1 5 Bytes JMP 03790040
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] ADVAPI32.dll!RegCreateKeyExA 75861B71 5 Bytes JMP 03790FA8
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] ADVAPI32.dll!RegCreateKeyW 75861CC0 5 Bytes JMP 03790FB9
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] ADVAPI32.dll!RegOpenKeyW 75863129 5 Bytes JMP 03790FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] ADVAPI32.dll!RegCreateKeyExW 7586B946 5 Bytes JMP 03790F8D
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] ADVAPI32.dll!RegOpenKeyExA 7586BC0D 5 Bytes JMP 0379001E
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] ADVAPI32.dll!RegOpenKeyExW 7586BEC4 5 Bytes JMP 0379002F
.text C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] WS2_32.dll!socket 75903F00 5 Bytes JMP 037A0000
.text C:\Windows\system32\svchost.exe[3864] ntdll.dll!NtCreateFile 77174A10 5 Bytes JMP 002D0000
.text C:\Windows\system32\svchost.exe[3864] ntdll.dll!NtCreateProcess 77174AE0 5 Bytes JMP 002D0022
.text C:\Windows\system32\svchost.exe[3864] ntdll.dll!NtProtectVirtualMemory 77175360 5 Bytes JMP 002D0011
.text C:\Windows\system32\svchost.exe[3864] kernel32.dll!GetStartupInfoA 75621DF0 5 Bytes JMP 00290087
.text C:\Windows\system32\svchost.exe[3864] kernel32.dll!CreateProcessW 7562202D 5 Bytes JMP 00290F1E
.text C:\Windows\system32\svchost.exe[3864] kernel32.dll!CreateProcessA 75622062 5 Bytes JMP 00290F2F
.text C:\Windows\system32\svchost.exe[3864] kernel32.dll!CreateNamedPipeW 75651FD6 5 Bytes JMP 0029000A
.text C:\Windows\system32\svchost.exe[3864] kernel32.dll!CreatePipe 75654A8B 5 Bytes JMP 00290076
.text C:\Windows\system32\svchost.exe[3864] kernel32.dll!VirtualProtect 756650AB 5 Bytes JMP 00290051
.text C:\Windows\system32\svchost.exe[3864] kernel32.dll!LoadLibraryExW 7566B6BF 5 Bytes JMP 00290040
.text C:\Windows\system32\svchost.exe[3864] kernel32.dll!LoadLibraryExA 7566BC8B 5 Bytes JMP 00290025
.text C:\Windows\system32\svchost.exe[3864] kernel32.dll!CreateFileW 75670B5D 5 Bytes JMP 00290FD4
.text C:\Windows\system32\svchost.exe[3864] kernel32.dll!GetProcAddress 75671837 5 Bytes JMP 00290F0D
.text C:\Windows\system32\svchost.exe[3864] kernel32.dll!LoadLibraryA 75672864 5 Bytes JMP 00290F9E
.text C:\Windows\system32\svchost.exe[3864] kernel32.dll!LoadLibraryW 756728B2 5 Bytes JMP 00290F83
.text C:\Windows\system32\svchost.exe[3864] kernel32.dll!CreateFileA 756728FC 5 Bytes JMP 00290FEF
.text C:\Windows\system32\svchost.exe[3864] kernel32.dll!GetStartupInfoW 75677CB5 5 Bytes JMP 00290098
.text C:\Windows\system32\svchost.exe[3864] kernel32.dll!CreateNamedPipeA 756AD4DF 5 Bytes JMP 00290FB9
.text C:\Windows\system32\svchost.exe[3864] kernel32.dll!WinExec 756AE695 5 Bytes JMP 002900A9
.text C:\Windows\system32\svchost.exe[3864] kernel32.dll!VirtualProtectEx 756AF651 5 Bytes JMP 00290F68
.text C:\Windows\system32\svchost.exe[3864] msvcrt.dll!_open 76D97E48 5 Bytes JMP 002C0FEF
.text C:\Windows\system32\svchost.exe[3864] msvcrt.dll!_wsystem 76DCB04F 5 Bytes JMP 002C0062
.text C:\Windows\system32\svchost.exe[3864] msvcrt.dll!system 76DCB16F 5 Bytes JMP 002C0047
.text C:\Windows\system32\svchost.exe[3864] msvcrt.dll!_creat 76DCED29 5 Bytes JMP 002C0025
.text C:\Windows\system32\svchost.exe[3864] msvcrt.dll!_wcreat 76DD038E 5 Bytes JMP 002C0036
.text C:\Windows\system32\svchost.exe[3864] msvcrt.dll!_wopen 76DD0570 5 Bytes JMP 002C000A
.text C:\Windows\system32\svchost.exe[3864] ADVAPI32.dll!RegOpenKeyA 7585D2ED 5 Bytes JMP 002A0FEF
.text C:\Windows\system32\svchost.exe[3864] ADVAPI32.dll!RegCreateKeyA 7585D3C1 5 Bytes JMP 002A0FA1
.text C:\Windows\system32\svchost.exe[3864] ADVAPI32.dll!RegCreateKeyExA 75861B71 5 Bytes JMP 002A0028
.text C:\Windows\system32\svchost.exe[3864] ADVAPI32.dll!RegCreateKeyW 75861CC0 5 Bytes JMP 002A0F86
.text C:\Windows\system32\svchost.exe[3864] ADVAPI32.dll!RegOpenKeyW 75863129 5 Bytes JMP 002A0FDE
.text C:\Windows\system32\svchost.exe[3864] ADVAPI32.dll!RegCreateKeyExW 7586B946 5 Bytes JMP 002A0F75
.text C:\Windows\system32\svchost.exe[3864] ADVAPI32.dll!RegOpenKeyExA 7586BC0D 5 Bytes JMP 002A0FCD
.text C:\Windows\system32\svchost.exe[3864] ADVAPI32.dll!RegOpenKeyExW 7586BEC4 5 Bytes JMP 002A0FB2
.text C:\Windows\system32\svchost.exe[3864] WS2_32.dll!socket 75903F00 5 Bytes JMP 002B0000
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4492] USER32.dll!TrackPopupMenu 77094B3B 5 Bytes JMP 65525CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5224] ntdll.dll!LdrLoadDll 7718F585 5 Bytes JMP 012513F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Windows\explorer.exe[5236] ntdll.dll!NtCreateFile 77174A10 5 Bytes JMP 00040FEF
.text C:\Windows\explorer.exe[5236] ntdll.dll!NtCreateProcess 77174AE0 5 Bytes JMP 0004000A
.text C:\Windows\explorer.exe[5236] ntdll.dll!NtProtectVirtualMemory 77175360 5 Bytes JMP 00040FD4
.text C:\Windows\explorer.exe[5236] kernel32.dll!GetStartupInfoA 75621DF0 5 Bytes JMP 0001006F
.text C:\Windows\explorer.exe[5236] kernel32.dll!CreateProcessW 7562202D 5 Bytes JMP 00010EF8
.text C:\Windows\explorer.exe[5236] kernel32.dll!CreateProcessA 75622062 5 Bytes JMP 00010F09
.text C:\Windows\explorer.exe[5236] kernel32.dll!CreateNamedPipeW 75651FD6 5 Bytes JMP 00010FC3
.text C:\Windows\explorer.exe[5236] kernel32.dll!CreatePipe 75654A8B 5 Bytes JMP 00010F46
.text C:\Windows\explorer.exe[5236] kernel32.dll!VirtualProtect 756650AB 5 Bytes JMP 00010F7C
.text C:\Windows\explorer.exe[5236] kernel32.dll!LoadLibraryExW 7566B6BF 5 Bytes JMP 00010F8D
.text C:\Windows\explorer.exe[5236] kernel32.dll!LoadLibraryExA 7566BC8B 5 Bytes JMP 00010054
.text C:\Windows\explorer.exe[5236] kernel32.dll!CreateFileW 75670B5D 5 Bytes JMP 00010FEF
.text C:\Windows\explorer.exe[5236] kernel32.dll!GetProcAddress 75671837 5 Bytes JMP 000100B2
.text C:\Windows\explorer.exe[5236] kernel32.dll!LoadLibraryA 75672864 5 Bytes JMP 00010FB2
.text C:\Windows\explorer.exe[5236] kernel32.dll!LoadLibraryW 756728B2 5 Bytes JMP 0001002F
.text C:\Windows\explorer.exe[5236] kernel32.dll!CreateFileA 756728FC 5 Bytes JMP 0001000A
.text C:\Windows\explorer.exe[5236] kernel32.dll!CreateProcessInternalW 756742AE 5 Bytes JMP 0061866A
.text C:\Windows\explorer.exe[5236] kernel32.dll!GetStartupInfoW 75677CB5 5 Bytes JMP 00010F2B
.text C:\Windows\explorer.exe[5236] kernel32.dll!CreateNamedPipeA 756AD4DF 5 Bytes JMP 00010FDE
.text C:\Windows\explorer.exe[5236] kernel32.dll!WinExec 756AE695 5 Bytes JMP 00010F1A
.text C:\Windows\explorer.exe[5236] kernel32.dll!VirtualProtectEx 756AF651 5 Bytes JMP 00010F57
.text C:\Windows\explorer.exe[5236] ADVAPI32.dll!RegOpenKeyA 7585D2ED 5 Bytes JMP 000E000A
.text C:\Windows\explorer.exe[5236] ADVAPI32.dll!RegCreateKeyA 7585D3C1 5 Bytes JMP 000E0FDB
.text C:\Windows\explorer.exe[5236] ADVAPI32.dll!RegCreateKeyExA 75861B71 5 Bytes JMP 000E0FAF
.text C:\Windows\explorer.exe[5236] ADVAPI32.dll!RegCreateKeyW 75861CC0 5 Bytes JMP 000E0FC0
.text C:\Windows\explorer.exe[5236] ADVAPI32.dll!RegOpenKeyW 75863129 5 Bytes JMP 000E001B
.text C:\Windows\explorer.exe[5236] ADVAPI32.dll!RegCreateKeyExW 7586B946 5 Bytes JMP 000E0062
.text C:\Windows\explorer.exe[5236] ADVAPI32.dll!RegOpenKeyExA 7586BC0D 5 Bytes JMP 000E002C
.text C:\Windows\explorer.exe[5236] ADVAPI32.dll!RegOpenKeyExW 7586BEC4 5 Bytes JMP 000E003D
.text C:\Windows\explorer.exe[5236] msvcrt.dll!_open 76D97E48 5 Bytes JMP 000F0FEF
.text C:\Windows\explorer.exe[5236] msvcrt.dll!_wsystem 76DCB04F 5 Bytes JMP 000F0FBC
.text C:\Windows\explorer.exe[5236] msvcrt.dll!system 76DCB16F 5 Bytes JMP 000F0047
.text C:\Windows\explorer.exe[5236] msvcrt.dll!_creat 76DCED29 5 Bytes JMP 000F0FCD
.text C:\Windows\explorer.exe[5236] msvcrt.dll!_wcreat 76DD038E 5 Bytes JMP 000F0022
.text C:\Windows\explorer.exe[5236] msvcrt.dll!_wopen 76DD0570 5 Bytes JMP 000F0FDE
.text C:\Windows\explorer.exe[5236] WS2_32.dll!socket 75903F00 5 Bytes JMP 04DE0FE5
.text C:\Windows\explorer.exe[5236] WININET.dll!InternetOpenA 75727E1C 5 Bytes JMP 043C0000
.text C:\Windows\explorer.exe[5236] WININET.dll!InternetOpenW 75729DA0 5 Bytes JMP 043C0025
.text C:\Windows\explorer.exe[5236] WININET.dll!InternetOpenUrlA 7572DC18 5 Bytes JMP 043C0FEF
.text C:\Windows\explorer.exe[5236] WININET.dll!InternetOpenUrlW 7577DC14 5 Bytes JMP 043C0FD4
---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8BA3B042] \SystemRoot\System32\Drivers\spjv.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8BA3B6D6] \SystemRoot\System32\Drivers\spjv.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8BA3B800] \SystemRoot\System32\Drivers\spjv.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8BA3B13E] \SystemRoot\System32\Drivers\spjv.sys
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortNotification] 000003E3
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortQuerySystemTime] 8B24568B
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortReadPortUchar] 50522046
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortStallExecution] FFEC9FE8
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortWritePortUchar] 08C483FF
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortWritePortUlong] 0874FF85
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortGetPhysicalAddress] FF53006A
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 08C483D7
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortGetScatterGatherList] 81107D8B
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortGetParentBusType] 0003E5FF
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortRequestCallback] 0F840F00
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 81000001
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0003E3FF
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortCompleteRequest] EC840F00
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortCopyMemory] 8B000000
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortEtwTraceLog] 0001F88E
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] FC8E0B00
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0F000001
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 0000DA84
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortReadPortBufferUshort] ECD8E800
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortInitialize] 8E8BFFFF
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortGetDeviceBase] 000001F8
IAT \SystemRoot\System32\Drivers\az95y4jy.SYS[ataport.SYS!AtaPortDeviceStateChange] 01E08E01

