TechSpot

Google redirects, compromissed game account

Solved
By Domiro
Jun 18, 2011
  1. Just over a week ago I lost an account related to games. I noticed later on that AVG(2009) ran out. I removed AVG, installed Microsoft Security Essentials, updated my remaining windows updates and defragged the HDD.

    Now i'm running into the issue that google redirects my searchresults to several sites not even remotely related. Other than that; Firefox seems to refuse to start, forcing me to reboot my machine (Taskmanager shows several instances running) and in some instances my machine slows down severely.

    As mentioned in the sticky, my AV has run its course, removing several infections. Java has been removed and the latest release installed, Adobe has been removed.

    Any help to solve this issue would be greatly appreciated. If there are questions regarding translation (Considering my OS is installed in Dutch), then i'm more than happy to help.

    ===

    Step 2 - Malwarebytes Anti-Malware

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Databaseversie: 6885

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    18-6-2011 13:22:16
    mbam-log-2011-06-18 (13-22-16).txt

    Scantype: Volledige scan (C:\|E:\|F:\|)
    Objecten gescand: 373902
    Verstreken tijd: 1 uur/uren, 28 minuut/minuten, 9 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 1
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 1
    Bestanden geïnfecteerd: 7

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WV3E3W0UXE4W1H6JOEOJOSEIHJTGBG (Trojan.SpyEyes) -> Value: WV3E3W0UXE4W1H6JOEOJOSEIHJTGBG -> Quarantined and deleted successfully.

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    c:\pkgfurotmvn (Trojan.SpyEyes) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    c:\documents and settings\lennart de groot\local settings\Temp\jar_cache1843015428022091892.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
    c:\documents and settings\lennart de groot\local settings\Temp\jar_cache4530388770589662388.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{b92a4fe4-3e3d-4416-b2a4-69c1259896d7}\RP143\A0117459.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{b92a4fe4-3e3d-4416-b2a4-69c1259896d7}\RP146\A0119946.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{b92a4fe4-3e3d-4416-b2a4-69c1259896d7}\RP147\A0119955.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{b92a4fe4-3e3d-4416-b2a4-69c1259896d7}\RP149\A0121054.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\pkgfurotmvn\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

    ===

    Step 3: GMER

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit scan 2011-06-18 13:44:25
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort4 SAMSUNG_HD642JJ rev.1AA01108
    Running: kxubi2uj.exe; Driver: C:\DOCUME~1\LENNAR~1\LOCALS~1\Temp\uxrdapob.sys


    ---- System - GMER 1.0.15 ----

    SSDT sptd.sys ZwCreateKey [0xB9ECFA50]
    SSDT sptd.sys ZwEnumerateKey [0xB9F03FFE]
    SSDT sptd.sys ZwEnumerateValueKey [0xB9F0438C]
    SSDT sptd.sys ZwOpenKey [0xB9ECFA30]
    SSDT sptd.sys ZwQueryKey [0xB9F04464]
    SSDT sptd.sys ZwQueryValueKey [0xB9F042E4]
    SSDT sptd.sys ZwSetValueKey [0xB9F044F6]

    INT 0x63 ? 8AEFFCC8
    INT 0x63 ? 8AEFFCC8
    INT 0x63 ? 8AEFFCC8
    INT 0x63 ? 8AEFFCC8
    INT 0x63 ? 8ACBCF00
    INT 0x83 ? 8AEFFCC8
    INT 0x83 ? 8AEFFCC8
    INT 0x83 ? 8ACBCF00
    INT 0x83 ? 8AEFFCC8
    INT 0x84 ? 8ACBCF00
    INT 0xA4 ? 8ACBCF00
    INT 0xA4 ? 8ACBCF00
    INT 0xA4 ? 8ACBCF00
    INT 0xA4 ? 8ACBCF00
    INT 0xB4 ? 8ACBCF00

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE sptd.sys B9EF3000 1 Byte [74]
    PAGE sptd.sys B9EF3004 5 Bytes [40, 33, EF, B9, A3]
    PAGE sptd.sys B9EF300C 5 Bytes [50, 34, EF, B9, 98]
    PAGE sptd.sys B9EF3014 5 Bytes [B8, 33, EF, B9, 59] {MOV EAX, 0x59b9ef33}
    PAGE sptd.sys B9EF301C 5 Bytes [78, 32, EF, B9, 61]
    PAGE ...
    .sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB9F8CD38]
    ? C:\WINDOWS\system32\drivers\sptd.sys Het proces heeft geen toegang tot het bestand omdat
    het bestand door een ander proces wordt gebruikt.
    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB95DB000, 0x2A1A98, 0xE8000020]
    .text USBPORT.SYS!DllUnload B95928AC 5 Bytes JMP 8ACBC410
    .text ayu81ieq.SYS B951F306 50 Bytes [00, 00, 00, 42, 03, 00, F0, ...]
    .text ayu81ieq.SYS B951F339 23 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text ayu81ieq.SYS B951F351 87 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text ayu81ieq.SYS B951F3A9 10 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
    .text ayu81ieq.SYS B951F3B4 12 Bytes [40, 00, 00, C8, 50, 41, 47, ...] {INC EAX; ADD [EAX], AL; ENTER 0x4150, 0x47; INC EBP; ADD [EAX], AL; ADD [EAX], AL}
    .text ...
    ? C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FDB8B8D-373E-4B57-8872-6ECB23BC3077}\MpKslf962e264.sys Het systeem kan het opgegeven bestand niet vinden. !
    ? system32\drivers\xpsec.sys Het systeem kan het opgegeven pad niet vinden. !
    ? system32\drivers\xcpip.sys Het systeem kan het opgegeven pad niet vinden. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\userinit.exe[268] ntdll.dll!NtClose 7C90CFEE 3 Bytes JMP 009103B2
    .text C:\WINDOWS\system32\userinit.exe[268] ntdll.dll!NtClose + 4 7C90CFF2 1 Byte [84]
    .text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\system32\winlogon.exe[640] Secur32.dll!LsaLogonUser 77F133F1 5 Bytes JMP 01112946
    .text C:\WINDOWS\system32\winlogon.exe[640] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\system32\winlogon.exe[640] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\system32\winlogon.exe[640] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\system32\lsass.exe[748] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\system32\lsass.exe[748] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\system32\lsass.exe[748] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\system32\lsass.exe[748] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\system32\lsass.exe[748] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\system32\lsass.exe[748] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\system32\lsass.exe[748] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\system32\lsass.exe[748] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\system32\lsass.exe[748] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\system32\Ati2evxx.exe[924] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00DD03B2
    .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\system32\svchost.exe[944] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\system32\svchost.exe[944] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] kernel32.dll!CreateFileW 7C7E0800 8 Bytes JMP 0BB754CB
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 024A9E0A
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 024A9CBC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] WS2_32.dll!recv 71A3676F 5 Bytes JMP 024A9A88
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 024A9B5B
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] USER32.dll!TrackPopupMenu 7E3E531E 5 Bytes JMP 1040C334 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\system32\svchost.exe[1016] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\system32\svchost.exe[1016] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BC0A7ED
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BC14882
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BC261F5
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BC0A537
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BC14938
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BC1045F
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BC1C594
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BC0BDD9
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01659E0A
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BC1D3A3
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01659CBC
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01659A88
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01659B5B
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BC1D3C5
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BC1938C
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BC0C3E1
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BC1DC3D
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BC22A3B
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BC1D6E8
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BC211F9
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BC21109
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BC22CF7
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BC21313
    .text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BC22B99
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0C9BA7ED
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0C9C4882
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0C9D61F5
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0C9BA537
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0C9C4938
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0C9BBDD9
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0C9CC594
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0C9C045F
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0C9CD3C5
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0C9C938C
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0C9BC3E1
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0C9CDC3D
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0C9D2A3B
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0C9CD6E8
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0C9D11F9
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0C9D1109
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0C9D2CF7
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0C9D1313
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0C9D2B99
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00DF9E0A
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WS2_32.dll!send 71A34C27 8 Bytes JMP 0C9CD3A3
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00DF9CBC
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00DF9A88
    .text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00DF9B5B
     
  2. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
    GMER log is incomplete.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Domiro

    Domiro TS Rookie Topic Starter Posts: 22

    .text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\System32\svchost.exe[1144] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\System32\svchost.exe[1144] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 007C03B2
    .text C:\WINDOWS\Mixer.exe[1256] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\Mixer.exe[1256] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\Mixer.exe[1256] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\Mixer.exe[1256] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\Mixer.exe[1256] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\Mixer.exe[1256] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\Mixer.exe[1256] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\Mixer.exe[1256] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\Mixer.exe[1256] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 03C29E0A
    .text C:\WINDOWS\Mixer.exe[1256] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\Mixer.exe[1256] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 03C29CBC
    .text C:\WINDOWS\Mixer.exe[1256] WS2_32.dll!recv 71A3676F 5 Bytes JMP 03C29A88
    .text C:\WINDOWS\Mixer.exe[1256] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 03C29B5B
    .text C:\WINDOWS\Mixer.exe[1256] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\Mixer.exe[1256] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\Mixer.exe[1256] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\Mixer.exe[1256] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\Mixer.exe[1256] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\Mixer.exe[1256] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\Mixer.exe[1256] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\Mixer.exe[1256] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\Mixer.exe[1256] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\Mixer.exe[1256] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\Mixer.exe[1256] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\System32\svchost.exe[1260] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\System32\svchost.exe[1260] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\System32\svchost.exe[1260] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\System32\svchost.exe[1356] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\System32\svchost.exe[1356] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\System32\svchost.exe[1356] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!HttpSendRequestW771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00FB9E0A
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00FB9CBC
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00FB9A88
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00FB9B5B
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\system32\spoolsv.exe[1568] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\system32\spoolsv.exe[1568] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\system32\spoolsv.exe[1568] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\system32\spoolsv.exe[1568] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\system32\spoolsv.exe[1568] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\system32\spoolsv.exe[1568] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\system32\spoolsv.exe[1568] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\system32\spoolsv.exe[1568] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\system32\spoolsv.exe[1568] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 02209E0A
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 02209CBC
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WS2_32.dll!recv 71A3676F 5 Bytes JMP 02209A88
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 02209B5B
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 03599E0A
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 03599CBC
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WS2_32.dll!recv 71A3676F 5 Bytes JMP 03599A88
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 03599B5B
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
     
  4. Domiro

    Domiro TS Rookie Topic Starter Posts: 22

    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\RTHDCPL.EXE[1900] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\RTHDCPL.EXE[1900] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\RTHDCPL.EXE[1900] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\RTHDCPL.EXE[1900] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\RTHDCPL.EXE[1900] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\RTHDCPL.EXE[1900] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\RTHDCPL.EXE[1900] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\RTHDCPL.EXE[1900] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\RTHDCPL.EXE[1900] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 05B79E0A
    .text C:\WINDOWS\RTHDCPL.EXE[1900] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\RTHDCPL.EXE[1900] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 05B79CBC
    .text C:\WINDOWS\RTHDCPL.EXE[1900] WS2_32.dll!recv 71A3676F 5 Bytes JMP 05B79A88
    .text C:\WINDOWS\RTHDCPL.EXE[1900] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 05B79B5B
    .text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program[1916] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program[1916] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program[1916] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program[1916] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program[1916] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program[1916] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program[1916] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program[1916] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program[1916] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 025D9E0A
    .text C:\Program[1916] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program[1916] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 025D9CBC
    .text C:\Program[1916] WS2_32.dll!recv 71A3676F 5 Bytes JMP 025D9A88
    .text C:\Program[1916] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 025D9B5B
    .text C:\Program[1916] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program[1916] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program[1916] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program[1916] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program[1916] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program[1916] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program[1916] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program[1916] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program[1916] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program[1916] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program[1916] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] ntdll.dll!NtVdmControl
    7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01119E0A
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01119CBC
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01119A88
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01119B5B
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01139E0A
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01139CBC
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01139A88
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01139B5B
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\System32\svchost.exe[2312] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\System32\svchost.exe[2312] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\System32\svchost.exe[2312] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\System32\svchost.exe[2312] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\System32\svchost.exe[2312] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\System32\svchost.exe[2312] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\System32\svchost.exe[2312] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\System32\svchost.exe[2312] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\System32\svchost.exe[2312] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 018C9E0A
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 018C9CBC
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WS2_32.dll!recv 71A3676F 5 Bytes JMP 018C9A88
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 018C9B5B
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01E69E0A
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01E69CBC
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01E69A88
    .text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01E69B5B
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 03F89E0A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 03F89CBC
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WS2_32.dll!recv 71A3676F 5 Bytes JMP 03F89A88
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 03F89B5B
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\system32\ctfmon.exe[2492] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\system32\ctfmon.exe[2492] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\system32\ctfmon.exe[2492] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\system32\ctfmon.exe[2492] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\system32\ctfmon.exe[2492] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\system32\ctfmon.exe[2492] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\system32\ctfmon.exe[2492] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\system32\ctfmon.exe[2492] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\system32\ctfmon.exe[2492] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00DF9E0A
    .text C:\WINDOWS\system32\ctfmon.exe[2492] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\system32\ctfmon.exe[2492] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00DF9CBC
    .text C:\WINDOWS\system32\ctfmon.exe[2492] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00DF9A88
    .text C:\WINDOWS\system32\ctfmon.exe[2492] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00DF9B5B
    .text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
     
  5. Domiro

    Domiro TS Rookie Topic Starter Posts: 22

    .text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text F:\games\steam\steam.exe[2508] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0D33A7ED
    .text F:\games\steam\steam.exe[2508] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0D344882
    .text F:\games\steam\steam.exe[2508] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0D3561F5
    .text F:\games\steam\steam.exe[2508] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0D33A537
    .text F:\games\steam\steam.exe[2508] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0D344938
    .text F:\games\steam\steam.exe[2508] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 05049E0A
    .text F:\games\steam\steam.exe[2508] WS2_32.dll!send 71A34C27 8 Bytes JMP 0D34D3A3
    .text F:\games\steam\steam.exe[2508] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 05049CBC
    .text F:\games\steam\steam.exe[2508] WS2_32.dll!recv 71A3676F 5 Bytes JMP 05049A88
    .text F:\games\steam\steam.exe[2508] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 05049B5B
    .text F:\games\steam\steam.exe[2508] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0D34C594
    .text F:\games\steam\steam.exe[2508] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0D33BDD9
    .text F:\games\steam\steam.exe[2508] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0D34045F
    .text F:\games\steam\steam.exe[2508] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0D34D3C5
    .text F:\games\steam\steam.exe[2508] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0D34938C
    .text F:\games\steam\steam.exe[2508] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0D33C3E1
    .text F:\games\steam\steam.exe[2508] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0D34DC3D
    .text F:\games\steam\steam.exe[2508] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0D352A3B
    .text F:\games\steam\steam.exe[2508] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0D34D6E8
    .text F:\games\steam\steam.exe[2508] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0D3511F9
    .text F:\games\steam\steam.exe[2508] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0D351109
    .text F:\games\steam\steam.exe[2508] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0D352CF7
    .text F:\games\steam\steam.exe[2508] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0D351313
    .text F:\games\steam\steam.exe[2508] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0D352B99
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01439E0A
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01439CBC
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01439A88
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01439B5B
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00D99E0A
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00D99CBC
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00D99A88
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00D99B5B
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01DA9E0A
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01DA9CBC
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01DA9A88
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01DA9B5B
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 010E9E0A
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 010E9CBC
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!recv 71A3676F 5 Bytes JMP 010E9A88
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 010E9B5B
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BC0A7ED
    .text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BC14882
    .text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BC261F5
    .text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BC0A537
    .text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BC14938
    .text C:\WINDOWS\explorer.exe[2832] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BC1C594
    .text C:\WINDOWS\explorer.exe[2832] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BC0BDD9
    .text C:\WINDOWS\explorer.exe[2832] USER32.dll!DisplayExitWindowsWarnings 7E3D9F91 5 Bytes JMP 01272758
    .text C:\WINDOWS\explorer.exe[2832] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BC1045F
    .text C:\WINDOWS\explorer.exe[2832] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BC1DC3D
    .text C:\WINDOWS\explorer.exe[2832] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BC22A3B
    .text C:\WINDOWS\explorer.exe[2832] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BC22CF7
    .text C:\WINDOWS\explorer.exe[2832] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BC22B99
    .text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00F39E0A
    .text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BC1D3A3
    .text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00F39CBC
    .text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00F39A88
    .text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00F39B5B
    .text C:\WINDOWS\system32\PnkBstrA.exe[3228] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 006A03B2
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01829E0A
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01829CBC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01829A88
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01829B5B
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\System32\svchost.exe[3644] ntdll.dll!NtClose 7C90CFEE 3 Bytes JMP 009103B2
    .text C:\WINDOWS\System32\svchost.exe[3644] ntdll.dll!NtClose + 4 7C90CFF2 1 Byte [84]
    .text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\System32\svchost.exe[3728] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\System32\svchost.exe[3728] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\System32\svchost.exe[3728] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\System32\svchost.exe[3728] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BADA7ED
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BAE4882
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BAF61F5
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BADA537
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BAE4938
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BADBDD9
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BAEC594
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BAE045F
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BAED3A3
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BAED3C5
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BAE938C
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BADC3E1
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BAEDC3D
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BAF2A3B
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BAED6E8
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BAF11F9
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BAF1109
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BAF2CF7
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BAF1313
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BAF2B99
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0D81A7ED
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0D824882
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0D8361F5
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0D81A537
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0D824938
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0D81BDD9
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0D82C594
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 0EBB9E0A
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!send 71A34C27 8 Bytes JMP 0D82D3A3
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 0EBB9CBC
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!recv 71A3676F 5 Bytes JMP 0EBB9A88
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 0EBB9B5B
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0D82045F
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0D82D3C5
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0D82938C
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0D81C3E1
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0D82DC3D
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0D832A3B
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0D82D6E8
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0D8311F9
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0D831109
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0D832CF7
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0D831313
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0D832B99
    .text C:\WINDOWS\system32\CTsvcCDA.exe[3804] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00AE03B2
    .text C:\Program Files\Creative\Shared Files\CTDevSrv.exe[3924] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005F03B2
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtEnumerateValueKey
     
  6. Domiro

    Domiro TS Rookie Topic Starter Posts: 22

    7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 07069E0A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 07069CBC
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!recv 71A3676F 5 Bytes JMP 07069A88
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 07069B5B
    .text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\system32\wscntfy.exe[4320] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\system32\wscntfy.exe[4320] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\system32\wscntfy.exe[4320] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00FD9E0A
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00FD9CBC
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00FD9A88
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00FD9B5B
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\system32\rundll32.exe[4688] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\system32\rundll32.exe[4688] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\system32\rundll32.exe[4688] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 02839E0A
    .text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 02839CBC
    .text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!recv 71A3676F 5 Bytes JMP 02839A88
    .text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 02839B5B
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005803B2
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 006E9E0A
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!send 71A34C27 5 Bytes JMP 006E99A7
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 006E9CBC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!recv 71A3676F 5 Bytes JMP 006E9A88
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 006E9B5B
    .text C:\WINDOWS\System32\alg.exe[5044] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A203B2
    .text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00BA9E0A
    .text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!send 71A34C27 5 Bytes JMP 00BA99A7
    .text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00BA9CBC
    .text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00BA9A88
    .text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00BA9B5B
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0CFDA7ED
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0CFE4882
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0CFF61F5
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0CFDA537
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0CFE4938
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0CFEC594
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0CFDBDD9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WS2_32.dll!send 71A34C27 8 Bytes JMP 0CFED3A3
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0CFE045F
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0CFED3C5
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0CFE938C
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0CFDC3E1
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0CFEDC3D
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0CFF2A3B
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0CFED6E8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0CFF11F9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0CFF1109
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0CFF2CF7
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0CFF1313
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0CFF2B99
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] kernel32.dll!CreateFileW 7C7E0800 8 Bytes JMP 0BB754CB
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\system32\msiexec.exe[5556] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\system32\msiexec.exe[5556] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\system32\msiexec.exe[5556] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpSendRequestA
    771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00C19E0A
    .text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00C19CBC
    .text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00C19A88
    .text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00C19B5B
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BADA7ED
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BAE4882
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BAF61F5
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BADA537
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BAE4938
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BAEC594
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BADBDD9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BAE045F
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 018B9E0A
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BAED3A3
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 018B9CBC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!recv 71A3676F 5 Bytes JMP 018B9A88
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 018B9B5B
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BAED3C5
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BAE938C
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BADC3E1
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BAEDC3D
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BAF2A3B
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BAED6E8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BAF11F9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BAF1109
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BAF2CF7
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BAF1313
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BAF2B99
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!recv 71A3676F 5 Bytes JMP 0EBB9A88
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 0EBB9B5B
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0D82045F
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0D82D3C5
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0D82938C
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0D81C3E1
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0D82DC3D
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0D832A3B
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0D82D6E8
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0D8311F9
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0D831109
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0D832CF7
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0D831313
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0D832B99
    .text C:\WINDOWS\system32\CTsvcCDA.exe[3804] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00AE03B2
    .text C:\Program Files\Creative\Shared Files\CTDevSrv.exe[3924] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005F03B2
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 07069E0A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 07069CBC
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!recv 71A3676F 5 Bytes JMP 07069A88
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 07069B5B
    .text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\system32\wscntfy.exe[4320] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\system32\wscntfy.exe[4320] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\system32\wscntfy.exe[4320] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00FD9E0A
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00FD9CBC
     
  7. Domiro

    Domiro TS Rookie Topic Starter Posts: 22

    .text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00FD9A88
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00FD9B5B
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\system32\rundll32.exe[4688] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\system32\rundll32.exe[4688] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\system32\rundll32.exe[4688] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 02839E0A
    .text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 02839CBC
    .text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!recv 71A3676F 5 Bytes JMP 02839A88
    .text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 02839B5B
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005803B2
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 006E9E0A
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!send 71A34C27 5 Bytes JMP 006E99A7
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 006E9CBC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!recv 71A3676F 5 Bytes JMP 006E9A88
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 006E9B5B
    .text C:\WINDOWS\System32\alg.exe[5044] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A203B2
    .text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00BA9E0A
    .text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!send 71A34C27 5 Bytes JMP 00BA99A7
    .text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00BA9CBC
    .text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00BA9A88
    .text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00BA9B5B
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0CFDA7ED
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0CFE4882
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0CFF61F5
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0CFDA537
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0CFE4938
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0CFEC594
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0CFDBDD9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WS2_32.dll!send
    71A34C27 8 Bytes JMP 0CFED3A3
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0CFE045F
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0CFED3C5
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0CFE938C
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0CFDC3E1
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0CFEDC3D
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0CFF2A3B
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0CFED6E8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0CFF11F9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0CFF1109
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0CFF2CF7
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0CFF1313
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0CFF2B99
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] kernel32.dll!CreateFileW 7C7E0800 8 Bytes JMP 0BB754CB
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\system32\msiexec.exe[5556] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\system32\msiexec.exe[5556] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\system32\msiexec.exe[5556] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00C19E0A
    .text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00C19CBC
    .text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00C19A88
    .text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00C19B5B
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BADA7ED
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BAE4882
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BAF61F5
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BADA537
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BAE4938
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BAEC594
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BADBDD9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BAE045F
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 018B9E0A
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BAED3A3
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 018B9CBC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!recv 71A3676F 5 Bytes JMP 018B9A88
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 018B9B5B
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BAED3C5
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BAE938C
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BADC3E1
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BAEDC3D
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BAF2A3B
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BAED6E8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BAF11F9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BAF1109
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BAF2CF7
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BAF1313
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BAF2B99
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ADVAPI32.dll!CryptEncrypt


    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01439E0A
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01439CBC
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01439A88
    .text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01439B5B
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
     
  8. Domiro

    Domiro TS Rookie Topic Starter Posts: 22

    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00D99E0A
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00D99CBC
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00D99A88
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00D99B5B
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01DA9E0A
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01DA9CBC
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01DA9A88
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01DA9B5B
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 010E9E0A
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 010E9CBC
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!recv 71A3676F 5 Bytes JMP 010E9A88
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 010E9B5B
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BC0A7ED
    .text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BC14882
    .text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BC261F5
    .text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BC0A537
    .text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BC14938
    .text C:\WINDOWS\explorer.exe[2832] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BC1C594
    .text C:\WINDOWS\explorer.exe[2832] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BC0BDD9
    .text C:\WINDOWS\explorer.exe[2832] USER32.dll!DisplayExitWindowsWarnings 7E3D9F91 5 Bytes JMP 01272758
    .text C:\WINDOWS\explorer.exe[2832] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BC1045F
    .text C:\WINDOWS\explorer.exe[2832] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BC1DC3D
    .text C:\WINDOWS\explorer.exe[2832] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BC22A3B
    .text C:\WINDOWS\explorer.exe[2832] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BC22CF7
    .text C:\WINDOWS\explorer.exe[2832] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BC22B99
    .text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00F39E0A
    .text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BC1D3A3
    .text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00F39CBC
    .text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00F39A88
    .text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00F39B5B
    .text C:\WINDOWS\system32\PnkBstrA.exe[3228] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 006A03B2
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01829E0A
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01829CBC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01829A88
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01829B5B
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\System32\svchost.exe[3644] ntdll.dll!NtClose 7C90CFEE 3 Bytes JMP 009103B2
    .text C:\WINDOWS\System32\svchost.exe[3644] ntdll.dll!NtClose + 4 7C90CFF2 1 Byte [84]
    .text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\System32\svchost.exe[3728] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\System32\svchost.exe[3728] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\System32\svchost.exe[3728] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\System32\svchost.exe[3728] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BADA7ED

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BAE4882
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BAF61F5
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BADA537
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BAE4938
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BADBDD9
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BAEC594
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BAE045F
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BAED3A3
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BAED3C5
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BAE938C
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BADC3E1
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BAEDC3D
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BAF2A3B
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BAED6E8
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BAF11F9
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BAF1109
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BAF2CF7
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BAF1313
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BAF2B99
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0D81A7ED
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0D824882
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0D8361F5
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0D81A537
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0D824938
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0D81BDD9
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0D82C594
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 0EBB9E0A
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!send 71A34C27 8 Bytes JMP 0D82D3A3
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 0EBB9CBC
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!recv 71A3676F 5 Bytes JMP 0EBB9A88
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 0EBB9B5B
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0D82045F
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0D82D3C5
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0D82938C
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0D81C3E1
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0D82DC3D
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0D832A3B
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0D82D6E8
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0D8311F9
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0D831109
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0D832CF7
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0D831313
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0D832B99
    .text C:\WINDOWS\system32\CTsvcCDA.exe[3804] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00AE03B2
    .text C:\Program Files\Creative\Shared Files\CTDevSrv.exe[3924] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005F03B2
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 07069E0A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 07069CBC
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!recv 71A3676F 5 Bytes JMP 07069A88
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 07069B5B
    .text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\system32\wscntfy.exe[4320] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\system32\wscntfy.exe[4320] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\system32\wscntfy.exe[4320] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00FD9E0A
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00FD9CBC
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00FD9A88
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00FD9B5B
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpAddRequestHeadersA
     