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [751D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [751D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [751D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [751D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [751D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [751D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1920] @ C:\Windows\system32\ole32.dll [ntdll.dll!EtwRegisterTraceGuidsW] [7230B0C6] C:\Windows\AppPatch\AcXtrnal.dll (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\system32\mfevtps.exe[3032] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [008C77A0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\system32\rundll32.exe[4256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [751D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[4256] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [751D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[4256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [751D5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 856D21F8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk01.sys

Device \Driver\volmgr \Device\VolMgrControl 856CE1F8
Device \Driver\usbohci \Device\USBPDO-0 867F21F8
Device \Driver\usbohci \Device\USBPDO-1 867F21F8
Device \Driver\PCI_PNP4422 \Device\00000052 spjv.sys
Device \Driver\usbehci \Device\USBPDO-2 867E11F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\volmgr \Device\HarddiskVolume1 856CE1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 856CE1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 866581F8
Device \Driver\sptd \Device\2858796922 spjv.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 856D01F8
Device \Driver\atapi \Device\Ide\IdePort0 856D01F8
Device \Driver\atapi \Device\Ide\IdePort1 856D01F8
Device \Driver\atapi \Device\Ide\IdePort2 856D01F8
Device \Driver\atapi \Device\Ide\IdePort3 856D01F8
Device \Driver\atapi \Device\Ide\IdePort4 856D01F8
Device \Driver\atapi \Device\Ide\IdePort5 856D01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 856D01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-6 856D01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-2 856D01F8
Device \Driver\cdrom \Device\CdRom1 866581F8
Device \Driver\volmgr \Device\HarddiskVolume3 856CE1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume4 856CE1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom2 866581F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8673F1F8
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbohci \Device\USBFDO-0 867F21F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9C191319-51AD-455F-B4C2-500E926692C8} 8673F1F8
Device \Driver\usbohci \Device\USBFDO-1 867F21F8
Device \Driver\usbehci \Device\USBFDO-2 867E11F8
Device \Driver\az95y4jy \Device\Scsi\az95y4jy1Port6Path0Target0Lun0 86829500
Device \Driver\az95y4jy \Device\Scsi\az95y4jy1 86829500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2C 0xEE 0xFD 0xC0 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x18 0x3F 0x66 0x25 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF4 0xE9 0x93 0x8A ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???6?H???H??? ???????????????????H??????????.?48 ??????f7c???????H???H???????????????H???H???????e???????????B??????????????????????t???????????????????mfeavfk??H???????????H???????d?????H?????0??? ?????????????H?????H?E??????????????????????1?ql???????????6??????al??? ???????H???????????H?E????????N?D??????????????H???e???e??mfefirek01???????????????????????????????????????????????H???E??s-??LegacyDriver?0????N??H???}????D?ql??{8ECC055D-047F-11D1-A537-0000F8753ED1}?300??? ???H???u?????ca8??McAfee Inc.??????H?H?H?H?H?H?H??? ???????H???????e???H?H?H?H?H?H?H?H????? ???????????????????H??????????,?????????136E???????H???C???????0???????H???}?????eql??McAfee Inc.??H???????????????????d???????????f??t6???????????8??7d?????H?????H???????????H???????g?????H?&???H??? ?????????????H?????H?E?????????????????????????????????????????????????H???????e???H??????????????? ???????H???????????H?E????????N?31????????mfeavfk01????????????l???0???????????u?????sa8???????H???c??s???LegacyDriver??????N??H???H???????e??{8ECC055D-0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2C 0xEE 0xFD 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x18 0x3F 0x66 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF4 0xE9 0x93 0x8A ...

---- EOF - GMER 1.0.15 ----

 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer:
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: To Be Filled By O.E.M.
System Product Name: To Be Filled By O.E.M.
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 175):
0x82E11000 \SystemRoot\system32\ntkrnlpa.exe
0x83221000 \SystemRoot\system32\halmacpi.dll
0x80BCB000 \SystemRoot\system32\kdcom.dll
0x8B82D000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8B838000 \SystemRoot\system32\PSHED.dll
0x8B849000 \SystemRoot\system32\BOOTVID.dll
0x8B851000 \SystemRoot\system32\CLFS.SYS
0x8B893000 \SystemRoot\system32\CI.dll
0x8B93E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B9AF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BA39000 \SystemRoot\System32\Drivers\spjv.sys
0x8BB3A000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8BB43000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8BB69000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8BBB1000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8BBB9000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8BBC4000 \SystemRoot\system32\DRIVERS\pci.sys
0x8BBEE000 \SystemRoot\System32\drivers\partmgr.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8BC0F000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BC5A000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8BC61000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8BC6F000 \SystemRoot\System32\drivers\mountmgr.sys
0x8BC85000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8BC8E000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8BCB1000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8BCBA000 \SystemRoot\system32\drivers\fltmgr.sys
0x8BCEE000 \SystemRoot\system32\drivers\fileinfo.sys
0x8BE05000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BF34000 \SystemRoot\System32\Drivers\msrpc.sys
0x8BF5F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BF72000 \SystemRoot\System32\Drivers\cng.sys
0x8BFCF000 \SystemRoot\System32\drivers\pcw.sys
0x8BFDD000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8BCFF000 \SystemRoot\system32\drivers\ndis.sys
0x8BDB6000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BA10000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C00E000 \SystemRoot\System32\drivers\tcpip.sys
0x8C157000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C188000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8C191000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C1D0000 \SystemRoot\System32\Drivers\spldr.sys
0x8B9BD000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C1D8000 \SystemRoot\system32\DRIVERS\nv_agp.sys
0x8BFE6000 \SystemRoot\System32\Drivers\mup.sys
0x8C1F4000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C20B000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C23D000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C24E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C2A5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C2C4000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x8C31D000 \SystemRoot\System32\Drivers\Null.SYS
0x8C324000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C32B000 \SystemRoot\System32\drivers\vga.sys
0x8C337000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C358000 \SystemRoot\System32\drivers\watchdog.sys
0x8C365000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C36D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C375000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8C37D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C388000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C396000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C3AD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C3B8000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x90628000 \SystemRoot\system32\drivers\afd.sys
0x90682000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x90687000 \SystemRoot\System32\DRIVERS\netbt.sys
0x906B9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x906C0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x906DF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x906ED000 \SystemRoot\system32\DRIVERS\serial.sys
0x90707000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9071A000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9072A000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x90735000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90776000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90780000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9078A000 \SystemRoot\System32\drivers\discache.sys
0x90796000 \SystemRoot\system32\drivers\csc.sys
0x90600000 \SystemRoot\System32\Drivers\dfsc.sys
0x90618000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8C3C2000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8B800000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8C3E9000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8C200000 \SystemRoot\system32\DRIVERS\irsir.sys
0x8C000000 \SystemRoot\system32\drivers\irenum.sys
0x91438000 \SystemRoot\system32\DRIVERS\parport.sys
0x91450000 \SystemRoot\system32\DRIVERS\serenum.sys
0x9145A000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x91464000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x914AF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90E23000 \SystemRoot\system32\drivers\P17.sys
0x90F7B000 \SystemRoot\system32\drivers\portcls.sys
0x90FAA000 \SystemRoot\system32\drivers\drmk.sys
0x90FC3000 \SystemRoot\system32\drivers\ks.sys
0x914BE000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x91622000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x91C86000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91D3D000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91D76000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91DBA000 \SystemRoot\System32\Drivers\az95y4jy.SYS
0x91DF1000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91600000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x90E00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91612000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x914F9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9151B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91533000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9154A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90E18000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x91561000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9156E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9161D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9157B000 \SystemRoot\system32\DRIVERS\AmdLLD.sys
0x9158A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91598000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x915DC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92215000 \SystemRoot\system32\drivers\HdAudio.sys
0x92265000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0x82960000 \SystemRoot\System32\win32k.sys
0x9226B000 \SystemRoot\System32\drivers\Dxapi.sys
0x92275000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x92280000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x92293000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9229A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9229C000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x922A4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x922AF000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x922B7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x922CE000 \SystemRoot\system32\drivers\usbaudio.sys
0x922E2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x922EE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x922FB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x92306000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9230F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x92320000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82BC0000 \SystemRoot\System32\TSDDD.dll
0x82800000 \SystemRoot\System32\cdd.dll
0x9232B000 \SystemRoot\system32\drivers\luafv.sys
0x92346000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x9237D000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x92380000 \SystemRoot\system32\drivers\WudfPf.sys
0x9239A000 \SystemRoot\system32\DRIVERS\irda.sys
0x923B8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x923C8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9AE0E000 \SystemRoot\system32\drivers\HTTP.sys
0x9AE93000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9AEAC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9AEBE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9AEE1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9AF1C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9AF37000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9AF3E000 \SystemRoot\system32\drivers\peauth.sys
0x9AFD5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9AFDF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9AE00000 \??\C:\Windows\system32\Drivers\SSPORT.sys
0x923DB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9C098000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9C0E7000 \SystemRoot\System32\DRIVERS\srv.sys
0x9C138000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x9C15D000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x9C16B000 \SystemRoot\system32\drivers\mfehidk.sys
0x9C1C8000 \SystemRoot\system32\drivers\mfewfpk.sys
0x9C000000 \SystemRoot\system32\drivers\mfeavfk.sys
0x8A6E1000 \Device\mfehidk01.sys
0x8A79B000 \Device\mfeavfk01.sys
0x8A600000 \SystemRoot\system32\drivers\mfefirek.sys
0x8A656000 \SystemRoot\system32\drivers\mfeapfk.sys
0x8A66C000 \SystemRoot\system32\drivers\mfebopk.sys
0x8A677000 \SystemRoot\system32\drivers\cfwids.sys
0x8A68B000 \??\C:\Users\ADMINI~1\AppData\Local\Temp\kxldqpoc.sys
0x77130000 \Windows\System32\ntdll.dll
0x47F60000 \Windows\System32\smss.exe
0x77370000 \Windows\System32\apisetschema.dll
0x10000000 \Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll

Processes (total 56):
0 System Idle Process
4 System
332 C:\Windows\System32\smss.exe
448 csrss.exe
524 C:\Windows\System32\wininit.exe
536 csrss.exe
584 C:\Windows\System32\services.exe
608 C:\Windows\System32\lsass.exe
616 C:\Windows\System32\lsm.exe
684 C:\Windows\System32\winlogon.exe
768 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\audiodg.exe
1156 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
1248 C:\Windows\System32\svchost.exe
1360 C:\Windows\System32\svchost.exe
1428 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1464 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1724 C:\Windows\System32\spoolsv.exe
1764 C:\Windows\System32\svchost.exe
1880 C:\Windows\System32\svchost.exe
1920 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
1948 C:\Windows\System32\atieclxx.exe
516 C:\Windows\System32\dwm.exe
1440 C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
408 C:\Windows\System32\PnkBstrA.exe
2140 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2200 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
2600 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2668 unsecapp.exe
2940 WmiPrvSE.exe
3116 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3752 C:\Windows\System32\SearchIndexer.exe
3864 C:\Windows\System32\svchost.exe
880 C:\Program Files\Windows Media Player\wmpnetwk.exe
2816 C:\Windows\System32\mobsync.exe
1324 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
4256 C:\Windows\System32\rundll32.exe
4452 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
5980 mcupdmgr.exe
3032 C:\Windows\System32\mfevtps.exe
6100 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
1892 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
5236 C:\Windows\explorer.exe
5224 C:\Program Files\Mozilla Firefox\firefox.exe
4492 C:\Program Files\Mozilla Firefox\plugin-container.exe
4960 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
6108 C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
4252 C:\Windows\System32\notepad.exe
4508 C:\Windows\System32\svchost.exe
5956 C:\Users\Administrator\Desktop\MBRCheck.exe
4616 C:\Windows\System32\conhost.exe
5040 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000008`002c0800 (NTFS)

PhysicalDrive1 Model Number: MAXTORSTM3160212A, Rev: 3.AAJ
PhysicalDrive0 Model Number: SAMSUNGHD161GJ, Rev: 1AC01118