  9. Domiro

    Domiro TS Rookie Topic Starter Posts: 22

    771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\system32\rundll32.exe[4688] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\system32\rundll32.exe[4688] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\system32\rundll32.exe[4688] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 02839E0A
    .text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 02839CBC
    .text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!recv 71A3676F 5 Bytes JMP 02839A88
    .text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 02839B5B
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005803B2
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 006E9E0A
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!send 71A34C27 5 Bytes JMP 006E99A7
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 006E9CBC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!recv 71A3676F 5 Bytes JMP 006E9A88
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 006E9B5B
    .text C:\WINDOWS\System32\alg.exe[5044] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A203B2
    .text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00BA9E0A
    .text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!send 71A34C27 5 Bytes JMP 00BA99A7
    .text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00BA9CBC
    .text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00BA9A88
    .text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00BA9B5B
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0CFDA7ED
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0CFE4882
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0CFF61F5
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0CFDA537
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0CFE4938
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0CFEC594
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0CFDBDD9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WS2_32.dll!send 71A34C27 8 Bytes JMP 0CFED3A3
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0CFE045F
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0CFED3C5
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0CFE938C
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0CFDC3E1
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0CFEDC3D
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0CFF2A3B
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0CFED6E8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0CFF11F9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0CFF1109
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0CFF2CF7
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0CFF1313
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0CFF2B99
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] kernel32.dll!CreateFileW 7C7E0800 8 Bytes JMP 0BB754CB
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5372] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\WINDOWS\system32\msiexec.exe[5556] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\WINDOWS\system32\msiexec.exe[5556] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\WINDOWS\system32\msiexec.exe[5556] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
    .text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00C19E0A
    .text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00C19CBC
    .text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00C19A88
    .text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00C19B5B
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BADA7ED
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BAE4882
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BAF61F5
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BADA537
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BAE4938
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BAEC594
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BADBDD9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BAE045F
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 018B9E0A
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BAED3A3
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 018B9CBC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!recv 71A3676F 5 Bytes JMP 018B9A88
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 018B9B5B
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BAED3C5
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BAE938C
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BADC3E1
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BAEDC3D
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BAF2A3B
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BAED6E8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BAF11F9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BAF1109
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BAF2CF7
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BAF1313
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BAF2B99
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
    .text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B9E96574] sptd.sys
    IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B9E960C0] sptd.sys
    IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B9E96FE0] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9E960C0] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9E96362] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9E962A4] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9E971BC] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9E96FE0] sptd.sys
    IAT \SystemRoot\System32\Drivers\ayu81ieq.SYS[HAL.dll!KeGetCurrentIrql] 56227411
    IAT \SystemRoot\System32\Drivers\ayu81ieq.SYS[HAL.dll!KfAcquireSpinLock] 52162E68
    IAT \SystemRoot\System32\Drivers\ayu81ieq.SYS[HAL.dll!KfReleaseSpinLock] D9F753B9
    IAT \SystemRoot\System32\Drivers\ayu81ieq.SYS[HAL.dll!KfRaiseIrql] F7C31352
    IAT \SystemRoot\System32\Drivers\ayu81ieq.SYS[HAL.dll!KfLowerIrql] FF5150D8
    IAT \SystemRoot\System32\Drivers\ayu81ieq.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] 25E85300

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 8AEFE1F8
    Device \FileSystem\Fastfat \FatCdrom 8A0341F8
    Device \FileSystem\Udfs \UdfsCdRom 8A59F1F8
    Device \FileSystem\Udfs \UdfsDisk 8A59F1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{AF794023-DC67-4F2E-BBC0-AB05A411DDDF} 8ACA1430
    Device \Driver\usbuhci \Device\USBPDO-0 8ACBA430
    Device \Driver\usbuhci \Device\USBPDO-1 8ACBA430
    Device \Driver\usbuhci \Device\USBPDO-2 8ACBA430
    Device \Driver\usbehci \Device\USBPDO-3 8ACBD430
    Device \Driver\usbuhci \Device\USBPDO-4 8ACBA430
    Device \Driver\usbuhci \Device\USBPDO-5 8ACBA430
    Device \Driver\PCI_PNP5400 \Device\00000049 sptd.sys
    Device \Driver\PCI_PNP5400 \Device\00000049 sptd.sys
    Device \Driver\usbuhci \Device\USBPDO-6 8ACBA430
    Device \Driver\Cdrom \Device\CdRom0 8ACC7430
    Device \Driver\atapi \Device\Ide\IdePort0 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort2 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort3 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort4 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort5 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-14 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\Cdrom \Device\CdRom1 8ACC7430
    Device \Driver\Cdrom \Device\CdRom2 8ACC7430
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8ACA1430
    Device \Driver\NetBT \Device\NetbiosSmb 8ACA1430
    Device \Driver\usbuhci \Device\USBFDO-0 8ACBA430
    Device \Driver\usbuhci \Device\USBFDO-1 8ACBA430
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8AC70430
    Device \Driver\usbuhci \Device\USBFDO-2 8ACBA430
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 8AC70430
    Device \Driver\usbehci \Device\USBFDO-3 8ACBD430
    Device \Driver\usbuhci \Device\USBFDO-4 8ACBA430
    Device \Driver\usbuhci \Device\USBFDO-5 8ACBA430
    Device \Driver\usbuhci \Device\USBFDO-6 8ACBA430
    Device \Driver\ayu81ieq \Device\Scsi\ayu81ieq1Port6Path0Target1Lun0 8ACBF430
    Device \Driver\ayu81ieq \Device\Scsi\ayu81ieq1 8ACBF430
    Device \Driver\ayu81ieq \Device\Scsi\ayu81ieq1Port6Path0Target0Lun0 8ACBF430
    Device \FileSystem\Fastfat \Fat 8A0341F8

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs 89EFC1F8
    ---- Processes - GMER 1.0.15 ----

    Library C:\Program (*** hidden *** ) @ C:\Program [1916] 0x00400000

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x12 0xD5 0xD3 0x7C ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x58 0xFE 0xDC 0x5F ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAB 0x2C 0x1E 0xD8 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE1 0x20 0x66 0x5C ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x7D 0x74 0x33 0x38 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x12 0xD5 0xD3 0x7C ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x58 0xFE 0xDC 0x5F ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAB 0x2C 0x1E 0xD8 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE1 0x20 0x66 0x5C ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x7D 0x74 0x33 0x38 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@9E6XYH0W0DYH3C2EMRAC C:\iduhsfuisdf\28ED27230B7.exe /q

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 MBR read error
    Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

    ---- Files - GMER 1.0.15 ----

    File C:\iduhsfuisdf 0 bytes
    File C:\iduhsfuisdf\28ED27230B7.exe 240128 bytes executable
    File C:\iduhsfuisdf\4FFD086BCE06AB4 78674 bytes

    ---- EOF - GMER 1.0.15 ----
     
  10. Domiro

    Domiro TS Rookie Topic Starter Posts: 22

    ===
    DDS

    .
    DDS (Ver_2011-06-12.02) - NTFSx86
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
    Run by Lennart de Groot at 13:44:33 on 2011-06-18
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2124 [GMT 2:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
    C:\Program Files\Razer\Naga\RazerNagaSysTray.exe
    C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\system32\ctfmon.exe
    F:\games\steam\steam.exe
    C:\Program Files\Creative\Software Update 3\SoftAuto.exe
    C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [Steam] "f:\games\steam\steam.exe" -silent
    uRun: [SoftAuto.exe] "c:\program files\creative\software update 3\SoftAuto.exe"
    uRun: [Grid] "c:\program files\ati technologies\hydravision\HydraGrd.exe"
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
    uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [8F6X5AZYZI4D5CZIRBQOCJIUI] c:\sadoahskudh\sadoahskudh.exe /q
    uRun: [9D6UWFXE7G3B9C5XVFXSSCNBM] c:\sdjafsdjfsd\279A3E880B7.exe /q
    uRun: [9D6UWFXE7G3B9C5XVFXSSCNBM] c:\sdjafsdjfsd\279A3E880B7.exe /q
    mRun: [C-Media Mixer] Mixer.exe /startup
    mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
    mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
    mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SMSTray] c:\program files\samsung\samsung media studio 5\SMSTray.exe
    mRun: [Razer Naga Driver] c:\program files\razer\naga\RazerNagaSysTray.exe
    mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
    mRun: [Philips Device Listener] "c:\program files\philips\philips songbird resources\autolauncher\PhilipsDeviceListener.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\lennar~1\menust~1\progra~1\opstar~1\atitra~1.lnk - c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.exe
    StartupFolder: c:\docume~1\lennar~1\menust~1\progra~1\opstar~1\openof~1.lnk - c:\program files\openoffice.org 2.3\program\quickstart.exe
    StartupFolder: c:\docume~1\lennar~1\menust~1\progra~1\opstar~1\openof~2.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://operation7.fiaa.eu/OPLauncher.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{AF794023-DC67-4F2E-BBC0-AB05A411DDDF} : DhcpNameServer = 192.168.1.1
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.1.1 spynettest.microsoft.com
    Hosts: 127.0.1.1 spynet2.microsoft.com
    Hosts: 127.0.1.1 mpa.one.microsoft.com
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\lennart de groot\application data\mozilla\firefox\profiles\x60z6gy6.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.volkskrant.nl
    FF - plugin: c:\documents and settings\lennart de groot\application data\mozilla\firefox\profiles\x60z6gy6.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
    FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 atitray;atitray;c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [2010-4-12 17952]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 MpKsl25b5d496;MpKsl25b5d496;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3a051bf8-968f-4308-8b02-a249d09807bf}\MpKsl25b5d496.sys [2011-6-18 28752]
    R1 MpKslf962e264;MpKslf962e264;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6fdb8b8d-373e-4b57-8872-6ecb23bc3077}\mpkslf962e264.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6fdb8b8d-373e-4b57-8872-6ecb23bc3077}\MpKslf962e264.sys [?]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2001-9-7 14336]
    R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-7-10 20328]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-2-11 10448]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-18 366640]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2010-4-12 14856]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-18 22712]
    R3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [2011-2-23 103424]
    R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
    R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
    S1 MpKsl08cddf9a;MpKsl08cddf9a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e8591ee-4fd2-4067-b6c1-c3560203ff35}\mpksl08cddf9a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e8591ee-4fd2-4067-b6c1-c3560203ff35}\MpKsl08cddf9a.sys [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-4-12 1691480]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-10-6 16512]
    S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2008-5-21 64000]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;f:\games\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [2011-3-6 25832]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-18 39984]
    S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-4-11 16456]
    S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-4-11 11088]
    S3 slicedisk.sys;slicedisk.sys;c:\windows\system32\slicedisk.sys [2010-4-11 8832]
    S3 SliceDisk5;SliceDisk5;\??\c:\program files\a-ff find and mount\slicedisk.sys --> c:\program files\a-ff find and mount\slicedisk.sys [?]
    .
    =============== File Associations ===============
    .
    vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
    vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
    jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2011-06-18 11:27:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-06-18 11:22:26 54016 ----a-w- c:\windows\system32\drivers\anuwar.sys
    2011-06-18 09:52:45 -------- d-----w- c:\documents and settings\lennart de groot\application data\Malwarebytes
    2011-06-18 09:52:40 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-18 09:52:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-06-18 09:50:59 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-18 09:50:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-18 08:37:00 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3a051bf8-968f-4308-8b02-a249d09807bf}\MpKsl25b5d496.sys
    2011-06-18 08:36:35 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3a051bf8-968f-4308-8b02-a249d09807bf}\mpengine.dll
    2011-06-11 07:49:45 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2011-06-10 08:16:56 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-06-10 08:16:45 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-06-10 08:16:21 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-06-10 08:15:40 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-06-10 08:01:43 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-06-10 08:01:29 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-06-10 08:01:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-06-10 08:01:16 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2011-06-10 08:01:15 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2011-06-10 08:01:15 285696 -c----w- c:\windows\system32\dllcache\pdh.dll
    2011-06-10 08:01:15 111104 -c----w- c:\windows\system32\dllcache\services.exe
    2011-06-10 08:01:14 684544 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2011-06-10 08:01:14 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2011-06-10 08:01:13 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2011-06-10 08:00:58 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2011-06-10 07:59:50 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
    2011-06-10 07:59:43 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2011-06-10 07:58:58 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
    2011-06-10 07:57:04 293376 ------w- c:\windows\system32\browserchoice.exe
    2011-06-10 07:53:12 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-06-10 07:53:12 215920 ----a-w- c:\windows\system32\muweb.dll
    2011-06-10 07:53:12 17776 ----a-w- c:\windows\system32\mucltui.dll.mui
    2011-06-10 07:51:17 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-06-10 07:50:19 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
    2011-06-10 07:19:04 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-06-10 07:17:47 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
    2011-06-10 07:17:45 87040 -c----w- c:\windows\system32\dllcache\cabview.dll
    2011-06-10 07:17:45 -------- d-----w- c:\windows\system32\PreInstall
    2011-06-10 07:16:57 -------- d--h--w- c:\windows\$hf_mig$
    2011-06-10 07:16:36 221184 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2011-06-09 12:21:18 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll
    2011-06-09 12:21:16 200704 -c----w- c:\windows\system32\dllcache\msadox.dll
    2011-06-09 12:21:15 143360 -c----w- c:\windows\system32\dllcache\msadco.dll
    2011-06-09 12:21:15 102400 -c----w- c:\windows\system32\dllcache\msjro.dll
    2011-06-09 12:21:14 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll
    2011-06-09 12:21:11 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
    2011-06-09 12:04:43 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-06-09 12:01:49 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2011-06-09 12:01:04 -------- d-----w- c:\program files\Microsoft Security Client
    2011-06-09 11:31:06 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
    2011-06-09 11:25:51 -------- d-----w- c:\documents and settings\lennart de groot\application data\AVG10
    2011-06-09 11:23:49 -------- d-----w- c:\documents and settings\all users\application data\AVG10
    2011-06-09 11:16:10 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2011-06-07 13:53:43 -------- d-----w- c:\documents and settings\all users\application data\Solidshield
    2011-06-07 13:51:35 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts
    2011-06-07 13:51:35 -------- d-----w- c:\documents and settings\all users\application data\EA Core
    2011-05-30 14:47:54 -------- d-----w- c:\documents and settings\lennart de groot\local settings\application data\Ubisoft Game Launcher
    2011-05-21 15:51:32 -------- d-----w- c:\documents and settings\lennart de groot\local settings\application data\The Witcher 2
    .
    ==================== Find3M ====================
    .
    2011-06-18 11:27:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-25 20:16:26 140024 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-05-25 20:16:18 280768 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2011-05-25 20:16:18 280768 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-05-25 20:11:26 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2011-04-20 02:41:56 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
    2011-04-20 02:38:50 311296 ----a-w- c:\windows\system32\atiiiexx.dll
    2011-04-20 02:29:06 57344 ----a-w- c:\windows\system32\aticalrt.dll
    2011-04-20 02:29:00 53248 ----a-w- c:\windows\system32\aticalcl.dll
    2011-04-20 02:24:20 5459968 ----a-w- c:\windows\system32\aticaldd.dll
    2011-04-20 02:14:04 17743872 ----a-w- c:\windows\system32\atioglxx.dll
    2011-04-20 02:04:00 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-04-20 02:02:58 302080 ----a-w- c:\windows\system32\ati2dvag.dll
    2011-04-20 02:01:50 4017408 ----a-w- c:\windows\system32\ati3duag.dll
    2011-04-20 01:55:20 1115008 ----a-w- c:\windows\system32\ativvamv.dll
    2011-04-20 01:45:06 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
    2011-04-20 01:44:34 212992 ----a-w- c:\windows\system32\atipdlxx.dll
    2011-04-20 01:44:22 155648 ----a-w- c:\windows\system32\Oemdspif.dll
    2011-04-20 01:44:14 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
    2011-04-20 01:44:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2011-04-20 01:43:54 188416 ----a-w- c:\windows\system32\ati2evxx.dll
    2011-04-20 01:42:40 643072 ----a-w- c:\windows\system32\ati2evxx.exe
    2011-04-20 01:41:22 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
    2011-04-20 01:40:08 151552 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-04-20 01:36:24 651264 ----a-w- c:\windows\system32\atikvmag.dll
    2011-04-20 01:34:10 200704 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-04-20 01:33:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
    2011-04-20 01:30:48 503808 ----a-w- c:\windows\system32\atiok3x2.dll
    2011-04-20 01:28:32 851968 ----a-w- c:\windows\system32\ati2cqag.dll
    2011-04-20 01:27:32 64512 ----a-w- c:\windows\system32\atimpc32.dll
    2011-04-20 01:27:32 64512 ----a-w- c:\windows\system32\amdpcom32.dll
    2011-04-20 01:26:26 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-04-19 21:10:32 59904 ----a-w- c:\windows\system32\OVDecode.dll
    2011-04-19 21:10:02 12385280 ----a-w- c:\windows\system32\amdocl.dll
    2011-02-16 22:51:50 728858 ----a-w- c:\program files\common files\unins000.exe
    2008-03-09 06:25:10 236 ----a-w- c:\program files\common files\dx.reg
    .
    ============= FINISH: 13:44:54,59 ===============