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

 

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5055

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5-11-2010 11:53:34
mbam-log-2010-11-05 (11-53-34).txt

Scan type: Quick scan
Objects scanned: 148931
Time elapsed: 9 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QueryBrowser (Adware.QueryBrowser) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QueryBrowser Service (Adware.QueryBrowser) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Mozilla Firefox\extensions\{2B52746B-CDBB-49A6-A80D-912BC6636A6C} (Adware.QueryBrowser) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\extensions\{2B52746B-CDBB-49A6-A80D-912BC6636A6C}\chrome (Adware.QueryBrowser) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\extensions\{2B52746B-CDBB-49A6-A80D-912BC6636A6C}\defaults (Adware.QueryBrowser) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{2B52746B-CDBB-49A6-A80D-912BC6636A6C}\defaults\preferences (Adware.QueryBrowser) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Administrator\downloads\DivXInstaller.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{2B52746B-CDBB-49A6-A80D-912BC6636A6C}\chrome.manifest (Adware.QueryBrowser) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{2B52746B-CDBB-49A6-A80D-912BC6636A6C}\install.rdf (Adware.QueryBrowser) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{2B52746B-CDBB-49A6-A80D-912BC6636A6C}\chrome\querybrowser.jar (Adware.QueryBrowser) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\extensions\{2B52746B-CDBB-49A6-A80D-912BC6636A6C}\defaults\preferences\prefs.js (Adware.QueryBrowser) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

 

yes i can

here are the logs from dds

attach.txt file

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-05.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5-10-2010 11:46:46
System Uptime: 11-6-2010 12:07:26 (3552 hours ago)

Motherboard: | | ALiveDual-eSATA2
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | CPUSocket | 2835/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 32 GiB total, 7,673 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 37,507 GiB free.
E: is FIXED (NTFS) - 117 GiB total, 25,87 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP56: 6-11-2010 3:00:30 - Windows Update

==== Installed Programs ======================

Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0 - Nederlands
Alpha Protocol
AMD Drag and Drop Transcoding
ATI Catalyst Install Manager
µTorrent
avast! Pro Antivirus
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCleaner
Character Builder
CMake 2.8 a cross-platform, open-source build system
Creative Configuratiescherm voor geluid
Creative Software AutoUpdate
DivX Setup
Dual-Core Optimizer
Eigenschappen Creative Sound Blaster
EVEREST Ultimate Edition v5.50
Fences
Hitman Pro 3.5
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946581)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Office (KB950278)
Java Auto Updater
Java(TM) 6 Update 20
Left 4 Dead 2
Logitech SetPoint 6.15
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Messenger Plus! Live
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft DirectX SDK (August 2009)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint 2003 Template Pack 1
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Mozilla Firefox (3.6.12)
MSVCRT
MySQL Server 5.1
NVIDIA PhysX
OpenSSL 1.0.0a (32-bit)
ParetoLogic PC Health Advisor
PowerISO
Samsung CLX-3170 Series
Silkroad
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SQLyog Enterprise 7.02
Steam
TeamSpeak 3 Client
TeamViewer 5
TortoiseHg 1.1.4 (x86)
Trojan Remover 6.8.2
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.4
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Player Firefox Plugin
WinRAR archiver
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

6-11-2010 2:15:34, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
6-11-2010 2:15:34, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6-11-2010 2:15:34, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6-11-2010 2:15:34, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6-11-2010 2:15:34, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6-11-2010 2:15:34, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6-11-2010 2:15:34, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6-11-2010 2:15:32, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6-11-2010 2:15:30, Error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
6-11-2010 12:12:37, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB980218).
6-11-2010 12:12:37, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Microsoft .NET Framework 3.5 SP1 Security Update for Windows 7 x86 (KB979916).
6-11-2010 12:12:36, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB979538).
6-11-2010 12:12:36, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB971033).
6-11-2010 12:12:36, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Internet Explorer 8 Compatibility View List for Windows 7 (KB2362765).
6-11-2010 12:12:36, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB980232).
6-11-2010 12:12:36, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB979688).
6-11-2010 12:12:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Microsoft Browser Choice Screen Update for EEA Users of Windows 7 (KB976002).
6-11-2010 12:12:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB976972).
6-11-2010 12:12:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB2345886).
6-11-2010 12:12:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Rights Management Services Client for Windows 7 (KB979099).
6-11-2010 12:12:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB981957).
6-11-2010 12:12:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB981852).
6-11-2010 12:12:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB981332).
6-11-2010 12:12:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB2286198).
6-11-2010 12:12:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB2281679).
6-11-2010 12:12:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Microsoft .NET Framework 3.5.1 and Windows 7 x86 (KB2416471).
6-11-2010 12:12:34, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB976662).
6-11-2010 12:12:34, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB2388210).
6-11-2010 12:12:34, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB2249857).
6-11-2010 12:12:34, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB982214).
6-11-2010 12:12:34, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB977165).
6-11-2010 12:12:34, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB975560).
6-11-2010 12:12:34, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB972270).
6-11-2010 12:12:34, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB2387149).
6-11-2010 12:12:34, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB2378111).
6-11-2010 12:12:34, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB2296011).
6-11-2010 12:12:33, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for ActiveX Killbits for Windows 7 (KB980195).
6-11-2010 12:12:33, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB980846).
6-11-2010 12:12:33, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB980408).
6-11-2010 12:12:33, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB977074).
6-11-2010 12:12:33, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB974431).
6-11-2010 12:12:33, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB2158563).
6-11-2010 12:12:33, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB982799).
6-11-2010 12:12:33, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB982665).
6-11-2010 12:12:33, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB982132).
6-11-2010 12:12:33, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB979482).
6-11-2010 12:12:33, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB978542).
6-11-2010 12:12:33, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB974571).
6-11-2010 12:12:33, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB2207566).
6-11-2010 12:12:33, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB2079403).
6-11-2010 12:12:33, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Cumulative Update for Media Center for Windows 7 (KB2284742).
6-11-2010 12:12:32, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 (KB975467).
6-11-2010 12:12:32, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Microsoft .NET Framework 3.5 SP1 Update for Windows 7 x86 (KB982526).
6-11-2010 12:12:32, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB975496).
6-11-2010 12:12:32, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB974332).
6-11-2010 12:12:32, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB979687).
6-11-2010 12:12:32, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB978886).
6-11-2010 12:12:32, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB2347290).
6-11-2010 12:12:32, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for .NET Framework 3.5.1 on Windows 7 x86 (KB983590).
6-11-2010 12:12:32, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB2360131).
6-11-2010 12:08:00, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x87f3a280, 0x87f3a3ec, 0x8342bdd0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 110610-24828-01.
6-11-2010 12:07:57, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
6-11-2010 12:07:34, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
6-11-2010 1:53:28, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {682159D9-C321-47CA-B3F1-30E36B2EC8B9} as /. The error: "225" Happened while starting this command: C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
6-11-2010 1:51:02, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0x80000004, 0x83031d4f, 0x9dd13864, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 110610-30015-01.
5-11-2010 4:37:37, Error: Service Control Manager [7022] - The McAfee Firewall Core Service service hung on starting.
5-11-2010 4:37:37, Error: Service Control Manager [7001] - The McAfee Personal Firewall service depends on the McAfee Firewall Core Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5-11-2010 4:08:38, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
5-11-2010 4:01:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the szserver service.
5-11-2010 3:29:46, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
5-11-2010 12:12:52, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR5.
5-11-2010 12:09:00, Error: Service Control Manager [7000] - The Infrared monitor service service failed to start due to the following error: A required privilege is not held by the client.
5-11-2010 11:41:13, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
4-11-2010 9:15:06, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
31-10-2010 3:08:54, Error: Service Control Manager [7034] - The QueryBrowser Service service terminated unexpectedly. It has done this 1 time(s).
30-10-2010 1:29:40, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.

==== End Of File ===========================

dds.txt file


DDS (Ver_10-11-05.01) - NTFSx86
Run by Administrator at 12:11:45,37 on za 06-11-2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1033.18.3263.2224 [GMT 1:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast5\setup\avast.setup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\ADMINI~1\AppData\Local\Temp\Rar$DI00.784\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZKfox000&ptb=ZtjA3NpK7qWbAEGGZIntog
uSearch Bar =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101105212648.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {851552F5-B878-4B03-904F-2AD6A4CC8994} - No File
uRun: [Steam] "d:\steam\Steam.exe" -silent
mRun: [TortoiseHgOverlayIconServer] c:\program files\tortoisehg\TortoiseHgOverlayServer.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\0feu3q59.default\
FF - prefs.js: browser.startup.homepage - hxxp://nl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nlfficial
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff2.dll
FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.6.dll
FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\0feu3q59.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\0feu3q59.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\0feu3q59.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-11-5 386840]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-11-5 164840]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-10-31 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-31 165584]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-11-5 64304]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-26 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-31 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-31 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-31 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-5 271480]
R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-5 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-5 271480]
R2 McProxy;McAfee Proxy Service; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-5 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-11-5 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-11-5 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-5 141792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-11-4 1153368]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-10-29 5120]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-10-26 2011944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-8-26 6380032]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-8-26 221696]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-31 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-31 40384]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-5 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-11-5 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-11-5 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-5 313288]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-10-5 79360]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-5 38224]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-5 84264]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]

=============== Created Last 30 ================

2010-11-06 02:12:25 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-11-06 02:02:13 -------- d-----w- c:\program files\MSXML 4.0
2010-11-06 01:10:25 295424 ----a-w- C:\gmer.exe
2010-11-06 01:04:20 -------- d-----w- c:\users\admini~1\appdata\roaming\SiteAdvisor
2010-11-05 22:43:25 -------- d-----w- c:\users\admini~1\appdata\roaming\Malwarebytes
2010-11-05 22:43:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-05 22:43:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-05 22:43:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-05 22:43:16 -------- d-----w- c:\progra~2\Malwarebytes
2010-11-05 15:33:49 -------- d-----w- c:\program files\SiteAdvisor
2010-11-05 14:02:55 -------- d-----w- c:\users\admini~1\appdata\roaming\ParetoLogic
2010-11-05 14:02:55 -------- d-----w- c:\users\admini~1\appdata\roaming\DriverCure
2010-11-05 14:02:18 -------- d-----w- c:\progra~2\SITEguard
2010-11-05 14:01:24 -------- d-----w- c:\program files\common files\iS3
2010-11-05 14:01:23 -------- d-----w- c:\progra~2\STOPzilla!
2010-11-05 14:00:39 -------- d-----w- c:\program files\common files\ParetoLogic
2010-11-05 14:00:37 -------- d-----w- c:\program files\ParetoLogic
2010-11-05 14:00:37 -------- d-----w- c:\progra~2\ParetoLogic
2010-11-05 13:35:20 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-11-05 13:35:20 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-11-05 13:35:20 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-11-05 13:35:20 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-11-05 13:35:19 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-11-05 13:35:18 -------- d-----w- c:\users\admini~1\appdata\roaming\Simply Super Software
2010-11-05 13:35:18 -------- d-----w- c:\program files\Trojan Remover
2010-11-05 13:35:18 -------- d-----w- c:\progra~2\Simply Super Software
2010-11-04 23:08:16 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-11-04 23:08:15 132608 ----a-w- c:\windows\system32\cabview.dll
2010-11-04 20:33:28 -------- d-----w- c:\users\admini~1\appdata\roaming\QuickScan
2010-11-04 20:27:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-04 20:27:38 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-11-04 20:18:39 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-04 20:15:00 -------- dc-h--w- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-11-04 20:14:57 -------- d-----w- c:\program files\Lavasoft
2010-11-04 17:09:59 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-11-04 17:07:20 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iKernel.dll
2010-11-04 17:07:20 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\ctor.dll
2010-11-04 17:07:20 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe
2010-11-04 17:07:20 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iscript.dll
2010-11-04 17:07:20 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iuser.dll
2010-11-04 17:07:19 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iGdi.dll
2010-11-04 17:07:18 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\setup.dll
2010-10-31 14:33:36 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-10-31 14:13:39 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2010-10-31 13:55:16 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-31 13:55:15 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-10-31 13:54:59 -------- d-----w- c:\progra~2\Hitman Pro
2010-10-30 23:25:43 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-10-30 23:25:39 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-10-30 23:24:40 38848 ----a-w- c:\windows\avastSS.scr
2010-10-30 23:24:34 -------- d-----w- c:\progra~2\Alwil Software
2010-10-30 23:09:23 -------- d-----w- c:\users\admini~1\appdata\roaming\BitDefender
2010-10-30 23:09:23 -------- d-----w- c:\program files\BitDefender
2010-10-30 23:09:23 -------- d-----w- c:\progra~2\BitDefender
2010-10-30 23:07:37 -------- d-----w- c:\program files\common files\BitDefender
2010-10-30 08:17:03 -------- d-----w- c:\windows\system32\appmgmt
2010-10-29 19:31:36 -------- d-----w- c:\program files\common files\PX Storage Engine
2010-10-29 19:31:21 -------- d-----w- c:\program files\common files\DivX Shared
2010-10-29 19:30:59 -------- d-----w- c:\program files\DivX
2010-10-29 19:30:34 -------- d-----w- c:\progra~2\DivX
2010-10-29 06:09:07 482408 ----a-w- c:\windows\ssndii.exe
2010-10-29 06:09:06 -------- d-----w- c:\windows\Samsung
2010-10-29 06:09:06 -------- d-----w- c:\program files\SamsungPrinterLiveUpdate
2010-10-29 06:09:01 19968 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\sst1cpc.dll
2010-10-28 22:41:06 -------- d-----w- c:\program files\PowerISO
2010-10-28 21:31:09 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-28 16:02:14 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-10-28 14:59:03 -------- d-----w- c:\users\admini~1\appdata\local\ElevatedDiagnostics
2010-10-26 19:12:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-26 19:12:18 411368 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-26 19:08:40 -------- d-----w- c:\users\admini~1\appdata\roaming\TeamViewer
2010-10-26 19:08:36 -------- d-----w- c:\program files\TeamViewer
2010-10-25 18:09:30 876824 ----a-w- c:\users\admini~1\appdata\roaming\DivXInstaller.exe
2010-10-24 19:39:30 -------- d-----w- c:\program files\Alcohol Soft
2010-10-24 19:27:03 -------- d-----w- c:\program files\common files\Steam
2010-10-23 14:50:34 -------- d-----w- c:\users\admini~1\appdata\local\Adobe
2010-10-23 14:45:33 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-23 14:45:27 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-23 14:45:11 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-23 14:45:00 -------- d-----w- c:\users\admini~1\appdata\local\PunkBuster
2010-10-22 15:53:08 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2010-10-22 15:53:07 -------- d-----w- c:\program files\AMD
2010-10-22 15:52:35 -------- d-----w- c:\users\admini~1\appdata\local\Downloaded Installations
2010-10-22 13:28:00 -------- d-----w- c:\users\admini~1\appdata\roaming\Xfire
2010-10-22 13:27:58 -------- d-----w- c:\progra~2\Xfire
2010-10-22 13:27:57 -------- d-----w- c:\program files\Xfire
2010-10-16 10:33:10 305152 ----a-w- c:\windows\IsUninst.exe
2010-10-15 11:52:26 -------- d-----w- c:\users\admini~1\appdata\local\Wizards_of_the_Coast
2010-10-08 13:29:20 -------- d-----w- c:\users\admini~1\appdata\roaming\TS3Client
2010-10-07 19:02:22 -------- d-----w- c:\users\admini~1\appdata\roaming\LolClient