    ===
    Attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-12.02)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10-4-2010 21:44:53
    System Uptime: 18-6-2011 10:25:24 (3 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5Q
    Processor: Intel Pentium III Xeon-processor | LGA 775 | 2999/333mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 128 GiB total, 40,415 GiB free.
    D: is CDROM (UDF)
    E: is FIXED (NTFS) - 195 GiB total, 79,375 GiB free.
    F: is FIXED (NTFS) - 273 GiB total, 55,725 GiB free.
    G: is CDROM ()
    H: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Ethernet-controller
    Device ID: PCI\VEN_1969&DEV_1026&SUBSYS_82261043&REV_B0\4&20515DB1&0&00E5
    Manufacturer:
    Name: Ethernet-controller
    PNP Device ID: PCI\VEN_1969&DEV_1026&SUBSYS_82261043&REV_B0\4&20515DB1&0&00E5
    Service:
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: USB-controller
    Device ID: PCI\VEN_8086&DEV_3A3A&SUBSYS_82D41043&REV_00\3&11583659&0&EF
    Manufacturer:
    Name: USB-controller
    PNP Device ID: PCI\VEN_8086&DEV_3A3A&SUBSYS_82D41043&REV_00\3&11583659&0&EF
    Service:
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ACPI\ATK0110\1010110
    Manufacturer:
    Name:
    PNP Device ID: ACPI\ATK0110\1010110
    Service:
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: SM-buscontroller
    Device ID: PCI\VEN_8086&DEV_3A30&SUBSYS_82D41043&REV_00\3&11583659&0&FB
    Manufacturer:
    Name: SM-buscontroller
    PNP Device ID: PCI\VEN_8086&DEV_3A30&SUBSYS_82D41043&REV_00\3&11583659&0&FB
    Service:
    .
    ==== System Restore Points ===================
    .
    RP38: 1-5-2010 19:00:16 - Installed Adobe Reader 9.3 - Nederlands.
    RP39: 6-5-2010 10:32:50 - Avg Update
    RP40: 12-5-2010 14:57:25 - Installed Supreme Commander (TM)
    RP41: 12-5-2010 14:57:38 - DirectX is geïnstalleerd.
    RP42: 15-5-2010 19:39:06 - Installed Far Cry 2
    RP43: 15-5-2010 19:46:29 - Geïnstalleerd: Microsoft Visual C++ 2005 Redistributable
    RP44: 15-5-2010 19:46:37 - DirectX is geïnstalleerd.
    RP45: 15-5-2010 20:04:48 - SPTD setup V1.58
    RP46: 15-5-2010 20:45:41 - Installed Command & Conquer The First Decade
    RP47: 16-5-2010 0:15:21 - Installed Command & Conquer The First Decade
    RP48: 25-5-2010 14:06:11 - Installed LG PC Suite II
    RP49: 25-5-2010 14:07:11 - Geïnstalleerd LG USB Modem driver
    RP50: 3-6-2010 8:50:34 - Avg Update
    RP51: 24-6-2010 19:17:17 - Verwijderd: OpenOffice.org 2.3
    RP52: 24-6-2010 19:18:13 - Geïnstalleerd: OpenOffice.org 3.2
    RP53: 30-6-2010 14:23:43 - Avg Update
    RP54: 9-7-2010 13:56:39 - Installed Java(TM) 6 Update 20
    RP55: 17-7-2010 9:13:25 - Avg Update
    RP56: 17-7-2010 9:14:07 - Avg Update
    RP57: 21-7-2010 10:28:07 - Avg Update
    RP58: 2-8-2010 19:02:59 - Installed Java(TM) 6 Update 21
    RP59: 23-9-2010 9:28:55 - Avg Update
    RP60: 23-9-2010 9:29:27 - Avg Update
    RP61: 5-10-2010 10:05:08 - Avg Update
    RP62: 17-10-2010 23:15:24 - Installed Quake Live Mozilla Plugin
    RP63: 27-10-2010 11:25:33 - Avg Update
    RP64: 4-11-2010 19:00:56 - Installed Samsung Media Studio 5
    RP65: 10-11-2010 10:38:06 - Avg Update
    RP66: 10-11-2010 10:38:22 - Avg Update
    RP67: 25-11-2010 11:14:59 - Avg Update
    RP68: 25-11-2010 11:15:27 - Avg Update
    RP69: 30-11-2010 12:26:38 - Installed Tom Clancy's Splinter Cell Conviction
    RP70: 30-11-2010 12:41:43 - DirectX is geïnstalleerd.
    RP71: 30-11-2010 12:42:41 - Installed Ubisoft Game Launcher
    RP72: 7-12-2010 17:50:26 - SPTD setup V1.74
    RP73: 7-12-2010 20:10:52 - Windows XP KB942288-v3 is geïnstalleerd.
    RP74: 7-12-2010 21:23:06 - Nero Multimedia Suite 10 geïnstalleerd.
    RP75: 10-12-2010 17:37:50 - DirectX is geïnstalleerd.
    RP76: 24-12-2010 23:39:05 - DirectX is geïnstalleerd.
    RP77: 27-12-2010 1:20:20 - DirectX is geïnstalleerd.
    RP78: 29-1-2011 13:15:18 - Installed Half-Life(R) 2
    RP79: 6-2-2011 0:34:31 - DirectX is geïnstalleerd.
    RP80: 6-2-2011 0:35:47 - Installed Duty Calls.
    RP81: 9-2-2011 16:32:43 - Installed MagicTune Premium
    RP82: 11-2-2011 14:13:29 - Removed MagicTune Premium
    RP83: 11-2-2011 14:15:08 - Installed MagicTune Premium
    RP84: 11-2-2011 14:25:13 - Removed MagicTune Premium
    RP85: 11-2-2011 14:26:52 - Installed MagicTune Premium
    RP86: 16-2-2011 23:20:03 - DirectX is geïnstalleerd.
    RP87: 16-2-2011 23:33:53 - DirectX is geïnstalleerd.
    RP88: 18-2-2011 12:54:51 - DirectX is geïnstalleerd.
    RP89: 20-2-2011 15:17:37 - DirectX is geïnstalleerd.
    RP90: 20-2-2011 23:40:35 - DirectX is geïnstalleerd.
    RP91: 23-2-2011 13:15:46 - DirectX is geïnstalleerd.
    RP92: 23-2-2011 15:35:16 - Installed Razer Naga.
    RP93: 25-2-2011 21:58:37 - Removed Duty Calls.
    RP94: 26-2-2011 0:47:08 - DirectX is geïnstalleerd.
    RP95: 26-2-2011 0:47:30 - Installed NVIDIA PhysX
    RP96: 26-2-2011 0:48:35 - DirectX is geïnstalleerd.
    RP97: 26-2-2011 0:54:35 - Installed Windows Live ID Sign-in Assistant
    RP98: 26-2-2011 0:54:44 - Installed Microsoft Games for Windows - LIVE Redistributable
    RP99: 3-3-2011 16:49:44 - Installed Windows Media Format Runtime
    RP100: 3-3-2011 18:32:29 - Geïnstalleerd: iTunes
    RP101: 3-3-2011 18:40:20 - Verwijderd: Apple Mobile Device Support
    RP102: 3-3-2011 18:42:19 - Removed Apple Application Support
    RP103: 3-3-2011 18:52:42 - Verwijderd: Apple Software Update
    RP104: 3-3-2011 18:53:04 - Verwijderd: iTunes
    RP105: 3-3-2011 19:04:31 - Nero Multimedia Suite 10 verwijderd.
    RP106: 3-3-2011 19:46:13 - Removed LG PC Suite II
    RP107: 3-3-2011 19:46:46 - Verwijderd LG USB Modem driver
    RP108: 3-3-2011 20:35:35 - Removed Half-Life(R) 2
    RP109: 4-3-2011 8:31:44 - Printerstuurprogramma Microsoft XPS Document W is geïnstalleerd
    RP110: 5-3-2011 22:04:21 - DirectX is geïnstalleerd.
    RP111: 5-3-2011 22:28:32 - DirectX is geïnstalleerd.
    RP112: 5-3-2011 22:29:19 - Installed Windows Media Format Runtime
    RP113: 6-3-2011 11:51:30 - DirectX is geïnstalleerd.
    RP114: 8-3-2011 13:49:36 - DirectX is geïnstalleerd.
    RP115: 10-3-2011 0:15:16 - DirectX is geïnstalleerd.
    RP116: 14-3-2011 16:12:10 - Avg Update
    RP117: 14-3-2011 16:12:53 - Avg Update
    RP118: 29-3-2011 13:13:38 - DirectX is geïnstalleerd.
    RP119: 10-4-2011 19:53:51 - Geïnstalleerd Mumble 1.2.3
    RP120: 6-5-2011 10:14:36 - Avg Update
    RP121: 10-5-2011 10:14:46 - Avg Update
    RP122: 12-5-2011 10:06:11 - Avg Update
    RP123: 21-5-2011 17:22:39 - Installed The Witcher 2
    RP124: 30-5-2011 16:42:33 - DirectX is geïnstalleerd.
    RP125: 30-5-2011 16:43:26 - Configured Ubisoft Game Launcher
    RP126: 3-6-2011 10:56:02 - DirectX is geïnstalleerd.
    RP127: 7-6-2011 14:59:44 - Installed ProductName from default.wxl
    RP128: 9-6-2011 13:21:56 - Geïnstalleerd AVG 2011
    RP129: 9-6-2011 13:23:14 - Removed AVG Free 9.0
    RP130: 9-6-2011 13:23:36 - Geïnstalleerd AVG 2011
    RP131: 9-6-2011 13:48:50 - Verwijderd AVG 2011
    RP132: 9-6-2011 13:49:39 - Verwijderd AVG 2011
    RP133: 9-6-2011 14:04:42 - Software Distribution Service 3.0
    RP134: 9-6-2011 14:09:54 - Verwijderd: Bonjour
    RP135: 9-6-2011 14:12:54 - Removed Command & Conquer™ 4 Tiberian Twilight
    RP136: 9-6-2011 14:14:08 - Removed Dragon Age II
    RP137: 9-6-2011 14:15:10 - Removed Far Cry 2
    RP138: 9-6-2011 14:16:23 - Removed GPGNet
    RP139: 9-6-2011 14:17:03 - Removed MagicTune Premium
    RP140: 9-6-2011 14:27:02 - Removed Quake Live Mozilla Plugin
    RP141: 9-6-2011 14:29:10 - Removed Supreme Commander (TM)
    RP142: 9-6-2011 14:56:10 - Removed LightScribe System Software.
    RP143: 10-6-2011 9:16:34 - Software Distribution Service 3.0
    RP144: 11-6-2011 9:20:23 - Software Distribution Service 3.0
    RP145: 11-6-2011 9:49:15 - Software Distribution Service 3.0
    RP146: 1-1-2002 7:40:58 - Software Distribution Service 3.0
    RP147: 15-6-2011 8:16:21 - Software Distribution Service 3.0
    RP148: 16-6-2011 9:37:10 - Software Distribution Service 3.0
    RP149: 17-6-2011 10:22:00 - Software Distribution Service 3.0
    RP150: 18-6-2011 10:36:30 - Software Distribution Service 3.0
    RP151: 18-6-2011 13:18:56 - Removed Adobe Reader 9.3 - Nederlands.
    RP152: 18-6-2011 13:20:26 - Removed Java(TM) 6 Update 21
    RP153: 18-6-2011 13:23:28 - Removed Java(TM) 6 Update 21
    RP154: 18-6-2011 13:27:19 - Installed Java(TM) 6 Update 26
    .
    ==== Installed Programs ======================
    .
    Aangifte inkomstenbelasting 2007
    Aangifte inkomstenbelasting 2008
    Aangifte inkomstenbelasting 2009
    ABC Amber ePub Converter
    ABC Amber LIT Converter
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Shockwave Player 11.5
    Akamai NetSession Interface
    AMD APP SDK Runtime
    Application Profiles
    Assassin's Creed
    Assassin's Creed II
    ATI AVIVO Codecs
    ATI Catalyst Install Manager
    ATI Catalyst Registration
    ATI MCE Encoder
    ATI Problem Report Wizard
    µTorrent
    Battlefield: Bad Company™ 2
    Beveiligingsupdate for Windows XP (KB941569)
    Beveiligingsupdate voor Windows Media Player (KB2378111)
    Beveiligingsupdate voor Windows Media Player (KB952069)
    Beveiligingsupdate voor Windows Media Player (KB954155)
    Beveiligingsupdate voor Windows Media Player (KB973540)
    Beveiligingsupdate voor Windows Media Player (KB975558)
    Beveiligingsupdate voor Windows Media Player (KB978695)
    Beveiligingsupdate voor Windows XP (KB2079403)
    Beveiligingsupdate voor Windows XP (KB2115168)
    Beveiligingsupdate voor Windows XP (KB2121546)
    Beveiligingsupdate voor Windows XP (KB2229593)
    Beveiligingsupdate voor Windows XP (KB2296011)
    Beveiligingsupdate voor Windows XP (KB2347290)
    Beveiligingsupdate voor Windows XP (KB2360937)
    Beveiligingsupdate voor Windows XP (KB2387149)
    Beveiligingsupdate voor Windows XP (KB2393802)
    Beveiligingsupdate voor Windows XP (KB2412687)
    Beveiligingsupdate voor Windows XP (KB2419632)
    Beveiligingsupdate voor Windows XP (KB2423089)
    Beveiligingsupdate voor Windows XP (KB2440591)
    Beveiligingsupdate voor Windows XP (KB2443105)
    Beveiligingsupdate voor Windows XP (KB2476687)
    Beveiligingsupdate voor Windows XP (KB2478960)
    Beveiligingsupdate voor Windows XP (KB2478971)
    Beveiligingsupdate voor Windows XP (KB2479943)
    Beveiligingsupdate voor Windows XP (KB2481109)
    Beveiligingsupdate voor Windows XP (KB2483185)
    Beveiligingsupdate voor Windows XP (KB2485663)
    Beveiligingsupdate voor Windows XP (KB2497640)
    Beveiligingsupdate voor Windows XP (KB2503658)
    Beveiligingsupdate voor Windows XP (KB2506212)
    Beveiligingsupdate voor Windows XP (KB2506223)
    Beveiligingsupdate voor Windows XP (KB2507618)
    Beveiligingsupdate voor Windows XP (KB2508272)
    Beveiligingsupdate voor Windows XP (KB2508429)
    Beveiligingsupdate voor Windows XP (KB2509553)
    Beveiligingsupdate voor Windows XP (KB2510581)
    Beveiligingsupdate voor Windows XP (KB2511455)
    Beveiligingsupdate voor Windows XP (KB2524375)
    Beveiligingsupdate voor Windows XP (KB923561)
    Beveiligingsupdate voor Windows XP (KB946648)
    Beveiligingsupdate voor Windows XP (KB950762)
    Beveiligingsupdate voor Windows XP (KB950974)
    Beveiligingsupdate voor Windows XP (KB951376-v2)
    Beveiligingsupdate voor Windows XP (KB952004)
    Beveiligingsupdate voor Windows XP (KB952954)
    Beveiligingsupdate voor Windows XP (KB954459)
    Beveiligingsupdate voor Windows XP (KB956572)
    Beveiligingsupdate voor Windows XP (KB956744)
    Beveiligingsupdate voor Windows XP (KB956802)
    Beveiligingsupdate voor Windows XP (KB956844)
    Beveiligingsupdate voor Windows XP (KB958644)
    Beveiligingsupdate voor Windows XP (KB959426)
    Beveiligingsupdate voor Windows XP (KB960803)
    Beveiligingsupdate voor Windows XP (KB960859)
    Beveiligingsupdate voor Windows XP (KB961501)
    Beveiligingsupdate voor Windows XP (KB969059)
    Beveiligingsupdate voor Windows XP (KB971657)
    Beveiligingsupdate voor Windows XP (KB972270)
    Beveiligingsupdate voor Windows XP (KB973507)
    Beveiligingsupdate voor Windows XP (KB973869)
    Beveiligingsupdate voor Windows XP (KB973904)
    Beveiligingsupdate voor Windows XP (KB974112)
    Beveiligingsupdate voor Windows XP (KB974318)
    Beveiligingsupdate voor Windows XP (KB974392)
    Beveiligingsupdate voor Windows XP (KB974571)
    Beveiligingsupdate voor Windows XP (KB975025)
    Beveiligingsupdate voor Windows XP (KB975467)
    Beveiligingsupdate voor Windows XP (KB975560)
    Beveiligingsupdate voor Windows XP (KB975562)
    Beveiligingsupdate voor Windows XP (KB975713)
    Beveiligingsupdate voor Windows XP (KB977816)
    Beveiligingsupdate voor Windows XP (KB977914)
    Beveiligingsupdate voor Windows XP (KB978338)
    Beveiligingsupdate voor Windows XP (KB978542)
    Beveiligingsupdate voor Windows XP (KB978601)
    Beveiligingsupdate voor Windows XP (KB978706)
    Beveiligingsupdate voor Windows XP (KB979309)
    Beveiligingsupdate voor Windows XP (KB979482)
    Beveiligingsupdate voor Windows XP (KB979687)
    Beveiligingsupdate voor Windows XP (KB980436)
    Beveiligingsupdate voor Windows XP (KB981322)
    Beveiligingsupdate voor Windows XP (KB981997)
    Beveiligingsupdate voor Windows XP (KB982132)
    Beveiligingsupdate voor Windows XP (KB982665)
    Borderlands
    Call of Duty: Black Ops
    Call of Duty: Black Ops - Multiplayer
    Call of Duty: Modern Warfare 2
    Call of Duty: Modern Warfare 2 - Multiplayer
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    ccc-utility
    CCC Help English
    ContentSAFER for Wizmax
    Core Temp version 0.99.8
    CPUID CPU-Z 1.55
    Creative Centrale
    Creative Software Update
    Creative ZEN X-Fi-Gebruikershandleiding
    Crysis® 2
    DAEMON Tools Toolbar
    DirectX10 LV (Last Version)
    DirectX10 RC2 Pre Fix 3
    DivX Setup
    Dragon Age II
    Dragon Age: Origins - Ultimate Edition
    eReg
    Find and Mount 2.3
    Fraps (remove only)
    GIMP 2.6.11
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix voor Windows XP (KB2443685)
    Hotfix voor Windows XP (KB942288-v3)
    Hotfix voor Windows XP (KB952287)
    Hotfix voor Windows XP (KB961118)
    HydraVision
    IconPackager
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 6 Update 26
    Logitech GamePanel Software 3.04.137
    Malwarebytes' Anti-Malware versie 1.51.0.1200
    Mass Effect
    Mass Effect 2
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD
    Microsoft .NET Framework 3.0 Dutch Language Pack
    Microsoft .NET Framework 3.0 Nederlands taalpakket
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD
    Microsoft .NET Framework 3.5 Language Pack SP1 - nld
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Antimalware Service NL-NL Language Pack
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Security Client
    Microsoft Security Client NL-NL Language Pack
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox (3.6.17)
    MSXML 6.0 Parser (KB925673)
    MultiRes (remove only)
    Mumble 1.2.3
    MyFreeCodec
    Notepad++
    NVIDIA PhysX
    OpenAL
    OpenOffice.org 3.2
    PCI Audio Driver
    Philips Songbird
    PunkBuster Services
    Radeon Omega Drivers v4.8.442 Setup Files and Tools
    Razer Naga
    Realtek HDMI Audio Driver for ATI
    Realtek High Definition Audio Driver
    Red Faction II
    Red Faction: Guerrilla
    Riva FLV Encoder 2.0
    Samsung Media Studio 5
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    StarCraft II
    Supreme Commander 2
    Switch Sound File Converter
    Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
    TeamSpeak 3 Client
    The Witcher 2
    Tom Clancy's Rainbow Six: Vegas 2
    Tom Clancy's Splinter Cell Conviction
    Tom Clancy's Splinter Cell: Double Agent
    Ubisoft Game Launcher
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update voor Windows XP (KB898461)
    Update voor Windows XP (KB951978)
    Update voor Windows XP (KB955759)
    Update voor Windows XP (KB968389)
    Update voor Windows XP (KB971029)
    Update voor Windows XP (KB973687)
    Update voor Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    Ventrilo Client
    Verzoek of wijziging voorlopige aanslag 2009
    VLC media player 1.0.5
    Warhammer® 40,000™: Dawn of War® II
    WebFldrs XP
    Windows Live ID Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Presentation Foundation
    Windows Presentation Foundation Language Pack (NLD)
    Windows XP Service Pack 3
    WinRAR archiver
    World of Warcraft
    XML Paper Specification Shared Components Language Pack 1.0
    XML Paper Specification Shared Components Pack 1.0
    Xvid Video Codec
    ZEN V Series Media Explorer
    .
    ==== End Of File ===========================
     