==================== Find3M ====================

2010-10-13 21:28:54 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-10-05 22:31:04 93512 ----a-w- c:\windows\dxsdkuninst.exe
2010-10-05 22:22:54 0 ----a-w- c:\windows\ativpsrm.bin
2010-10-05 22:21:21 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-05 22:21:21 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-08-26 02:01:14 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-26 02:01:04 528384 ----a-w- c:\windows\system32\aticfx32.dll
2010-08-26 01:57:58 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-26 01:57:32 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-08-26 01:57:04 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-08-26 01:55:58 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-08-26 01:55:48 15830016 ----a-w- c:\windows\system32\atioglxx.dll
2010-08-26 01:55:42 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-08-26 01:55:32 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-08-26 01:55:26 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-08-26 01:55:18 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-08-26 01:52:22 3914240 ----a-w- c:\windows\system32\atidxx32.dll
2010-08-26 01:34:36 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-26 01:34:26 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-26 01:33:52 4032512 ----a-w- c:\windows\system32\atiumdag.dll
2010-08-26 01:33:08 4375552 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-26 01:27:56 65536 ----a-w- c:\windows\system32\coinst.dll
2010-08-26 01:25:58 3392000 ----a-w- c:\windows\system32\atiumdva.dll
2010-08-26 01:21:16 241664 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-26 01:21:06 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-08-26 01:21:00 19968 ----a-w- c:\windows\system32\atigktxx.dll
2010-08-26 01:20:08 30208 ----a-w- c:\windows\system32\atiuxpag.dll
2010-08-26 01:19:56 28160 ----a-w- c:\windows\system32\atiu9pag.dll
2010-08-26 01:13:16 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-26 01:13:16 52736 ----a-w- c:\windows\system32\amdpcom32.dll

============= FINISH: 12:13:26,91 ===============

 

mcafee deinstalled

my explorer.exe is infected and isn;t working and my desktop is gone

here is the report (i work with totalcommander to do the stuff now... little easier then cmd)

2010/11/06 19:42:35.0027 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43
2010/11/06 19:42:35.0027 ================================================================================
2010/11/06 19:42:35.0027 SystemInfo:
2010/11/06 19:42:35.0027
2010/11/06 19:42:35.0027 OS Version: 6.1.7600 ServicePack: 0.0
2010/11/06 19:42:35.0027 Product type: Workstation
2010/11/06 19:42:35.0027 ComputerName: KRIS-PC
2010/11/06 19:42:35.0028 UserName: Administrator
2010/11/06 19:42:35.0028 Windows directory: C:\Windows
2010/11/06 19:42:35.0028 System windows directory: C:\Windows
2010/11/06 19:42:35.0028 Processor architecture: Intel x86
2010/11/06 19:42:35.0028 Number of processors: 2
2010/11/06 19:42:35.0028 Page size: 0x1000
2010/11/06 19:42:35.0028 Boot type: Normal boot
2010/11/06 19:42:35.0028 ================================================================================
2010/11/06 19:42:42.0813 Initialize success
2010/11/06 19:42:53.0547 ================================================================================
2010/11/06 19:42:53.0547 Scan started
2010/11/06 19:42:53.0547 Mode: Manual;
2010/11/06 19:42:53.0547 ================================================================================
2010/11/06 19:42:56.0203 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/11/06 19:42:56.0329 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/11/06 19:42:56.0452 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/11/06 19:42:56.0571 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/11/06 19:42:56.0715 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/11/06 19:42:56.0839 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/11/06 19:42:56.0986 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/11/06 19:42:57.0106 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/11/06 19:42:57.0231 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/11/06 19:42:57.0358 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/11/06 19:42:57.0474 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/11/06 19:42:57.0590 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/11/06 19:42:57.0714 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/11/06 19:42:57.0939 amdkmdag (da3cf5b94ad09290896e2b73df6d4173) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/06 19:42:58.0217 amdkmdap (46a3f55772fd2d1526994693ae352579) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/11/06 19:42:58.0328 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
2010/11/06 19:42:58.0445 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/11/06 19:42:58.0554 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/11/06 19:42:58.0672 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/11/06 19:42:58.0779 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/11/06 19:42:58.0878 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/11/06 19:42:59.0006 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/11/06 19:42:59.0133 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/11/06 19:42:59.0240 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2010/11/06 19:42:59.0353 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2010/11/06 19:42:59.0466 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2010/11/06 19:42:59.0579 aswSnx (81f10376af5f0f466f03cb2c5321b7ed) C:\Windows\system32\drivers\aswSnx.sys
2010/11/06 19:42:59.0696 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2010/11/06 19:42:59.0805 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2010/11/06 19:42:59.0921 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/06 19:43:00.0031 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/11/06 19:43:00.0300 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/11/06 19:43:00.0427 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/11/06 19:43:00.0553 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/11/06 19:43:00.0696 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/11/06 19:43:00.0810 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/06 19:43:00.0931 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/11/06 19:43:01.0047 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/11/06 19:43:01.0175 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/11/06 19:43:01.0292 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/11/06 19:43:01.0401 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/11/06 19:43:01.0510 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/11/06 19:43:01.0636 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/11/06 19:43:01.0777 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/06 19:43:01.0896 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/06 19:43:02.0039 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/11/06 19:43:02.0131 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/11/06 19:43:02.0249 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/06 19:43:02.0356 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/11/06 19:43:02.0478 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/11/06 19:43:02.0599 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/06 19:43:02.0717 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/11/06 19:43:02.0830 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/11/06 19:43:02.0964 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/11/06 19:43:03.0100 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/11/06 19:43:03.0321 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/11/06 19:43:03.0432 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/11/06 19:43:03.0550 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/11/06 19:43:03.0683 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/06 19:43:03.0971 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/11/06 19:43:04.0166 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/11/06 19:43:04.0287 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/11/06 19:43:04.0411 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/11/06 19:43:04.0522 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/11/06 19:43:04.0640 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/06 19:43:04.0765 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/11/06 19:43:04.0882 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/11/06 19:43:05.0000 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/06 19:43:05.0118 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/11/06 19:43:05.0248 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/11/06 19:43:05.0358 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/06 19:43:05.0482 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2010/11/06 19:43:05.0593 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/11/06 19:43:05.0709 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/11/06 19:43:05.0819 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/11/06 19:43:05.0941 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/06 19:43:06.0056 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/11/06 19:43:06.0166 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/11/06 19:43:06.0278 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/11/06 19:43:06.0391 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/06 19:43:06.0529 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/11/06 19:43:06.0671 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/11/06 19:43:06.0799 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/11/06 19:43:06.0916 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/06 19:43:07.0040 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/11/06 19:43:07.0150 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/11/06 19:43:07.0271 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/11/06 19:43:07.0396 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/06 19:43:07.0513 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/06 19:43:07.0631 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/11/06 19:43:07.0750 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/11/06 19:43:07.0886 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
2010/11/06 19:43:08.0000 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/11/06 19:43:08.0107 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
2010/11/06 19:43:08.0230 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/11/06 19:43:08.0338 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/06 19:43:08.0465 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/06 19:43:08.0578 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/06 19:43:08.0704 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/06 19:43:08.0821 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2010/11/06 19:43:08.0978 LHidFilt (b68309f25c5787385da842eb5b496958) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/11/06 19:43:09.0099 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/06 19:43:09.0212 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/11/06 19:43:09.0311 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/11/06 19:43:09.0428 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/11/06 19:43:09.0541 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/11/06 19:43:09.0664 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/11/06 19:43:09.0783 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/11/06 19:43:09.0889 LUsbFilt (0c62957912d4df1e4ba9795e6be3ed38) C:\Windows\system32\Drivers\LUsbFilt.Sys
2010/11/06 19:43:10.0006 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/11/06 19:43:10.0120 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/11/06 19:43:10.0237 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/11/06 19:43:10.0344 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/06 19:43:10.0453 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/06 19:43:10.0551 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/06 19:43:10.0660 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/11/06 19:43:10.0776 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/11/06 19:43:10.0887 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/06 19:43:10.0993 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/11/06 19:43:11.0105 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/06 19:43:11.0214 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/06 19:43:11.0338 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/06 19:43:11.0443 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/11/06 19:43:11.0552 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/11/06 19:43:11.0673 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/11/06 19:43:11.0784 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/11/06 19:43:11.0871 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/11/06 19:43:11.0971 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/06 19:43:12.0075 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/06 19:43:12.0176 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/11/06 19:43:12.0279 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/11/06 19:43:12.0400 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/06 19:43:12.0532 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/11/06 19:43:12.0643 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/11/06 19:43:12.0751 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/11/06 19:43:12.0870 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/06 19:43:13.0008 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/11/06 19:43:13.0148 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/11/06 19:43:13.0257 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/06 19:43:13.0374 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/06 19:43:13.0482 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/06 19:43:13.0606 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/11/06 19:43:13.0741 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/06 19:43:13.0862 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/06 19:43:14.0007 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/11/06 19:43:14.0128 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/11/06 19:43:14.0241 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/06 19:43:14.0377 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/11/06 19:43:14.0509 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/11/06 19:43:14.0615 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/11/06 19:43:14.0712 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/11/06 19:43:14.0839 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/11/06 19:43:14.0929 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/06 19:43:15.0069 P17 (2f09b7b4a9fb1f998bd9ecfc468a80a2) C:\Windows\system32\drivers\P17.sys
2010/11/06 19:43:15.0195 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/11/06 19:43:15.0303 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/11/06 19:43:15.0423 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/11/06 19:43:15.0536 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/11/06 19:43:15.0652 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/11/06 19:43:15.0773 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/11/06 19:43:15.0899 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/11/06 19:43:16.0025 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/11/06 19:43:16.0552 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/06 19:43:16.0658 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/11/06 19:43:16.0766 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/06 19:43:16.0889 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/11/06 19:43:17.0036 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/11/06 19:43:17.0134 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/06 19:43:17.0225 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/06 19:43:17.0328 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/11/06 19:43:17.0425 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/06 19:43:17.0522 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/06 19:43:17.0643 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/06 19:43:17.0753 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/06 19:43:17.0854 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/11/06 19:43:17.0968 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/06 19:43:18.0100 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/11/06 19:43:18.0208 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/06 19:43:18.0322 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/11/06 19:43:18.0435 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/11/06 19:43:18.0548 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/11/06 19:43:18.0719 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys
2010/11/06 19:43:18.0840 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/06 19:43:18.0955 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
2010/11/06 19:43:19.0049 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/11/06 19:43:19.0143 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/11/06 19:43:19.0262 SCDEmu (e9bbd87afd80dc1212ecd762858b45c7) C:\Windows\system32\drivers\SCDEmu.sys
2010/11/06 19:43:19.0361 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/11/06 19:43:19.0474 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/06 19:43:19.0581 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/06 19:43:19.0688 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/11/06 19:43:19.0787 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/11/06 19:43:19.0895 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/11/06 19:43:19.0987 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/11/06 19:43:20.0080 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/11/06 19:43:20.0171 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/11/06 19:43:20.0283 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/11/06 19:43:20.0384 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/11/06 19:43:20.0475 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/11/06 19:43:20.0586 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/11/06 19:43:20.0731 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/11/06 19:43:20.0873 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
2010/11/06 19:43:20.0873 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2010/11/06 19:43:20.0879 sptd - detected Locked file (1)
2010/11/06 19:43:21.0214 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
2010/11/06 19:43:21.0336 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/06 19:43:21.0457 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/06 19:43:21.0615 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
2010/11/06 19:43:21.0748 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/11/06 19:43:21.0860 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/11/06 19:43:21.0968 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/11/06 19:43:22.0076 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/06 19:43:22.0233 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2010/11/06 19:43:22.0400 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/06 19:43:22.0527 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/06 19:43:22.0660 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/11/06 19:43:22.0769 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/11/06 19:43:22.0864 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/06 19:43:23.0050 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/06 19:43:23.0357 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/06 19:43:23.0626 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/06 19:43:23.0952 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/11/06 19:43:24.0240 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/06 19:43:24.0548 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/11/06 19:43:24.0814 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/06 19:43:25.0045 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/11/06 19:43:25.0458 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2010/11/06 19:43:25.0688 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/06 19:43:26.0059 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/11/06 19:43:26.0459 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/06 19:43:26.0653 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/06 19:43:26.0917 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/06 19:43:27.0218 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/06 19:43:27.0488 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/06 19:43:27.0705 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/06 19:43:27.0965 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/11/06 19:43:28.0073 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/06 19:43:28.0212 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/11/06 19:43:28.0463 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/11/06 19:43:28.0572 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/11/06 19:43:28.0856 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/11/06 19:43:29.0112 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/11/06 19:43:29.0290 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/11/06 19:43:29.0525 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/11/06 19:43:29.0984 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/11/06 19:43:30.0313 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/11/06 19:43:30.0653 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/11/06 19:43:31.0086 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/11/06 19:43:31.0500 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/11/06 19:43:31.0890 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/11/06 19:43:32.0264 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/06 19:43:32.0314 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/06 19:43:32.0525 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/11/06 19:43:33.0021 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/06 19:43:33.0276 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/11/06 19:43:33.0541 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/11/06 19:43:33.0950 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/06 19:43:34.0331 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/06 19:43:34.0573 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/11/06 19:43:35.0011 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/06 19:43:35.0111 ================================================================================
2010/11/06 19:43:35.0111 Scan finished
2010/11/06 19:43:35.0111 ================================================================================
2010/11/06 19:43:35.0125 Detected object count: 1
2010/11/06 19:43:43.0077 Locked file(sptd) - User select action: Skip

 

ComboFix 10-11-07.01 - Administrator 06-11-2010 23:10:36.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1033.18.3263.980 [GMT 1:00]
Gestart vanuit: c:\users\Administrator\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Data

Besmet exemplaar van c:\windows\explorer.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\SoftwareDistribution\Download\b23c9e49177e4877c3c32ef3b38f35ad\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

Besmet exemplaar van c:\windows\System32\wininit.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

Besmet exemplaar van c:\windows\explorer.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\SoftwareDistribution\Download\b23c9e49177e4877c3c32ef3b38f35ad\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-10-06 to 2010-11-06 ))))))))))))))))))))))))))))))
.

2010-11-06 22:17 . 2010-11-06 22:17 -------- d-----w- c:\users\kris\AppData\Local\temp
2010-11-06 22:17 . 2010-11-06 22:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-06 22:17 . 2010-11-06 22:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-11-06 18:40 . 2010-11-06 18:40 -------- d-----w- c:\users\Administrator\AppData\Local\GHISLER
2010-11-06 18:34 . 2010-07-07 06:55 545 ----a-w- c:\windows\UC.PIF
2010-11-06 18:34 . 2010-07-07 06:55 545 ----a-w- c:\windows\RAR.PIF
2010-11-06 18:34 . 2010-07-07 06:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-11-06 18:34 . 2010-07-07 06:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-11-06 18:34 . 2010-07-07 06:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-11-06 18:34 . 2010-07-07 06:55 545 ----a-w- c:\windows\LHA.PIF
2010-11-06 18:34 . 2010-07-07 06:55 545 ----a-w- c:\windows\ARJ.PIF
2010-11-06 18:34 . 2010-11-06 18:34 -------- d-----w- C:\totalcmd
2010-11-06 18:34 . 2010-11-06 18:34 -------- d-----w- c:\users\Administrator\AppData\Roaming\GHISLER
2010-11-06 02:12 . 2010-11-06 02:12 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-11-06 02:09 . 2010-11-06 02:09 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-11-06 02:02 . 2010-11-06 02:02 -------- d-----w- c:\program files\MSXML 4.0
2010-11-06 01:10 . 2010-11-04 10:16 295424 ----a-w- C:\gmer.exe
2010-11-05 22:43 . 2010-11-05 22:43 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-11-05 22:43 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-05 22:43 . 2010-11-05 22:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-05 22:43 . 2010-11-05 22:43 -------- d-----w- c:\programdata\Malwarebytes
2010-11-05 22:43 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-05 15:32 . 2010-10-13 21:28 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-11-05 14:02 . 2010-11-05 14:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\ParetoLogic
2010-11-05 14:02 . 2010-11-05 14:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\DriverCure
2010-11-05 14:02 . 2010-11-05 14:02 -------- d-----w- c:\programdata\SITEguard
2010-11-05 14:01 . 2010-11-05 14:01 -------- d-----w- c:\program files\Common Files\iS3
2010-11-05 14:01 . 2010-11-05 15:02 -------- d-----w- c:\programdata\STOPzilla!
2010-11-05 14:00 . 2010-11-05 14:00 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-11-05 14:00 . 2010-11-05 14:00 -------- d-----w- c:\programdata\ParetoLogic
2010-11-05 14:00 . 2010-11-05 14:00 -------- d-----w- c:\program files\ParetoLogic
2010-11-05 13:35 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-11-05 13:35 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-11-05 13:35 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-11-05 13:35 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-11-05 13:35 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-11-05 13:35 . 2010-11-05 13:35 -------- d-----w- c:\program files\Trojan Remover
2010-11-05 13:35 . 2010-11-05 13:35 -------- d-----w- c:\users\Administrator\AppData\Roaming\Simply Super Software
2010-11-05 13:35 . 2010-11-05 13:35 -------- d-----w- c:\programdata\Simply Super Software
2010-11-04 23:08 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-11-04 23:08 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-11-04 20:33 . 2010-11-04 20:33 -------- d-----w- c:\users\Administrator\AppData\Roaming\QuickScan
2010-11-04 20:27 . 2010-11-05 15:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-11-04 20:27 . 2010-11-04 20:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-04 20:18 . 2009-01-18 21:35 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-04 20:15 . 2010-11-04 20:15 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-11-04 20:14 . 2010-11-04 20:15 -------- d-----w- c:\programdata\Lavasoft
2010-11-04 20:14 . 2010-11-04 20:14 -------- d-----w- c:\program files\Lavasoft
2010-11-04 17:09 . 2007-04-04 17:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-11-04 17:07 . 2004-07-15 23:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2010-11-04 17:07 . 2004-07-15 23:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2010-11-04 17:07 . 2004-07-15 23:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2010-11-04 17:07 . 2004-07-15 23:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2010-11-04 17:07 . 2004-07-15 23:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2010-11-04 17:07 . 2010-11-04 17:07 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2010-11-04 17:07 . 2010-11-04 17:07 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2010-10-31 14:33 . 2010-10-31 14:33 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-10-31 14:13 . 2009-10-19 16:59 47104 ----a-w- c:\program files\Mozilla Firefox\components\FFComm.dll
2010-10-31 13:55 . 2010-11-04 15:47 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-31 13:55 . 2010-11-05 16:15 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-10-31 13:54 . 2010-10-31 14:33 -------- d-----w- c:\programdata\Hitman Pro
2010-10-30 23:25 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-30 23:25 . 2010-09-07 14:53 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-10-30 23:25 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-30 23:25 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-30 23:25 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-30 23:25 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-10-30 23:24 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-30 23:24 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-30 23:24 . 2010-10-30 23:24 -------- d-----w- c:\programdata\Alwil Software
2010-10-30 23:24 . 2010-10-30 23:24 -------- d-----w- c:\program files\Alwil Software
2010-10-30 23:09 . 2010-11-05 13:30 -------- d-----w- c:\programdata\BitDefender
2010-10-30 23:09 . 2010-10-30 23:10 -------- d-----w- c:\users\Administrator\AppData\Roaming\BitDefender
2010-10-30 23:09 . 2010-10-30 23:09 -------- d-----w- c:\program files\BitDefender
2010-10-30 23:07 . 2010-11-05 13:30 -------- d-----w- c:\program files\Common Files\BitDefender
2010-10-29 19:31 . 2010-10-29 19:32 -------- d-----w- c:\users\Administrator\AppData\Roaming\DivX
2010-10-29 19:31 . 2010-10-29 19:31 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-10-29 19:31 . 2010-10-29 19:31 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-10-29 19:30 . 2010-10-29 19:32 -------- d-----w- c:\program files\DivX
2010-10-29 19:30 . 2010-10-29 19:32 -------- d-----w- c:\programdata\DivX
2010-10-29 06:09 . 2009-09-22 00:30 482408 ----a-w- c:\windows\ssndii.exe
2010-10-29 06:09 . 2010-10-29 06:09 -------- d-----w- c:\windows\Samsung
2010-10-29 06:09 . 2007-08-14 17:00 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sst1cpc.dll
2010-10-28 22:41 . 2010-10-28 22:41 -------- d-----w- c:\program files\PowerISO
2010-10-28 21:31 . 2010-10-30 10:11 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-28 16:02 . 2010-10-28 16:02 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-10-28 14:59 . 2010-10-28 15:00 -------- d-----w- c:\users\Administrator\AppData\Local\ElevatedDiagnostics
2010-10-26 19:14 . 2010-10-26 19:14 -------- d-----w- c:\windows\Sun
2010-10-26 19:12 . 2010-10-26 19:12 -------- d-----w- c:\program files\Common Files\Java
2010-10-26 19:12 . 2010-10-26 19:12 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-26 19:12 . 2010-10-26 19:12 411368 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-26 19:12 . 2010-10-26 19:12 -------- d-----w- c:\program files\Java
2010-10-26 19:08 . 2010-10-28 17:45 -------- d-----w- c:\users\Administrator\AppData\Roaming\TeamViewer
2010-10-26 19:08 . 2010-10-26 19:08 -------- d-----w- c:\program files\TeamViewer
2010-10-24 19:39 . 2010-10-24 19:39 -------- d-----w- c:\program files\Alcohol Soft
2010-10-24 19:27 . 2010-10-24 19:27 -------- d-----w- c:\program files\Common Files\Steam
2010-10-23 14:51 . 2010-10-23 14:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-23 14:50 . 2010-10-23 15:07 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe
2010-10-23 14:45 . 2010-10-30 10:11 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-23 14:45 . 2010-10-30 10:11 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-23 14:45 . 2010-10-26 15:36 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-23 14:45 . 2010-10-30 10:11 -------- d-----w- c:\users\Administrator\AppData\Local\PunkBuster
2010-10-22 15:53 . 2007-06-29 12:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2010-10-22 15:53 . 2010-10-22 15:53 -------- d-----w- c:\program files\AMD
2010-10-22 15:52 . 2010-10-22 15:52 -------- d-----w- c:\users\Administrator\AppData\Local\Downloaded Installations
2010-10-22 13:28 . 2010-11-06 11:52 -------- d-----w- c:\users\Administrator\AppData\Roaming\Xfire
2010-10-22 13:27 . 2010-10-29 00:27 -------- d-----w- c:\programdata\Xfire
2010-10-22 13:27 . 2010-10-22 13:28 -------- d-----w- c:\program files\Xfire
2010-10-17 15:46 . 2010-10-17 15:46 -------- d-----w- c:\users\Administrator\AppData\Roaming\dvdcss
2010-10-16 10:33 . 1999-10-09 15:30 305152 ----a-w- c:\windows\IsUninst.exe
2010-10-15 11:52 . 2010-10-15 20:15 -------- d-----w- c:\users\Administrator\AppData\Local\Wizards_of_the_Coast
2010-10-08 13:29 . 2010-10-23 12:59 -------- d-----w- c:\users\Administrator\AppData\Roaming\TS3Client