  11. Domiro

    Domiro TS Rookie Topic Starter Posts: 22

    Right, that's everything. Sorry for huge pile of posts, had to copy, cut and paste to get posts as close as possible to the 50K limit.

    MBAM keeps blocking remote access (Or rather, my PC is trying to contact an outside IP), happens every 15 minutes or so. I can note down the IP if needed. Thanks in advance for any help.
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =================================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
     
  13. Domiro

    Domiro TS Rookie Topic Starter Posts: 22

    aswMBR file;

    aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-18 21:13:34
    -----------------------------
    21:13:34.140 OS Version: Windows 5.1.2600 Service Pack 3
    21:13:34.140 Number of processors: 2 586 0x170A
    21:13:34.140 ComputerName: LENNART UserName:
    21:13:35.078 Initialize success
    21:13:43.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-14
    21:13:43.500 Disk 0 Vendor: SAMSUNG_HD642JJ 1AA01108 Size: 610480MB BusType: 3
    21:13:43.500 Disk 0 MBR read error 0
    21:13:43.515 Disk 0 MBR scan
    21:13:43.515 Disk 0 unknown MBR code
    21:13:43.515 MBR BIOS signature not found 0
    21:13:43.515 Disk 0 scanning sectors +1250258624
    21:13:43.515 Disk 0 scanning C:\WINDOWS\system32\drivers
    21:13:46.171 Service scanning
    21:13:47.453 Disk 0 trace - called modules:
    21:13:47.453 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8acc85f0]<<
    21:13:47.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae52ab8]
    21:13:47.453 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000074[0x8aefc198]
    21:13:47.468 5 ACPI.sys[b9e53620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-14[0x8ae55d98]
    21:13:47.796 Scan finished successfully
    21:14:07.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lennart de Groot\MBR.dat"
    21:14:07.890 The log file has been saved successfully to "C:\Documents and Settings\Lennart de Groot\aswMBR.txt"
    21:17:06.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lennart de Groot\Bureaublad\MBR.dat"
    21:17:06.281 The log file has been saved successfully to "C:\Documents and Settings\Lennart de Groot\Bureaublad\aswMBR.txt"

    ============

    Rootkit Unhooker


    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0xB95DA000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 6868992 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
    0xACD35000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6168576 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
    0xBF25F000 C:\WINDOWS\System32\ati3duag.dll 4018176 bytes (ATI Technologies Inc. , ati3duag.dll)
    0xBF9C6000 C:\WINDOWS\System32\ativvaxx.dll 3268608 bytes (Advanced Micro Devices, Inc. , Radeon Video Acceleration Universal Driver)
    0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2158592 bytes (Microsoft Corporation, NT-kernel & -systeem)
    0x804D7000 PnpManager 2158592 bytes
    0x804D7000 RAW 2158592 bytes
    0x804D7000 WMIxWDM 2158592 bytes
    0xBF800000 Win32k 1859584 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32-stuurprogramma)
    0xB9E94000 PCI_PNP5400 1126400 bytes
    0xB9E94000 sptd.sys 1126400 bytes
    0xBF060000 C:\WINDOWS\System32\ati2cqag.dll 851968 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
    0xBF130000 C:\WINDOWS\System32\atikvmag.dll 716800 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
    0xB9CF6000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xBF1DF000 C:\WINDOWS\System32\atiok3x2.dll 524288 bytes (Advanced Micro Devices, Inc., Ring 0 x2 component)
    0xAC9C3000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
    0xACA87000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xB93A1000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xACC32000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xA9F06000 C:\WINDOWS\system32\drivers\xcpip.sys 364544 bytes
    0xA8A4B000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
    0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 319488 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
    0xBF634000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xA8497000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xB951F000 C:\WINDOWS\System32\Drivers\ayu81ieq.SYS 229376 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
    0xB93FF000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0xB9E4D000 ACPI.sys 192512 bytes (Microsoft Corporation, ACPI-stuurprogramma voor NT)
    0xA8BBB000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xB9CC9000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xA5776000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
    0xACAF7000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xB959E000 C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
    0xACC0A000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xACCBE000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
    0xB9DF7000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT-schijfbeheer I/O-stuurprogramma)
    0xACBE4000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
    0xA8EDD000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
    0xAD317000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xB957A000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xB9557000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xA8618000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
    0xACBC2000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x806E6000 ACPI_HAL 134400 bytes
    0x806E6000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xB9DBF000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xB9E1D000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT-schijfstuurprogramma)
    0xAD33B000 C:\WINDOWS\system32\drivers\AtiHdmi.sys 114688 bytes (ATI Technologies, Inc., ATI High Definition Audio Function Driver)
    0xB9CAF000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xACA34000 C:\WINDOWS\system32\DRIVERS\RzSynapse.sys 106496 bytes (Razer USA Ltd, Razer Synapse Engine)
    0xA55F5000 C:\DOCUME~1\LENNAR~1\LOCALS~1\Temp\uxrdapob.sys 102400 bytes
    0xB9DDF000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xAC9AB000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
    0xB9E7C000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
    0xB9D96000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xB9508000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xA9929000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xB95C6000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xACC8B000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xB9D83000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
    0xA9F5F000 C:\WINDOWS\system32\drivers\xpsec.sys 77824 bytes
    0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xB9DAD000 sr.sys 73728 bytes (Microsoft Corporation, Stuurprogramma voor systeemherstel)
    0xB9E3C000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug en Play PCI-enumerator)
    0xB942F000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xACA4E000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
    0xA9081000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xBA288000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xBA2A8000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
    0xBA0A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0xBA2B8000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Stuurprogramma voor serieel apparaat)
    0xBA1F8000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
    0xBA188000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xBA298000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter-stuurprogramma)
    0xA9C0E000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xBA248000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
    0xBA198000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xBA0B8000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0xBA0E8000 VolSnap.sys 57344 bytes (Microsoft Corporation, Volume Shadow Copy-stuurprogramma)
    0xB94F8000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
    0xBA108000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xBA2C8000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xBA2E8000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xA81F7000 C:\DOCUME~1\LENNAR~1\LOCALS~1\Temp\aswMBR.sys 45056 bytes
    0xBA208000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Cryptografisch FIPS-stuurprogramma)
    0xBA278000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xBA2D8000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xBA258000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Processorstuurprogramm)
    0xBA0C8000 isapnp.sys 40960 bytes (Microsoft Corporation, Stuurprogramma voor PNP ISA-bus)
    0xBA318000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xBA118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0xBA308000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xA82EF000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xBA268000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
    0xA8883000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
    0xBA2F8000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xBA1D8000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xBA1C8000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xBA498000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xBA340000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0xBA3A8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xBA3C8000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
    0xBA480000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0xBA448000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Stuurprogramma voor verschillende toetsenbordtypen)
    0xBA4B0000 C:\DOCUME~1\LENNAR~1\LOCALS~1\Temp\mbr.sys 28672 bytes
    0xBA328000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xBA3B8000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0xBA450000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Stuurprogramma voor muistypen)
    0xBA3F8000 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A051BF8-968F-4308-8B02-A249D09807BF}\MpKsl25b5d496.sys 24576 bytes (Microsoft Corporation, KSLDriver)
    0xBA4A8000 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FDB8B8D-373E-4B57-8872-6ECB23BC3077}\MpKslf962e264.sys 24576 bytes
    0xBA3E8000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
    0xBA3A0000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0xBA488000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xBA468000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
    0xBA490000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xBA438000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xBA440000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xBA3C0000 C:\WINDOWS\System32\DRIVERS\RTL8029.SYS 20480 bytes (Realtek Semiconductor Corporation, NDIS 5.0 driver)
    0xBA430000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xBA380000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xBA544000 C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys 16384 bytes
    0xA8E71000 C:\WINDOWS\system32\drivers\cpuz134_x32.sys 16384 bytes (Windows (R) Win 7 DDK provider, CPUID Driver)
    0xACD0D000 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, Stuurprogramma voor HID-muisfilter)
    0xBA5A0000 C:\WINDOWS\system32\drivers\LGBusEnum.sys 16384 bytes (Logitech Inc., Logitech WingMan Virtual Bus Enumerator Driver)
    0xA8F51000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
    0xBA59C000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xA9CC6000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xBA570000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
    0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xACD05000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xACD19000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0xACD15000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, Stuurprogramma voor HID-muisfilter)
    0xBA580000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xB9389000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xBA5EA000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
    0xBA5F4000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
    0xBA5E8000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xBA5BE000 C:\WINDOWS\system32\drivers\LGVirHid.sys 8192 bytes (Logitech Inc., Logitech GamePanel Virtual Hid Device Driver)
    0xBA5EC000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xBA5EE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xBA5CA000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xBA5D6000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xBA5AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xBA7D7000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xBA7C6000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xBA74D000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
    0xBA712000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus-stuurprogramma)
    0x8AEFE1F8 unknown_irp_handler 3592 bytes
    0x8A0341F8 unknown_irp_handler 3592 bytes
    0x8A59F1F8 unknown_irp_handler 3592 bytes
    0x89EFC1F8 unknown_irp_handler 3592 bytes
    0x8ACBA430 unknown_irp_handler 3024 bytes
    0x8ACBF430 unknown_irp_handler 3024 bytes
    0x8ACA1430 unknown_irp_handler 3024 bytes
    0x8ACC7430 unknown_irp_handler 3024 bytes
    0x8ACBD430 unknown_irp_handler 3024 bytes
    0x8AC70430 unknown_irp_handler 3024 bytes
    ==============================================
    >Stealth
    ==============================================
    0x8A549AFE Unknown page with executable code, 1282 bytes
    0x8A557AC4 Unknown page with executable code, 1340 bytes
    0x8A54A54E Unknown page with executable code, 2738 bytes
    0x8A54B502 Unknown page with executable code, 2814 bytes
    0x8A54A33B Unknown page with executable code, 3269 bytes
    0x8A535E9A Unknown page with executable code, 358 bytes
    0x8A515194 Unknown page with executable code, 3692 bytes
    0x8A53605F Unknown page with executable code, 4001 bytes
    0x8A54CDAE Unknown page with executable code, 594 bytes
    WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]


    !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
     
  14. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  15. Domiro

    Domiro TS Rookie Topic Starter Posts: 22

    Right, had some trouble with this step. I downloaded ComboFix, shut down Anti-Virus and Malware apps and closed all remaining apps including FireFox. Double-clicked, allowed ComboFix to update itself as described.

    Prompt appeared where it stated that it was creating a recovery point. After this happened the PC went into a blue screen (Didn't look like a BSOD), stating a hardware issue arrised and if the problem persisted I was to boot into safe mode.

    PC rebooted, I checked for the ComboFix.txt file, yet nothing there. Let ComboFix run again, not it starting scanning, finished and stated it was creating a log file. Explorer.exe error appeared and nothing happened for several minutes. After that I rebooted manually, ran ComboFix for the final time (At this point I was doubting as to whether I should run it in safe mode, as technically the app runs). It scanned, created a log and finished.

    My quote button works fine again (It double-quoted for whatever reason), some settings have changed (The way explorer looks, etc) and FireFox wasn't default browser anymore (Which I believe is normal).

    As stated in the guide, I didn't touch the CombofFix screen unless prompted, didn't open my browser, just left the PC alone.

    ComboFix Textlog below


    ComboFix 11-06-17.04 - Lennart de Groot 18-06-2011 22:32:06.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2609 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Lennart de Groot\Bureaublad\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Voorgaande Run -------
    .
    c:\documents and settings\Lennart de Groot\Menu Start\Programma's\Opstarten\OpenOffice.org 2.3 .lnk
    c:\documents and settings\Lennart de Groot\Menu Start\Programma's\Opstarten\OpenOffice.org 3.2 .lnk
    c:\windows\system32\muzapp.exe
    E:\install.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-05-18 to 2011-06-18 ))))))))))))))))))))))))))))))
    .
    .
    2011-06-18 20:28 . 2011-06-18 20:28 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
    2011-06-18 20:28 . 2011-06-18 20:28 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
    2011-06-18 20:28 . 2011-06-18 20:28 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
    2011-06-18 20:28 . 2011-06-18 20:28 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
    2011-06-18 20:28 . 2011-06-18 20:28 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
    2011-06-18 20:28 . 2011-06-18 20:28 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
    2011-06-18 20:28 . 2011-06-18 20:28 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
    2011-06-18 20:28 . 2011-06-18 20:28 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
    2011-06-18 20:28 . 2011-06-18 20:28 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
    2011-06-18 20:28 . 2011-06-18 20:28 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
    2011-06-18 20:28 . 2011-06-18 20:28 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
    2011-06-18 20:28 . 2011-06-18 20:28 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
    2011-06-18 20:27 . 2011-06-18 20:27 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
    2011-06-18 20:27 . 2011-06-18 20:27 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
    2011-06-18 20:27 . 2011-06-18 20:27 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
    2011-06-18 20:27 . 2011-06-18 20:27 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
    2011-06-18 20:27 . 2011-06-18 20:27 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
    2011-06-18 11:27 . 2011-06-18 11:27 -------- d-----w- c:\program files\Common Files\Java
    2011-06-18 11:27 . 2011-06-18 11:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-06-18 11:27 . 2011-06-18 11:27 -------- d-----w- c:\program files\Java
    2011-06-18 09:52 . 2011-06-18 09:52 -------- d-----w- c:\documents and settings\Lennart de Groot\Application Data\Malwarebytes
    2011-06-18 09:52 . 2011-06-18 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-06-18 09:52 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-18 09:50 . 2011-06-18 11:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-18 09:50 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-18 08:36 . 2011-05-09 11:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A051BF8-968F-4308-8B02-A249D09807BF}\mpengine.dll