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 22:50 . 2010-10-05 22:50 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-10-05 22:31 . 2010-10-05 22:31 93512 ----a-w- c:\windows\dxsdkuninst.exe
2010-10-05 22:21 . 2010-10-05 22:21 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-05 22:21 . 2010-10-05 22:21 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-10-05 22:10 . 2010-10-05 22:10 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-16 08:24 . 2010-10-05 22:01 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98A96EE1-85AC-4C7F-8C34-E465DB5712CF}\mpengine.dll
2010-08-26 03:36 . 2010-08-26 03:36 6380032 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-08-26 02:01 . 2010-08-26 02:01 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-26 02:01 . 2010-08-26 02:01 528384 ----a-w- c:\windows\system32\aticfx32.dll
2010-08-26 01:57 . 2010-08-26 01:57 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-26 01:57 . 2010-08-26 01:57 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-08-26 01:57 . 2010-08-26 01:57 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-08-26 01:55 . 2010-08-26 01:55 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-08-26 01:55 . 2010-08-26 01:55 15830016 ----a-w- c:\windows\system32\atioglxx.dll
2010-08-26 01:55 . 2010-08-26 01:55 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-08-26 01:55 . 2010-08-26 01:55 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-08-26 01:55 . 2010-08-26 01:55 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-08-26 01:55 . 2010-08-26 01:55 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-08-26 01:52 . 2010-08-26 01:52 3914240 ----a-w- c:\windows\system32\atidxx32.dll
2010-08-26 01:34 . 2010-08-26 01:34 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-26 01:34 . 2010-08-26 01:34 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-26 01:33 . 2010-08-26 01:33 4032512 ----a-w- c:\windows\system32\atiumdag.dll
2010-08-26 01:33 . 2010-08-26 01:33 4375552 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-26 01:27 . 2010-08-26 01:27 65536 ----a-w- c:\windows\system32\coinst.dll
2010-08-26 01:25 . 2010-08-26 01:25 3392000 ----a-w- c:\windows\system32\atiumdva.dll
2010-08-26 01:21 . 2010-08-26 01:21 241664 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-26 01:21 . 2010-08-26 01:21 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-08-26 01:21 . 2010-08-26 01:21 19968 ----a-w- c:\windows\system32\atigktxx.dll
2010-08-26 01:20 . 2010-08-26 01:20 221696 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-08-26 01:20 . 2010-08-26 01:20 30208 ----a-w- c:\windows\system32\atiuxpag.dll
2010-08-26 01:19 . 2010-08-26 01:19 28160 ----a-w- c:\windows\system32\atiu9pag.dll
2010-08-26 01:19 . 2010-08-26 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-08-26 01:13 . 2010-08-26 01:13 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-26 01:13 . 2010-08-26 01:13 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2009-10-19 16:59 . 2010-10-31 14:13 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@= "{C5994560-53D9-4125-87C9-F193FC689CB2} "
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@= "{C5994561-53D9-4125-87C9-F193FC689CB2} "
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@= "{C5994562-53D9-4125-87C9-F193FC689CB2} "
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@= "{C5994563-53D9-4125-87C9-F193FC689CB2} "
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@= "{C5994564-53D9-4125-87C9-F193FC689CB2} "
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@= "{C5994565-53D9-4125-87C9-F193FC689CB2} "
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@= "{C5994566-53D9-4125-87C9-F193FC689CB2} "
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@= "{C5994567-53D9-4125-87C9-F193FC689CB2} "
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@= "{C5994568-53D9-4125-87C9-F193FC689CB2} "
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-04-23 16:50 66312 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@= "{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} "
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-09-07 15:14 152160 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam "= "d:\steam\Steam.exe" [2010-10-24 1242448]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-10-05 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TortoiseHgOverlayIconServer "= "c:\program files\TortoiseHg\TortoiseHgOverlayServer.exe" [2010-10-02 44448]
"amd_dc_opt "= "c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PWRISOVM.EXE "= "c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"Samsung PanelMgr "= "c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-12-09 606208]
"avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264} "= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2 "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-05 79360]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-05 721904]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-26 6380032]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-26 221696]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Inhoud van de 'Gedeelde Taken' map

2010-11-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]

2010-11-06 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]

2010-11-05 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]

2010-11-05 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]

2010-11-05 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZKfox000&ptb=ZtjA3NpK7qWbAEGGZIntog
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0feu3q59.default\
FF - prefs.js: browser.startup.homepage - hxxp://nl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nlfficial
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff2.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.6.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.dll
FF - component: c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0feu3q59.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0feu3q59.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0feu3q59.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{851552F5-B878-4B03-904F-2AD6A4CC8994} - (no file)
AddRemove-HitmanPro35 - c:\program files\Hitman Pro 3.5\HitmanPro35.exe
AddRemove-Silkroad - e:\silkroad\Remove.Exe



[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MySQL]
"ImagePath "= "\ "c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\ "c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL "
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,c1,6f,0e,1b,eb,e0,44,81,75,36,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,c1,6f,0e,1b,eb,e0,44,81,75,36,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,c1,6f,0e,1b,eb,e0,44,81,75,36,\

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.3G2 "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.3GP "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.3G2 "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.3GP "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.ADTS "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.ADTS "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.ADTS "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.AIFF "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.AIFF "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.AIFF "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.ASF "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.ASX "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.AU "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "divx_avi_file "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.CDA "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "Applications\\WORDPAD.EXE "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "divx_div_file "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "divx_divx_file "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "FirefoxHTML "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "FirefoxHTML "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.M2TS "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.M2TS "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.m3u "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.M4A "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MP4 "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MIDI "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MIDI "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "divx_mkv_file "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MOV "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MP3 "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MP3 "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MP4 "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MP4 "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MPEG "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.M2TS "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "Applications\\wordpad.exe "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "divx_qt_file "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.MIDI "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "FirefoxHTML "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sln\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "Applications\\VCExpress.exe "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.AU "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "Applications\\firefox.exe "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "divx_tix_file "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.TTS "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.TTS "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WAV "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WAX "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.ASF "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WMA "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WMD "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WMS "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "VLC.wmv "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.ASX "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WMZ "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WPL "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "WMP11.AssocFile.WVX "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "FirefoxHTML "

[HKEY_USERS\S-1-5-21-1133841503-1957408-3000437827-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid "= "FirefoxHTML "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(1252)
c:\program files\Xfire\xfire_toucan_43094.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseHg\ThgShellx86.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Voltooingstijd: 2010-11-06 23:24:55 - machine werd herstart
ComboFix-quarantined-files.txt 2010-11-06 22:24

Pre-Run: 8.170.127.360 bytes free
Post-Run: 7.984.508.928 bytes free

- - End Of File - - 21C18FD3A4AE2A50062A6BF96B3F6F66

 

yeah i am

 

OTL log

OTL logfile created on: 7-11-2010 10:24:30 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31,90 Gb Total Space | 7,06 Gb Free Space | 22,13% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 33,64 Gb Free Space | 22,57% Space Free | Partition Type: NTFS
Drive E: | 117,05 Gb Total Space | 30,31 Gb Free Space | 25,89% Space Free | Partition Type: NTFS

Computer Name: KRIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-11-07 10:23:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2010-10-24 20:28:44 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\steam\Steam.exe
PRC - [2010-10-19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010-10-02 14:32:22 | 000,044,448 | ---- | M] () -- C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
PRC - [2010-09-07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010-08-26 02:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010-08-26 02:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010-07-09 20:00:26 | 003,493,776 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
PRC - [2009-12-09 14:49:38 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009-10-31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-07-14 02:14:41 | 000,325,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slui.exe
PRC - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009-01-18 22:34:48 | 000,506,712 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009-01-18 22:34:37 | 000,921,936 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008-11-18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008-03-15 00:50:59 | 000,233,472 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE


========== Modules (SafeList) ==========

MOD - [2010-11-07 10:23:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010-07-09 20:00:34 | 000,970,640 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire_toucan_43094.dll
MOD - [2009-07-14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll
MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-11-07 03:01:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-10-19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010-10-05 23:21:07 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-09-07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-08-26 02:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010-05-06 10:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009-07-16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009-01-18 22:34:37 | 000,921,936 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008-11-18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010-10-05 23:10:55 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-09-07 15:53:58 | 000,340,048 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010-09-07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-09-07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-09-07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-09-07 15:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010-09-07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010-08-26 04:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010-08-26 02:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010-03-18 10:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010-03-18 10:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010-03-18 10:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009-12-11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009-07-14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009-07-13 23:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009-04-21 12:58:06 | 001,147,392 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2008-07-10 01:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008-03-14 07:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008-01-19 05:55:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007-08-13 19:51:12 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007-06-29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZKfox000&ptb=ZtjA3NpK7qWbAEGGZIntog
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 8E AD A1 32 6E CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo-FlvTube "
FF - prefs.js..browser.search.defaultenginename: "Yahoo-FlvTube "
FF - prefs.js..browser.search.order.1: "Yahoo-FlvTube "
FF - prefs.js..browser.search.selectedEngineURL: "http://www.google.com/search?&q= "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://nl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nlfficial "
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: btpersonas@brandthunder.com:1.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.50
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://www.google.com/search?&q= "

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010-11-05 15:28:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-11-06 14:12:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-11-04 17:00:55 | 000,000,000 | ---D | M]