    2011-06-11 07:49 . 2011-05-09 11:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-06-10 08:16 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-06-10 08:16 . 2010-08-23 16:13 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-06-10 08:16 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-06-10 08:15 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-06-10 08:01 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-06-10 08:01 . 2009-10-15 16:38 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-06-10 08:01 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-06-10 08:01 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2011-06-10 08:01 . 2009-03-06 14:23 285696 -c----w- c:\windows\system32\dllcache\pdh.dll
    2011-06-10 08:01 . 2009-02-09 11:27 111104 -c----w- c:\windows\system32\dllcache\services.exe
    2011-06-10 08:01 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2011-06-10 08:01 . 2009-02-09 10:56 684544 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2011-06-10 08:01 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2011-06-10 08:01 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2011-06-10 08:00 . 2009-06-21 21:49 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2011-06-10 07:59 . 2010-06-14 07:43 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
    2011-06-10 07:59 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2011-06-10 07:58 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
    2011-06-10 07:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2011-06-10 07:53 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-06-10 07:53 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
    2011-06-10 07:51 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-06-10 07:50 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
    2011-06-10 07:19 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-06-10 07:17 . 2009-12-24 07:05 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
    2011-06-10 07:17 . 2010-01-13 14:06 87040 -c----w- c:\windows\system32\dllcache\cabview.dll
    2011-06-10 07:16 . 2011-06-18 11:48 -------- d--h--w- c:\windows\$hf_mig$
    2011-06-10 07:16 . 2010-07-16 11:58 221184 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2011-06-09 12:21 . 2010-11-09 14:52 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll
    2011-06-09 12:21 . 2010-11-09 14:52 200704 -c----w- c:\windows\system32\dllcache\msadox.dll
    2011-06-09 12:21 . 2010-11-09 14:52 143360 -c----w- c:\windows\system32\dllcache\msadco.dll
    2011-06-09 12:21 . 2010-11-09 14:52 102400 -c----w- c:\windows\system32\dllcache\msjro.dll
    2011-06-09 12:21 . 2010-11-09 14:52 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll
    2011-06-09 12:21 . 2010-11-09 14:52 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
    2011-06-09 12:04 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-06-09 12:01 . 2011-06-09 12:01 -------- d-----w- c:\program files\Microsoft Security Client
    2011-06-09 11:31 . 2011-06-09 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
    2011-06-09 11:25 . 2011-06-09 11:25 -------- d-----w- c:\documents and settings\Lennart de Groot\Application Data\AVG10
    2011-06-09 11:23 . 2011-06-09 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
    2011-06-09 11:16 . 2011-06-09 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-06-07 13:53 . 2011-06-07 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Solidshield
    2011-06-07 13:51 . 2011-06-07 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
    2011-06-07 13:51 . 2011-06-07 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\EA Core
    2011-05-30 14:47 . 2011-05-30 14:47 -------- d-----w- c:\documents and settings\Lennart de Groot\Local Settings\Application Data\Ubisoft Game Launcher
    2011-05-21 15:51 . 2011-05-21 15:51 -------- d-----w- c:\documents and settings\Lennart de Groot\Local Settings\Application Data\The Witcher 2
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-18 11:27 . 2010-07-09 11:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-06-03 08:59 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
    2011-06-03 08:59 . 2009-08-18 10:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-05-25 20:16 . 2010-04-12 07:59 140024 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-05-25 20:16 . 2010-04-12 08:15 280768 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2011-05-25 20:16 . 2010-04-12 07:58 280768 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-05-25 20:11 . 2010-04-12 07:58 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2011-04-20 02:41 . 2010-04-10 20:25 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
    2011-04-20 02:38 . 2010-04-10 21:51 311296 ----a-w- c:\windows\system32\atiiiexx.dll
    2011-04-20 02:29 . 2010-04-10 21:51 57344 ----a-w- c:\windows\system32\aticalrt.dll
    2011-04-20 02:29 . 2010-04-10 21:51 53248 ----a-w- c:\windows\system32\aticalcl.dll
    2011-04-20 02:24 . 2010-04-10 21:51 5459968 ----a-w- c:\windows\system32\aticaldd.dll
    2011-04-20 02:14 . 2010-04-10 21:51 17743872 ----a-w- c:\windows\system32\atioglxx.dll
    2011-04-20 02:04 . 2010-04-10 21:51 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-04-20 02:02 . 2010-04-10 20:25 302080 ----a-w- c:\windows\system32\ati2dvag.dll
    2011-04-20 02:01 . 2010-04-10 20:25 4017408 ----a-w- c:\windows\system32\ati3duag.dll
    2011-04-20 01:55 . 2011-03-09 09:15 1115008 ----a-w- c:\windows\system32\ativvamv.dll
    2011-04-20 01:45 . 2010-04-10 20:25 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
    2011-04-20 01:44 . 2010-04-10 21:51 212992 ----a-w- c:\windows\system32\atipdlxx.dll
    2011-04-20 01:44 . 2010-04-10 21:51 155648 ----a-w- c:\windows\system32\Oemdspif.dll
    2011-04-20 01:44 . 2010-04-10 21:51 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
    2011-04-20 01:44 . 2010-04-10 21:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2011-04-20 01:43 . 2010-04-10 21:51 188416 ----a-w- c:\windows\system32\ati2evxx.dll
    2011-04-20 01:42 . 2010-04-10 21:51 643072 ----a-w- c:\windows\system32\ati2evxx.exe
    2011-04-20 01:41 . 2010-04-10 21:51 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
    2011-04-20 01:40 . 2010-04-10 21:51 151552 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-04-20 01:36 . 2010-04-10 21:51 651264 ----a-w- c:\windows\system32\atikvmag.dll
    2011-04-20 01:34 . 2010-04-10 21:51 200704 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-04-20 01:33 . 2010-04-10 21:51 17408 ----a-w- c:\windows\system32\atitvo32.dll
    2011-04-20 01:30 . 2010-04-10 21:51 503808 ----a-w- c:\windows\system32\atiok3x2.dll
    2011-04-20 01:28 . 2010-04-10 20:25 851968 ----a-w- c:\windows\system32\ati2cqag.dll
    2011-04-20 01:27 . 2010-04-10 21:51 64512 ----a-w- c:\windows\system32\atimpc32.dll
    2011-04-20 01:27 . 2010-04-10 21:51 64512 ----a-w- c:\windows\system32\amdpcom32.dll
    2011-04-20 01:26 . 2010-04-10 21:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-04-19 21:10 . 2011-04-19 21:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
    2011-04-19 21:10 . 2011-04-19 21:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
    2011-02-16 22:51 . 2011-02-16 22:52 728858 ----a-w- c:\program files\Common Files\unins000.exe
    2008-03-09 06:25 . 2011-02-16 22:28 236 ----a-w- c:\program files\Common Files\dx.reg
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="f:\games\steam\steam.exe" [2011-02-25 1242448]
    "SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
    "Grid"="c:\program files\ATI Technologies\HydraVision\HydraGrd.exe" [2010-04-06 385024]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
    "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 868352]
    "9D6UWFXE7G3B9C5XVFXSSCNBM"="c:\sdjafsdjfsd\279A3E880B7.exe" [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "C-Media Mixer"="Mixer.exe" [2003-03-20 1855488]
    "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-12-10 357384]
    "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-12-10 1573384]
    "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-12-10 3203080]
    "RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
    "SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
    "Razer Naga Driver"="c:\program files\Razer\Naga\RazerNagaSysTray.exe" [2011-02-17 953744]
    "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
    "Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-04-19 380416]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Lennart de Groot\Menu Start\Programma's\Opstarten\
    ATI Tray Tools.lnk - c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "f:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
    "f:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "f:\\Games\\Steam\\steam.exe"=
    "f:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "f:\\Program Files\\StarCraft II\\StarCraft II.exe"=
    "f:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
    "f:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "f:\\Program Files\\StarCraft II\\Versions\\Base16755\\SC2.exe"=
    "f:\\Program Files\\StarCraft II\\Versions\\Base16939\\SC2.exe"=
    "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
    "f:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\conviction_game.exe"=
    "f:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\gu.exe"=
    "f:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\UPlayBrowser.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "f:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=
    "f:\\Games\\Steam\\SteamApps\\dark_eye_nl\\counter-strike source\\hl2.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\mass effect 2\\Binaries\\MassEffect2.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\mass effect 2\\MassEffect2Launcher.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\mass effect 2\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
    "f:\\Games\\Steam\\SteamApps\\common\\supreme commander 2\\bin\\SupremeCommander2.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\borderlands\\Binaries\\Borderlands.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javacpl.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\assassins creed\\AssassinsCreed_Game.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\dragon age ultimate edition\\DAOriginsLauncher.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\dragon age ultimate edition\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
    "f:\\Games\\Steam\\SteamApps\\common\\dragon age ultimate edition\\bin_ship\\DAOrigins.exe"=
    "c:\\Program Files\\Mumble\\mumble.exe"=
    "c:\\Program Files\\Mumble\\mumble11x.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\splinter cell - double agent\\SCDALauncher.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\splinter cell - double agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\mass effect\\Binaries\\MassEffect.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\mass effect\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
    "e:\\Program Files\\The Witcher 2\\bin\\witcher2.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOpsMP.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\assassin's creed 2\\AssassinsCreedIIGame.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOps.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\dragon age ii\\DragonAge2Launcher.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\dragon age ii\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
    "f:\\Games\\Steam\\SteamApps\\common\\red faction ii\\Red Faction II.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\red faction guerrilla\\rfg_launcher.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\red faction guerrilla\\rfg.exe"=
    "e:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6112:TCP"= 6112:TCP:WoW Downloader 6112
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "25565:TCP"= 25565:TCP:Minecraft
    "25566:TCP"= 25566:TCP:Minecraft2
    "3389:TCP"= 3389:TCP:Remote Desktop
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    "1410:TCP"= 1410:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15-5-2010 20:04 436792]
    R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [12-4-2010 16:21 17952]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7-9-2001 14:00 14336]
    R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [10-7-2010 21:35 20328]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11-2-2011 15:24 10448]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-6-2011 11:52 366640]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [23-11-2009 17:37 19720]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [12-4-2010 8:44 14856]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-6-2011 11:50 22712]
    R3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [23-2-2011 16:35 103424]
    R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
    R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
    S1 MpKsl08cddf9a;MpKsl08cddf9a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E8591EE-4FD2-4067-B6C1-C3560203FF35}\MpKsl08cddf9a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E8591EE-4FD2-4067-B6C1-C3560203FF35}\MpKsl08cddf9a.sys [?]
    S1 MpKslf962e264;MpKslf962e264;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FDB8B8D-373E-4B57-8872-6ECB23BC3077}\MpKslf962e264.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FDB8B8D-373E-4B57-8872-6ECB23BC3077}\MpKslf962e264.sys [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12-4-2010 14:08 1691480]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [6-10-2010 16:53 16512]
    S3 BlackBox;BlackBox SR2; [x]
    S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21-5-2008 13:42 64000]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;f:\games\Steam\SteamApps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [6-3-2011 1:51 25832]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [18-6-2011 11:52 39984]
    S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [11-4-2010 12:35 16456]
    S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [11-4-2010 12:35 11088]
    S3 slicedisk.sys;slicedisk.sys;c:\windows\system32\slicedisk.sys [11-4-2010 22:10 8832]
    S3 SliceDisk5;SliceDisk5;\??\c:\program files\A-FF Find and Mount\slicedisk.sys --> c:\program files\A-FF Find and Mount\slicedisk.sys [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-06-18 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
    .
    2011-06-18 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2002-01-01 21:18]
    .
    .
    ------- Bijkomende Scan -------
    .
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://operation7.fiaa.eu/OPLauncher.cab
    FF - ProfilePath - c:\documents and settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.volkskrant.nl
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
    FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    .
    ------- Bestandsassociaties -------
    .
    vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
    vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
    jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
    HKCU-Run-8F6X5AZYZI4D5CZIRBQOCJIUI - c:\sadoahskudh\sadoahskudh.exe
    HKCU-Run-9D6UWFXE7G3B9C5XVFXSSCNBM - c:\sdjafsdjfsd\279A3E880B7.exe
    AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
    AddRemove-2kv4.8.442 - c:\windows\Radeon Omega Drivers v4.8.442
    AddRemove-Switch - c:\program files\NCH Swift Sound\Switch\uninst.exe
    AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files\Common Files\BioWare\Uninstall Mass Effect 2.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-18 22:36
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen ...
    .
    scannen van verborgen autostart items ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    9E6XYH0W0DYH3C2EMRAC = c:\iduhsfuisdf\28ED27230B7.exe /q
    .
    scannen van verborgen bestanden ...
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "9E6XYH0W0DYH3C2EMRAC"="c:\\iduhsfuisdf\\28ED27230B7.exe /q"
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-789336058-616249376-725345543-1003\Software\SecuROM\License information*]
    "datasecu"=hex:b2,c1,48,9e,43,18,5a,b2,f6,df,d4,a1,6c,72,ef,d3,a5,27,03,15,7f,
    5c,e7,4f,9f,ac,e4,83,77,ae,ef,80,e3,d4,b7,03,2c,9c,77,83,88,74,c0,7c,25,76,\
    "rkeysecu"=hex:41,0c,08,e9,f6,31,10,b0,48,85,6f,c2,c7,2d,48,08
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------
    .
    - - - - - - - > 'winlogon.exe'(640)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    - - - - - - - > 'explorer.exe'(1636)
    c:\program files\ATI Technologies\HydraVision\HydraGH.dll
    c:\windows\system32\msi.dll
    c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
    .
    Voltooingstijd: 2011-06-18 22:37:57
    ComboFix-quarantined-files.txt 2011-06-18 20:37
    .
    Pre-Run: 46.408.261.632 bytes beschikbaar
    Post-Run: 46.362.284.032 bytes beschikbaar
    .
    - - End Of File - - FC96521BD99A8BEB9C767BE817A498B2
     