[2010-10-05 22:58:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2010-11-06 12:10:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0feu3q59.default\extensions
[2010-10-13 00:23:47 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0feu3q59.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010-11-04 21:33:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0feu3q59.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010-10-30 14:43:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0feu3q59.default\extensions\btpersonas@brandthunder.com
[2010-10-05 23:46:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0feu3q59.default\extensions\DeviceDetection@logitech.com
[2010-11-06 12:10:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-10-26 20:12:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009-10-19 17:59:44 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2010-10-26 20:12:06 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010-11-06 23:18:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [TortoiseHgOverlayIconServer] C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe ()
O4 - HKCU..\Run: [Steam] D:\steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2010-11-07 10:23:33 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010-11-07 03:25:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010-11-06 23:19:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010-11-06 23:17:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2010-11-06 23:09:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010-11-06 23:09:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010-11-06 23:09:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010-11-06 23:09:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010-11-06 23:08:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-11-06 23:08:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010-11-06 19:52:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Games
[2010-11-06 19:40:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\GHISLER
[2010-11-06 19:34:29 | 000,000,000 | ---D | C] -- C:\totalcmd
[2010-11-06 19:34:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\GHISLER
[2010-11-06 19:32:42 | 001,329,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe
[2010-11-06 03:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2010-11-06 03:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010-11-06 03:02:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010-11-06 01:50:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010-11-05 23:43:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2010-11-05 23:43:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-11-05 23:43:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-11-05 23:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-11-05 23:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-11-05 23:42:52 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup.exe
[2010-11-05 16:32:42 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2010-11-05 15:02:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ParetoLogic
[2010-11-05 15:02:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DriverCure
[2010-11-05 15:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010-11-05 15:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010-11-05 15:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010-11-05 15:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010-11-05 15:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2010-11-05 15:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010-11-05 14:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010-11-05 14:53:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Simply Super Software
[2010-11-05 14:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010-11-05 14:35:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Simply Super Software
[2010-11-05 14:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010-11-04 21:33:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\QuickScan
[2010-11-04 21:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010-11-04 21:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010-11-04 21:15:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
[2010-11-04 21:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010-11-04 21:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010-11-04 18:58:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Alpha Protocol
[2010-11-04 18:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2010-11-04 18:10:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2010-11-04 18:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010-10-31 15:33:36 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010-10-31 14:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010-10-31 14:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010-10-31 00:25:44 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010-10-31 00:25:43 | 000,340,048 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2010-10-31 00:25:43 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010-10-31 00:25:43 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010-10-31 00:25:42 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010-10-31 00:25:39 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010-10-31 00:24:40 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010-10-31 00:24:39 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010-10-31 00:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010-10-31 00:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010-10-31 00:09:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\BitDefender
[2010-10-31 00:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010-10-31 00:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2010-10-31 00:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2010-10-30 23:37:49 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010-10-30 09:17:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010-10-29 20:31:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DivX
[2010-10-29 20:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010-10-29 20:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010-10-29 20:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010-10-29 20:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010-10-29 07:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungPrinterLiveUpdate
[2010-10-29 07:09:06 | 000,000,000 | ---D | C] -- C:\Windows\Samsung
[2010-10-29 07:08:55 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssdevm.dll
[2010-10-29 07:08:55 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssusbpn.dll
[2010-10-29 07:08:53 | 000,151,552 | ---- | C] (SS) -- C:\Windows\System32\sst1cci.exe
[2010-10-29 07:08:53 | 000,065,536 | ---- | C] (SS) -- C:\Windows\System32\sst1cci.dll
[2010-10-29 07:08:29 | 000,005,120 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\drivers\SSPORT.SYS
[2010-10-29 07:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010-10-29 07:08:24 | 000,000,000 | ---D | C] -- C:\Temp
[2010-10-28 23:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010-10-28 17:03:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010-10-28 17:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010-10-28 17:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010-10-28 15:59:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
[2010-10-27 21:28:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\lol
[2010-10-26 20:14:12 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010-10-26 20:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010-10-26 20:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-10-26 20:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010-10-26 20:08:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2010-10-26 20:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010-10-25 19:09:30 | 000,876,824 | ---- | C] (DivX, Inc. ) -- C:\Users\Administrator\AppData\Roaming\DivXInstaller.exe
[2010-10-24 20:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2010-10-24 20:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2010-10-23 15:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010-10-23 15:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010-10-23 15:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010-10-23 15:50:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2010-10-23 15:45:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\PunkBuster
[2010-10-22 16:53:08 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\Windows\System32\drivers\AmdLLD.sys
[2010-10-22 16:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2010-10-22 16:52:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Downloaded Installations
[2010-10-22 14:28:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Xfire
[2010-10-22 14:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2010-10-22 14:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2010-10-17 16:46:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\dvdcss
[2010-10-15 12:54:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\ddi
[2010-10-15 12:52:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Wizards_of_the_Coast
[2010-10-08 14:29:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TS3Client

========== Files - Modified Within 30 Days ==========

[2010-11-07 10:23:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010-11-07 09:28:11 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-11-07 09:28:11 | 000,018,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-11-07 03:27:18 | 000,398,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-11-07 03:27:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-11-07 03:26:49 | 2566,365,184 | -HS- | M] () -- C:\hiberfil.sys
[2010-11-06 23:26:10 | 000,364,032 | ---- | M] () -- C:\Users\Administrator\Desktop\rkill.exe
[2010-11-06 23:18:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010-11-06 23:06:58 | 003,903,886 | R--- | M] () -- C:\Users\Administrator\Desktop\ComboFix.exe
[2010-11-06 19:51:43 | 000,000,558 | ---- | M] () -- C:\Users\Public\Desktop\Fable - The Lost Chapters.lnk
[2010-11-06 19:34:33 | 000,000,632 | ---- | M] () -- C:\Users\Public\Desktop\Total Commander.lnk
[2010-11-06 18:00:00 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2010-11-06 02:15:31 | 195,392,385 | ---- | M] () -- C:\Users\Administrator\Desktop.rar
[2010-11-05 23:45:19 | 000,629,248 | ---- | M] () -- C:\Users\Administrator\Desktop\dds.scr
[2010-11-05 23:44:59 | 000,080,384 | ---- | M] () -- C:\Users\Administrator\Desktop\MBRCheck.exe
[2010-11-05 23:44:31 | 000,295,424 | ---- | M] () -- C:\Users\Administrator\Desktop\7oeb8wvc.exe
[2010-11-05 23:43:20 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-11-05 23:42:53 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup.exe
[2010-11-05 21:15:49 | 000,088,576 | ---- | M] () -- C:\Windows\MBR.exe
[2010-11-05 15:58:48 | 000,000,112 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2010-11-05 15:52:50 | 000,002,424 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010-11-05 15:35:21 | 000,672,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-11-05 15:35:21 | 000,127,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-11-05 15:29:19 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2010-11-05 15:29:19 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2010-11-05 15:29:19 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2010-11-05 15:03:50 | 000,090,112 | -H-- | M] () -- C:\SZKGFS.dat
[2010-11-05 15:01:04 | 000,001,063 | ---- | M] () -- C:\Users\Administrator\Desktop\ParetoLogic PC Health Advisor.lnk
[2010-11-05 14:35:24 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010-11-05 03:17:44 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010-11-05 00:15:38 | 000,987,039 | ---- | M] () -- C:\Users\Administrator\Desktop\Kringloop van gesteente.pptx
[2010-11-04 21:27:46 | 000,001,236 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010-11-04 21:27:46 | 000,001,212 | ---- | M] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010-11-04 21:14:59 | 000,001,134 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010-11-04 21:14:59 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010-11-04 17:01:01 | 000,001,905 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010-11-04 17:01:01 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010-11-04 16:47:33 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010-11-04 16:04:04 | 000,278,040 | ---- | M] () -- C:\Users\Administrator\Desktop\newrecord.jpg
[2010-11-04 11:16:58 | 000,295,424 | ---- | M] () -- C:\gmer.exe
[2010-11-03 10:12:46 | 001,329,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe
[2010-10-31 21:57:01 | 000,000,199 | ---- | M] () -- C:\Users\Administrator\Desktop\Left 4 Dead 2.url
[2010-10-31 20:22:08 | 000,015,872 | ---- | M] () -- C:\Users\Administrator\Desktop\Untitled.jpg
[2010-10-31 15:39:12 | 000,000,956 | ---- | M] () -- C:\Users\Administrator\Desktop\World of Warcraft.lnk
[2010-10-31 15:33:36 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010-10-31 15:29:30 | 000,001,942 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010-10-31 15:25:19 | 000,000,132 | ---- | M] () -- C:\Windows\System32\rezumatenoi.dat
[2010-10-31 15:12:34 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2010-10-31 14:53:24 | 000,000,053 | ---- | M] () -- C:\Windows\wininit.ini
[2010-10-31 11:41:20 | 000,001,013 | ---- | M] () -- C:\Users\Administrator\Desktop\pc spullen.rtf
[2010-10-31 01:59:03 | 000,000,988 | ---- | M] () -- C:\Users\Administrator\Desktop\wow Liesje.lnk
[2010-10-31 00:25:44 | 000,002,001 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2010-10-31 00:25:39 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010-10-30 23:41:56 | 000,000,032 | ---- | M] () -- C:\ProgramData\io.ini
[2010-10-30 23:41:56 | 000,000,000 | ---- | M] () -- C:\ProgramData\3bs4qk27jn6a6orz0n7qlos06n2ij11f.ini
[2010-10-30 11:11:25 | 000,137,464 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010-10-30 11:11:16 | 000,214,520 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010-10-30 09:10:41 | 000,000,401 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 Multiplayer.lnk
[2010-10-30 00:34:55 | 000,000,252 | ---- | M] () -- C:\Windows\game.ini
[2010-10-28 23:41:07 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010-10-26 20:08:40 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010-10-25 19:09:30 | 000,876,824 | ---- | M] (DivX, Inc. ) -- C:\Users\Administrator\AppData\Roaming\DivXInstaller.exe
[2010-10-24 20:39:32 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010-10-24 20:29:45 | 000,000,544 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010-10-22 14:27:58 | 000,000,953 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2010-10-22 14:27:58 | 000,000,941 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Xfire.lnk
[2010-10-22 14:27:58 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2010-10-19 22:51:15 | 000,001,050 | ---- | M] () -- C:\Users\Administrator\Desktop\VLC media player.lnk
[2010-10-19 14:35:17 | 000,165,913 | ---- | M] () -- C:\Users\Administrator\Desktop\omfg.jpg
[2010-10-17 20:36:43 | 000,001,403 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010-10-16 11:34:43 | 000,000,551 | ---- | M] () -- C:\Windows\Qiii.INI
[2010-10-15 12:54:25 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Character Builder.lnk
[2010-10-14 21:48:22 | 000,001,091 | ---- | M] () -- C:\Music - Shortcut.lnk
[2010-10-13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe

 

========== Files Created - No Company Name ==========

[2010-11-06 23:26:10 | 000,364,032 | ---- | C] () -- C:\Users\Administrator\Desktop\rkill.exe
[2010-11-06 23:09:09 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010-11-06 23:09:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010-11-06 23:09:09 | 000,088,576 | ---- | C] () -- C:\Windows\MBR.exe
[2010-11-06 23:09:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010-11-06 23:09:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010-11-06 23:06:54 | 003,903,886 | R--- | C] () -- C:\Users\Administrator\Desktop\ComboFix.exe
[2010-11-06 19:51:43 | 000,000,558 | ---- | C] () -- C:\Users\Public\Desktop\Fable - The Lost Chapters.lnk
[2010-11-06 19:34:32 | 000,000,632 | ---- | C] () -- C:\Users\Public\Desktop\Total Commander.lnk
[2010-11-06 19:34:30 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2010-11-06 19:34:30 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2010-11-06 19:34:30 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2010-11-06 19:34:30 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2010-11-06 19:34:30 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2010-11-06 19:34:30 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2010-11-06 19:34:30 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2010-11-06 02:11:55 | 195,392,385 | ---- | C] () -- C:\Users\Administrator\Desktop.rar
[2010-11-06 02:10:25 | 000,295,424 | ---- | C] () -- C:\gmer.exe
[2010-11-05 23:45:12 | 000,629,248 | ---- | C] () -- C:\Users\Administrator\Desktop\dds.scr
[2010-11-05 23:44:59 | 000,080,384 | ---- | C] () -- C:\Users\Administrator\Desktop\MBRCheck.exe
[2010-11-05 23:44:31 | 000,295,424 | ---- | C] () -- C:\Users\Administrator\Desktop\7oeb8wvc.exe
[2010-11-05 23:43:20 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-11-05 15:58:48 | 000,000,112 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2010-11-05 15:32:24 | 000,002,424 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010-11-05 15:03:50 | 000,090,112 | -H-- | C] () -- C:\SZKGFS.dat
[2010-11-05 15:03:03 | 000,000,460 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2010-11-05 15:01:04 | 000,001,063 | ---- | C] () -- C:\Users\Administrator\Desktop\ParetoLogic PC Health Advisor.lnk
[2010-11-05 15:00:58 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2010-11-05 15:00:50 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2010-11-05 15:00:40 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job
[2010-11-05 14:35:24 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010-11-05 14:35:20 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010-11-05 14:35:20 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010-11-05 14:35:20 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010-11-05 14:35:19 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010-11-05 00:15:37 | 000,987,039 | ---- | C] () -- C:\Users\Administrator\Desktop\Kringloop van gesteente.pptx
[2010-11-04 21:27:46 | 000,001,236 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010-11-04 21:27:46 | 000,001,212 | ---- | C] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010-11-04 21:18:39 | 000,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010-11-04 21:15:25 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010-11-04 21:14:59 | 000,001,134 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010-11-04 21:14:59 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010-11-04 17:01:01 | 000,001,905 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010-11-04 17:01:01 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010-11-04 16:04:03 | 000,278,040 | ---- | C] () -- C:\Users\Administrator\Desktop\newrecord.jpg
[2010-10-31 21:57:01 | 000,000,199 | ---- | C] () -- C:\Users\Administrator\Desktop\Left 4 Dead 2.url
[2010-10-31 20:22:08 | 000,015,872 | ---- | C] () -- C:\Users\Administrator\Desktop\Untitled.jpg
[2010-10-31 15:26:13 | 000,001,942 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010-10-31 15:25:19 | 000,000,132 | ---- | C] () -- C:\Windows\System32\rezumatenoi.dat
[2010-10-31 15:12:34 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2010-10-31 14:55:16 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010-10-31 14:53:24 | 000,000,053 | ---- | C] () -- C:\Windows\wininit.ini
[2010-10-31 11:38:07 | 000,001,013 | ---- | C] () -- C:\Users\Administrator\Desktop\pc spullen.rtf
[2010-10-31 01:59:03 | 000,000,988 | ---- | C] () -- C:\Users\Administrator\Desktop\wow Liesje.lnk
[2010-10-31 00:25:44 | 000,002,001 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2010-10-30 23:41:56 | 000,000,032 | ---- | C] () -- C:\ProgramData\io.ini
[2010-10-30 23:41:56 | 000,000,000 | ---- | C] () -- C:\ProgramData\3bs4qk27jn6a6orz0n7qlos06n2ij11f.ini
[2010-10-30 09:10:41 | 000,000,401 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 Multiplayer.lnk
[2010-10-30 00:34:55 | 000,000,252 | ---- | C] () -- C:\Windows\game.ini
[2010-10-29 07:09:07 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010-10-29 07:08:54 | 000,011,502 | ---- | C] () -- C:\Windows\Dr. Printer Icon.ico
[2010-10-29 07:08:54 | 000,005,430 | ---- | C] () -- C:\Windows\AnyWeb Print.ico
[2010-10-29 07:08:53 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sst1cl3.dll
[2010-10-29 07:08:53 | 000,000,361 | ---- | C] () -- C:\Windows\System32\sst1cl3.smt
[2010-10-28 23:41:07 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2010-10-28 22:31:09 | 000,214,520 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010-10-26 20:08:40 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010-10-24 20:39:32 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010-10-24 20:28:32 | 000,000,544 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010-10-23 15:45:33 | 000,137,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010-10-23 15:45:27 | 000,214,520 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010-10-23 15:45:11 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010-10-22 14:27:58 | 000,000,953 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2010-10-22 14:27:58 | 000,000,941 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Xfire.lnk
[2010-10-22 14:27:58 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2010-10-19 14:35:17 | 000,165,913 | ---- | C] () -- C:\Users\Administrator\Desktop\omfg.jpg
[2010-10-17 20:36:43 | 000,001,403 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010-10-16 11:33:37 | 000,000,030 | ---- | C] () -- C:\Windows\Q3version.ini
[2010-10-16 11:32:49 | 000,000,551 | ---- | C] () -- C:\Windows\Qiii.INI
[2010-10-15 12:54:25 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\Character Builder.lnk
[2010-10-14 21:48:22 | 000,001,091 | ---- | C] () -- C:\Music - Shortcut.lnk
[2010-10-05 23:20:34 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010-10-05 23:20:34 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010-10-05 23:10:55 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010-07-09 20:00:32 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010-04-02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009-08-03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009-08-03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009-08-03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009-08-03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009-08-03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009-08-03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009-08-03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009-08-03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009-08-03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009-08-03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-04-21 10:04:26 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2008-11-13 13:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2005-03-08 13:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini

========== LOP Check ==========

[2010-10-31 00:10:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BitDefender
[2010-11-05 15:02:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DriverCure
[2010-11-06 19:34:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER
[2010-10-07 20:02:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LolClient
[2010-11-05 15:02:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ParetoLogic
[2010-11-04 21:33:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\QuickScan
[2010-11-05 14:35:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Simply Super Software
[2010-10-06 21:15:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SQLyog
[2010-10-05 23:28:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Stardock
[2010-10-28 18:45:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2010-10-23 13:59:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client
[2010-11-07 03:25:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2010-11-05 03:17:44 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010-11-06 18:00:00 | 000,000,460 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2010-11-05 15:29:19 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2010-11-05 15:29:19 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2010-11-05 15:29:19 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor.job
[2009-07-14 05:53:46 | 000,004,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010-11-07 03:26:47 | 000,002,236 | ---- | M] () -- C:\aaw7boot.log
[2010-11-06 12:14:04 | 000,023,629 | ---- | M] () -- C:\Attach.txt
[2009-06-10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010-10-31 15:25:21 | 000,002,213 | ---- | M] () -- C:\bdlog.txt
[2010-11-06 23:24:55 | 000,043,071 | ---- | M] () -- C:\ComboFix.txt
[2009-06-10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010-11-06 12:13:43 | 000,022,690 | ---- | M] () -- C:\DDS.txt
[2010-11-04 11:16:58 | 000,295,424 | ---- | M] () -- C:\gmer.exe
[2010-11-07 03:26:49 | 2566,365,184 | -HS- | M] () -- C:\hiberfil.sys
[2010-10-06 15:42:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-10-06 15:42:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-10-14 21:48:22 | 000,001,091 | ---- | M] () -- C:\Music - Shortcut.lnk
[2010-11-07 03:26:48 | 3421,822,976 | -HS- | M] () -- C:\pagefile.sys
[2010-11-06 23:26:20 | 000,000,424 | ---- | M] () -- C:\rkill.log
[2010-11-05 15:03:50 | 000,090,112 | -H-- | M] () -- C:\SZKGFS.dat
[2010-11-06 19:45:31 | 000,063,736 | ---- | M] () -- C:\TDSSKiller.2.4.6.0_06.11.2010_19.42.35_log.txt

< %systemroot%\Fonts\*.com >
[2009-07-14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009-07-14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009-07-14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009-07-14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009-06-10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009-07-14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007-08-14 18:00:28 | 000,019,968 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\spool\prtprocs\w32x86\sst1cpc.dll
[2009-07-14 02:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010-09-07 16:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009-07-14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010-10-17 20:36:43 | 000,000,221 | -HS- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010-11-05 23:44:31 | 000,295,424 | ---- | M] () -- C:\Users\Administrator\Desktop\7oeb8wvc.exe
[2010-11-06 23:06:58 | 003,903,886 | R--- | M] () -- C:\Users\Administrator\Desktop\ComboFix.exe
[2010-11-05 23:42:53 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup.exe
[2010-11-05 23:44:59 | 000,080,384 | ---- | M] () -- C:\Users\Administrator\Desktop\MBRCheck.exe
[2010-11-07 10:23:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010-11-06 23:26:10 | 000,364,032 | ---- | M] () -- C:\Users\Administrator\Desktop\rkill.exe
[2010-11-03 10:12:46 | 001,329,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009-06-10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010-11-07 03:28:29 | 000,000,402 | -HS- | M] () -- C:\Users\Administrator\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010-10-30 23:41:56 | 000,000,000 | ---- | M] () -- C:\ProgramData\3bs4qk27jn6a6orz0n7qlos06n2ij11f.ini
[2010-10-30 23:41:56 | 000,000,032 | ---- | M] () -- C:\ProgramData\io.ini

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

Extra's log

OTL Extras logfile created on: 7-11-2010 10:24:30 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31,90 Gb Total Space | 7,06 Gb Free Space | 22,13% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 33,64 Gb Free Space | 22,57% Space Free | Partition Type: NTFS
Drive E: | 117,05 Gb Total Space | 30,31 Gb Free Space | 25,89% Space Free | Partition Type: NTFS

Computer Name: KRIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31A49E0E-1989-4E2F-9085-D90A732193F4}" = MySQL Server 5.1
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{51DC7E02-3EEE-D01E-60D1-103A0DA2C3BF}" = Catalyst Control Center Graphics Previews Common
"{56AAE9D5-3D96-8D1D-C4C4-0290B21CE901}" = ccc-core-static
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59ADFE8C-AD8C-2B04-6940-2D417FBAD111}" = CCC Help English
"{5A91499A-C76C-4964-9314-2263467E3638}" = TortoiseHg 1.1.4 (x86)
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90AB0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A6834535-4E7D-C07A-2CAA-E2B73C82EC60}" = AMD Drag and Drop Transcoding
"{AC76BA86-7AD7-1043-7B44-A94000000001}" = Adobe Reader 9.4.0 - Nederlands
"{AF2E5BA0-759C-926D-6C3F-11A3751C286E}" = Catalyst Control Center Graphics Previews Vista
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C969744F-EB74-5868-719E-D4B1F3D0792F}" = ccc-utility
"{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger
"{CE03D1DC-FD8D-2F5C-5FAD-02570BA0383B}" = Catalyst Control Center InstallProxy
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudioCS" = Creative Configuratiescherm voor geluid
"avast5" = avast! Pro Antivirus
"CCleaner" = CCleaner
"CMake" = CMake 2.8 a cross-platform, open-source build system
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschappen Creative Sound Blaster
"DivX Setup.divx.com" = DivX Setup
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Fences" = Fences
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft DirectX SDK (August 2009)" = Microsoft DirectX SDK (August 2009)
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenSSL (32-bit)_is1" = OpenSSL 1.0.0a (32-bit)
"PowerISO" = PowerISO
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"SP6" = Logitech SetPoint 6.15
"SQLyog Enterprise" = SQLyog Enterprise 7.02
"Steam App 550" = Left 4 Dead 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"Totalcmd" = Total Commander (Remove or Repair)
"Trojan Remover_is1" = Trojan Remover 6.8.2
"uTorrent" = µTorrent
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6-11-2010 11:30:17 | Computer Name = kris-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll ".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language "
in element "assemblyIdentity" is invalid.

Error - 6-11-2010 2:46:26 | Computer Name = kris-PC | Source = VSS | ID = 8194
Description =

Error - 6-11-2010 2:49:24 | Computer Name = kris-PC | Source = MsiInstaller | ID = 11308
Description =

Error - 6-11-2010 2:49:26 | Computer Name = kris-PC | Source = MsiInstaller | ID = 11308
Description =

Error - 6-11-2010 2:50:42 | Computer Name = kris-PC | Source = MsiInstaller | ID = 11308
Description =

Error - 6-11-2010 2:50:43 | Computer Name = kris-PC | Source = MsiInstaller | ID = 11308
Description =

Error - 6-11-2010 2:50:44 | Computer Name = kris-PC | Source = MsiInstaller | ID = 11308
Description =

Error - 6-11-2010 7:31:39 | Computer Name = kris-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll ".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language "
in element "assemblyIdentity" is invalid.

Error - 7-11-2010 12:28:27 | Computer Name = kris-PC | Source = Software Protection Platform Service | ID = 8209
Description = Genuine state set to non-genuine (0x00000000) for application Id 55c92734-d682-4d71-983e-d6ec3f16059f

Error - 7-11-2010 12:28:27 | Computer Name = kris-PC | Source = Software Protection Platform Service | ID = 8208
Description = Acquisition of genuine ticket failed (hr=0xC004C4A2) for template
Id 66c92734-d682-4d71-983e-d6ec3f16059f

[ System Events ]
Error - 6-11-2010 6:10:25 | Computer Name = kris-PC | Source = Service Control Manager | ID = 7034
Description = The MySQL service terminated unexpectedly. It has done this 1 time(s).

Error - 6-11-2010 6:10:26 | Computer Name = kris-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6-11-2010 6:18:28 | Computer Name = kris-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 23:17:15 on ?6-?11-?2010 was unexpected.

Error - 6-11-2010 6:18:15 | Computer Name = kris-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 6-11-2010 6:18:36 | Computer Name = kris-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 6-11-2010 6:19:20 | Computer Name = kris-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD
Security Center Service service to connect.

Error - 6-11-2010 6:19:20 | Computer Name = kris-PC | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
following error: %%1053

Error - 6-11-2010 10:26:34 | Computer Name = kris-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 6-11-2010 10:27:21 | Computer Name = kris-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 6-11-2010 10:34:24 | Computer Name = kris-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >

 

this is the right log



All processes killed
========== OTL ==========
Error: No service named EagleNT was found to stop!
Service\Driver key EagleNT not found.
File C:\Windows\System32\drivers\EagleNT.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\dssrequest\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}\ not found.
File {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\sacore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}\ not found.
File {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Folder C:\ProgramData\SITEguard\ not found.
Folder C:\Program Files\Common Files\iS3\ not found.
Folder C:\ProgramData\STOPzilla!\ not found.
File C:\SZKGFS.dat not found.
File C:\ProgramData\3bs4qk27jn6a6orz0n7qlos06n2ij11f.ini not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 147590 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6528716 bytes
->Flash cache emptied: 566 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: kris
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 148568 bytes

Total Files Cleaned = 7,00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: kris

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11092010_224820

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...