  16. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\drivers\xcpip.sys
    c:\windows\system32\drivers\xpsec.sys
    
    
    Folder::
    c:\sdjafsdjfsd
    
    Driver::
    xcpip
    xpsec
    BlackBox
    
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "9D6UWFXE7G3B9C5XVFXSSCNBM"=-
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    9E6XYH0W0DYH3C2EMRAC =-
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  17. Domiro

    Domiro TS Rookie Topic Starter Posts: 22

    ComboFix 11-06-17.04 - Lennart de Groot 18-06-2011 23:39:12.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2511 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Lennart de Groot\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Lennart de Groot\Bureaublad\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    FILE ::
    "c:\windows\system32\drivers\xcpip.sys"
    "c:\windows\system32\drivers\xpsec.sys"
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\sdjafsdjfsd
    c:\sdjafsdjfsd\857C612CCE06AB4
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_BLACKBOX
    -------\Service_BlackBox
    -------\Service_xcpip
    -------\Service_xpsec
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-05-18 to 2011-06-18 ))))))))))))))))))))))))))))))
    .
    .
    2011-06-18 20:47 . 2011-05-09 11:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3C8D7CA-F673-489F-9574-E4A229964C12}\mpengine.dll
    2011-06-18 20:28 . 2011-06-18 20:28 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
    2011-06-18 20:28 . 2011-06-18 20:28 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
    2011-06-18 20:28 . 2011-06-18 20:28 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
    2011-06-18 20:28 . 2011-06-18 20:28 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
    2011-06-18 20:28 . 2011-06-18 20:28 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
    2011-06-18 20:28 . 2011-06-18 20:28 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
    2011-06-18 20:28 . 2011-06-18 20:28 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
    2011-06-18 20:28 . 2011-06-18 20:28 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
    2011-06-18 20:28 . 2011-06-18 20:28 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
    2011-06-18 20:28 . 2011-06-18 20:28 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
    2011-06-18 20:28 . 2011-06-18 20:28 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
    2011-06-18 20:28 . 2011-06-18 20:28 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
    2011-06-18 20:27 . 2011-06-18 20:27 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
    2011-06-18 20:27 . 2011-06-18 20:27 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
    2011-06-18 20:27 . 2011-06-18 20:27 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
    2011-06-18 20:27 . 2011-06-18 20:27 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
    2011-06-18 20:27 . 2011-06-18 20:27 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
    2011-06-18 11:27 . 2011-06-18 11:27 -------- d-----w- c:\program files\Common Files\Java
    2011-06-18 11:27 . 2011-06-18 11:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-06-18 11:27 . 2011-06-18 11:27 -------- d-----w- c:\program files\Java
    2011-06-18 09:52 . 2011-06-18 09:52 -------- d-----w- c:\documents and settings\Lennart de Groot\Application Data\Malwarebytes
    2011-06-18 09:52 . 2011-06-18 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-06-18 09:52 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-18 09:50 . 2011-06-18 11:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-18 09:50 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-11 07:49 . 2011-05-09 11:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-06-10 08:16 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-06-10 08:16 . 2010-08-23 16:13 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-06-10 08:16 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-06-10 08:15 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-06-10 08:01 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-06-10 08:01 . 2009-10-15 16:38 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-06-10 08:01 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-06-10 08:01 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2011-06-10 08:01 . 2009-03-06 14:23 285696 -c----w- c:\windows\system32\dllcache\pdh.dll
    2011-06-10 08:01 . 2009-02-09 11:27 111104 -c----w- c:\windows\system32\dllcache\services.exe
    2011-06-10 08:01 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2011-06-10 08:01 . 2009-02-09 10:56 684544 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2011-06-10 08:01 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2011-06-10 08:01 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2011-06-10 08:00 . 2009-06-21 21:49 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2011-06-10 07:59 . 2010-06-14 07:43 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
    2011-06-10 07:59 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2011-06-10 07:58 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
    2011-06-10 07:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2011-06-10 07:53 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-06-10 07:53 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
    2011-06-10 07:51 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-06-10 07:50 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
    2011-06-10 07:19 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-06-10 07:17 . 2009-12-24 07:05 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
    2011-06-10 07:17 . 2010-01-13 14:06 87040 -c----w- c:\windows\system32\dllcache\cabview.dll
    2011-06-10 07:16 . 2011-06-18 11:48 -------- d--h--w- c:\windows\$hf_mig$
    2011-06-10 07:16 . 2010-07-16 11:58 221184 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2011-06-09 12:21 . 2010-11-09 14:52 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll
    2011-06-09 12:21 . 2010-11-09 14:52 200704 -c----w- c:\windows\system32\dllcache\msadox.dll
    2011-06-09 12:21 . 2010-11-09 14:52 143360 -c----w- c:\windows\system32\dllcache\msadco.dll
    2011-06-09 12:21 . 2010-11-09 14:52 102400 -c----w- c:\windows\system32\dllcache\msjro.dll
    2011-06-09 12:21 . 2010-11-09 14:52 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll
    2011-06-09 12:21 . 2010-11-09 14:52 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
    2011-06-09 12:04 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-06-09 12:01 . 2011-06-09 12:01 -------- d-----w- c:\program files\Microsoft Security Client
    2011-06-09 11:31 . 2011-06-09 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
    2011-06-09 11:25 . 2011-06-09 11:25 -------- d-----w- c:\documents and settings\Lennart de Groot\Application Data\AVG10
    2011-06-09 11:23 . 2011-06-09 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
    2011-06-09 11:16 . 2011-06-09 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-06-07 13:53 . 2011-06-07 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Solidshield
    2011-06-07 13:51 . 2011-06-07 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
    2011-06-07 13:51 . 2011-06-07 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\EA Core
    2011-05-30 14:47 . 2011-05-30 14:47 -------- d-----w- c:\documents and settings\Lennart de Groot\Local Settings\Application Data\Ubisoft Game Launcher
    2011-05-21 15:51 . 2011-05-21 15:51 -------- d-----w- c:\documents and settings\Lennart de Groot\Local Settings\Application Data\The Witcher 2
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-18 11:27 . 2010-07-09 11:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-06-03 08:59 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
    2011-06-03 08:59 . 2009-08-18 10:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-05-25 20:16 . 2010-04-12 07:59 140024 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-05-25 20:16 . 2010-04-12 08:15 280768 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2011-05-25 20:16 . 2010-04-12 07:58 280768 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-05-25 20:11 . 2010-04-12 07:58 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2011-04-20 02:41 . 2010-04-10 20:25 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
    2011-04-20 02:38 . 2010-04-10 21:51 311296 ----a-w- c:\windows\system32\atiiiexx.dll
    2011-04-20 02:29 . 2010-04-10 21:51 57344 ----a-w- c:\windows\system32\aticalrt.dll
    2011-04-20 02:29 . 2010-04-10 21:51 53248 ----a-w- c:\windows\system32\aticalcl.dll
    2011-04-20 02:24 . 2010-04-10 21:51 5459968 ----a-w- c:\windows\system32\aticaldd.dll
    2011-04-20 02:14 . 2010-04-10 21:51 17743872 ----a-w- c:\windows\system32\atioglxx.dll
    2011-04-20 02:04 . 2010-04-10 21:51 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-04-20 02:02 . 2010-04-10 20:25 302080 ----a-w- c:\windows\system32\ati2dvag.dll
    2011-04-20 02:01 . 2010-04-10 20:25 4017408 ----a-w- c:\windows\system32\ati3duag.dll
    2011-04-20 01:55 . 2011-03-09 09:15 1115008 ----a-w- c:\windows\system32\ativvamv.dll
    2011-04-20 01:45 . 2010-04-10 20:25 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
    2011-04-20 01:44 . 2010-04-10 21:51 212992 ----a-w- c:\windows\system32\atipdlxx.dll
    2011-04-20 01:44 . 2010-04-10 21:51 155648 ----a-w- c:\windows\system32\Oemdspif.dll
    2011-04-20 01:44 . 2010-04-10 21:51 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
    2011-04-20 01:44 . 2010-04-10 21:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2011-04-20 01:43 . 2010-04-10 21:51 188416 ----a-w- c:\windows\system32\ati2evxx.dll
    2011-04-20 01:42 . 2010-04-10 21:51 643072 ----a-w- c:\windows\system32\ati2evxx.exe
    2011-04-20 01:41 . 2010-04-10 21:51 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
    2011-04-20 01:40 . 2010-04-10 21:51 151552 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-04-20 01:36 . 2010-04-10 21:51 651264 ----a-w- c:\windows\system32\atikvmag.dll
    2011-04-20 01:34 . 2010-04-10 21:51 200704 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-04-20 01:33 . 2010-04-10 21:51 17408 ----a-w- c:\windows\system32\atitvo32.dll
    2011-04-20 01:30 . 2010-04-10 21:51 503808 ----a-w- c:\windows\system32\atiok3x2.dll
    2011-04-20 01:28 . 2010-04-10 20:25 851968 ----a-w- c:\windows\system32\ati2cqag.dll
    2011-04-20 01:27 . 2010-04-10 21:51 64512 ----a-w- c:\windows\system32\atimpc32.dll
    2011-04-20 01:27 . 2010-04-10 21:51 64512 ----a-w- c:\windows\system32\amdpcom32.dll
    2011-04-20 01:26 . 2010-04-10 21:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-04-19 21:10 . 2011-04-19 21:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
    2011-04-19 21:10 . 2011-04-19 21:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
    2011-02-16 22:51 . 2011-02-16 22:52 728858 ----a-w- c:\program files\Common Files\unins000.exe
    2008-03-09 06:25 . 2011-02-16 22:28 236 ----a-w- c:\program files\Common Files\dx.reg
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-06-18_20.36.49 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-06-18 21:44 . 2011-06-18 21:44 16384 c:\windows\Temp\Perflib_Perfdata_f58.dat
    + 2011-06-18 21:44 . 2011-06-18 21:44 16384 c:\windows\Temp\Perflib_Perfdata_710.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="f:\games\steam\steam.exe" [2011-02-25 1242448]
    "SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
    "Grid"="c:\program files\ATI Technologies\HydraVision\HydraGrd.exe" [2010-04-06 385024]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
    "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 868352]
    "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 868352]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "C-Media Mixer"="Mixer.exe" [2003-03-20 1855488]
    "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-12-10 357384]
    "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-12-10 1573384]
    "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-12-10 3203080]
    "RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
    "SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
    "Razer Naga Driver"="c:\program files\Razer\Naga\RazerNagaSysTray.exe" [2011-02-17 953744]
    "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
    "Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-04-19 380416]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Lennart de Groot\Menu Start\Programma's\Opstarten\
    ATI Tray Tools.lnk - c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "f:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
    "f:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "f:\\Games\\Steam\\steam.exe"=
    "f:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "f:\\Program Files\\StarCraft II\\StarCraft II.exe"=
    "f:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
    "f:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "f:\\Program Files\\StarCraft II\\Versions\\Base16755\\SC2.exe"=
    "f:\\Program Files\\StarCraft II\\Versions\\Base16939\\SC2.exe"=
    "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
    "f:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\conviction_game.exe"=
    "f:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\gu.exe"=
    "f:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\UPlayBrowser.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "f:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=
    "f:\\Games\\Steam\\SteamApps\\dark_eye_nl\\counter-strike source\\hl2.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\mass effect 2\\Binaries\\MassEffect2.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\mass effect 2\\MassEffect2Launcher.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\mass effect 2\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
    "f:\\Games\\Steam\\SteamApps\\common\\supreme commander 2\\bin\\SupremeCommander2.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\borderlands\\Binaries\\Borderlands.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javacpl.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\assassins creed\\AssassinsCreed_Game.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\dragon age ultimate edition\\DAOriginsLauncher.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\dragon age ultimate edition\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
    "f:\\Games\\Steam\\SteamApps\\common\\dragon age ultimate edition\\bin_ship\\DAOrigins.exe"=
    "c:\\Program Files\\Mumble\\mumble.exe"=
    "c:\\Program Files\\Mumble\\mumble11x.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\splinter cell - double agent\\SCDALauncher.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\splinter cell - double agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\mass effect\\Binaries\\MassEffect.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\mass effect\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
    "e:\\Program Files\\The Witcher 2\\bin\\witcher2.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOpsMP.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\assassin's creed 2\\AssassinsCreedIIGame.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOps.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\dragon age ii\\DragonAge2Launcher.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\dragon age ii\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
    "f:\\Games\\Steam\\SteamApps\\common\\red faction ii\\Red Faction II.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\red faction guerrilla\\rfg_launcher.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\red faction guerrilla\\rfg.exe"=
    "e:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6112:TCP"= 6112:TCP:WoW Downloader 6112
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "25565:TCP"= 25565:TCP:Minecraft
    "25566:TCP"= 25566:TCP:Minecraft2
    "3389:TCP"= 3389:TCP:Remote Desktop
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    "1040:TCP"= 1040:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15-5-2010 20:04 436792]
    R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [12-4-2010 16:21 17952]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7-9-2001 14:00 14336]
    R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [10-7-2010 21:35 20328]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11-2-2011 15:24 10448]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-6-2011 11:52 366640]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [23-11-2009 17:37 19720]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [12-4-2010 8:44 14856]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-6-2011 11:50 22712]
    R3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [23-2-2011 16:35 103424]
    S1 MpKsl08cddf9a;MpKsl08cddf9a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E8591EE-4FD2-4067-B6C1-C3560203FF35}\MpKsl08cddf9a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E8591EE-4FD2-4067-B6C1-C3560203FF35}\MpKsl08cddf9a.sys [?]
    S1 MpKsl3f8316a1;MpKsl3f8316a1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3C8D7CA-F673-489F-9574-E4A229964C12}\MpKsl3f8316a1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3C8D7CA-F673-489F-9574-E4A229964C12}\MpKsl3f8316a1.sys [?]
    S1 MpKslf962e264;MpKslf962e264;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FDB8B8D-373E-4B57-8872-6ECB23BC3077}\MpKslf962e264.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FDB8B8D-373E-4B57-8872-6ECB23BC3077}\MpKslf962e264.sys [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12-4-2010 14:08 1691480]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [6-10-2010 16:53 16512]
    S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21-5-2008 13:42 64000]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;f:\games\Steam\SteamApps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [6-3-2011 1:51 25832]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [18-6-2011 11:52 39984]
    S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [11-4-2010 12:35 16456]
    S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [11-4-2010 12:35 11088]
    S3 slicedisk.sys;slicedisk.sys;c:\windows\system32\slicedisk.sys [11-4-2010 22:10 8832]
    S3 SliceDisk5;SliceDisk5;\??\c:\program files\A-FF Find and Mount\slicedisk.sys --> c:\program files\A-FF Find and Mount\slicedisk.sys [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-06-18 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
    .
    2011-06-18 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2002-01-01 21:18]
    .
    .
    ------- Bijkomende Scan -------
    .
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://operation7.fiaa.eu/OPLauncher.cab
    FF - ProfilePath - c:\documents and settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.volkskrant.nl
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
    FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-18 23:45
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwEnumerateValueKey, ZwQueryDirectoryFile
    .
    scannen van verborgen processen ...
    .
    scannen van verborgen autostart items ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    9E6XYH0W0DYH3C2EMRAC = c:\iduhsfuisdf\28ED27230B7.exe /q
    .
    scannen van verborgen bestanden ...
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "9E6XYH0W0DYH3C2EMRAC"="c:\\iduhsfuisdf\\28ED27230B7.exe /q"
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-789336058-616249376-725345543-1003\Software\SecuROM\License information*]
    "datasecu"=hex:b2,c1,48,9e,43,18,5a,b2,f6,df,d4,a1,6c,72,ef,d3,a5,27,03,15,7f,
    5c,e7,4f,9f,ac,e4,83,77,ae,ef,80,e3,d4,b7,03,2c,9c,77,83,88,74,c0,7c,25,76,\
    "rkeysecu"=hex:41,0c,08,e9,f6,31,10,b0,48,85,6f,c2,c7,2d,48,08
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------
    .
    - - - - - - - > 'winlogon.exe'(644)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    - - - - - - - > 'explorer.exe'(420)
    c:\program files\ATI Technologies\HydraVision\HydraGH.dll
    c:\windows\system32\msi.dll
    c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\Mixer.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\program files\Creative\Shared Files\CTDevSrv.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\wscntfy.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-06-18 23:46:29 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-06-18 21:46
    ComboFix2.txt 2011-06-18 20:37
    .
    Pre-Run: 46.353.330.176 bytes beschikbaar
    Post-Run: 46.269.267.968 bytes beschikbaar
    .
    - - End Of File - - A16422EDC3DCEDA2CF8FD0D5F9F3FE24
     
  18. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    How is redirection?

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Registry::
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    9E6XYH0W0DYH3C2EMRAC =-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "9E6XYH0W0DYH3C2EMRAC"=-
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  19. Domiro

    Domiro TS Rookie Topic Starter Posts: 22

    ComboFix 11-06-17.04 - Lennart de Groot 19-06-2011 0:16.5.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2601 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Lennart de Groot\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Lennart de Groot\Bureaublad\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-05-18 to 2011-06-18 ))))))))))))))))))))))))))))))
    .
    .
    2011-06-18 21:45 . 2011-06-18 21:45 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
    2011-06-18 21:45 . 2011-06-18 21:45 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
    2011-06-18 21:45 . 2011-06-18 21:45 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
    2011-06-18 21:45 . 2011-06-18 21:45 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
    2011-06-18 21:45 . 2011-06-18 21:45 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
    2011-06-18 21:45 . 2011-06-18 21:45 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
    2011-06-18 21:45 . 2011-06-18 21:45 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
    2011-06-18 21:45 . 2011-06-18 21:45 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
    2011-06-18 21:45 . 2011-06-18 21:45 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
    2011-06-18 21:45 . 2011-06-18 21:45 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
    2011-06-18 21:45 . 2011-06-18 21:45 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
    2011-06-18 21:45 . 2011-06-18 21:45 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
    2011-06-18 21:44 . 2011-06-18 21:44 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
    2011-06-18 21:44 . 2011-06-18 21:44 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
    2011-06-18 21:44 . 2011-06-18 21:44 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
    2011-06-18 21:44 . 2011-06-18 21:44 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
    2011-06-18 21:44 . 2011-06-18 21:44 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
    2011-06-18 20:47 . 2011-05-09 11:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3C8D7CA-F673-489F-9574-E4A229964C12}\mpengine.dll
    2011-06-18 11:27 . 2011-06-18 11:27 -------- d-----w- c:\program files\Common Files\Java
    2011-06-18 11:27 . 2011-06-18 11:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-06-18 11:27 . 2011-06-18 11:27 -------- d-----w- c:\program files\Java
    2011-06-18 09:52 . 2011-06-18 09:52 -------- d-----w- c:\documents and settings\Lennart de Groot\Application Data\Malwarebytes
    2011-06-18 09:52 . 2011-06-18 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-06-18 09:52 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-18 09:50 . 2011-06-18 11:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-18 09:50 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-11 07:49 . 2011-05-09 11:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-06-10 08:16 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-06-10 08:16 . 2010-08-23 16:13 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-06-10 08:16 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-06-10 08:15 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-06-10 08:01 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-06-10 08:01 . 2009-10-15 16:38 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-06-10 08:01 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-06-10 08:01 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2011-06-10 08:01 . 2009-03-06 14:23 285696 -c----w- c:\windows\system32\dllcache\pdh.dll
    2011-06-10 08:01 . 2009-02-09 11:27 111104 -c----w- c:\windows\system32\dllcache\services.exe
    2011-06-10 08:01 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2011-06-10 08:01 . 2009-02-09 10:56 684544 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2011-06-10 08:01 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2011-06-10 08:01 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2011-06-10 08:00 . 2009-06-21 21:49 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2011-06-10 07:59 . 2010-06-14 07:43 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
    2011-06-10 07:59 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2011-06-10 07:58 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
    2011-06-10 07:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2011-06-10 07:53 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-06-10 07:53 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
    2011-06-10 07:51 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-06-10 07:50 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
    2011-06-10 07:19 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-06-10 07:17 . 2009-12-24 07:05 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
    2011-06-10 07:17 . 2010-01-13 14:06 87040 -c----w- c:\windows\system32\dllcache\cabview.dll
    2011-06-10 07:16 . 2011-06-18 11:48 -------- d--h--w- c:\windows\$hf_mig$
    2011-06-10 07:16 . 2010-07-16 11:58 221184 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2011-06-09 12:21 . 2010-11-09 14:52 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll
    2011-06-09 12:21 . 2010-11-09 14:52 200704 -c----w- c:\windows\system32\dllcache\msadox.dll
    2011-06-09 12:21 . 2010-11-09 14:52 143360 -c----w- c:\windows\system32\dllcache\msadco.dll
    2011-06-09 12:21 . 2010-11-09 14:52 102400 -c----w- c:\windows\system32\dllcache\msjro.dll
    2011-06-09 12:21 . 2010-11-09 14:52 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll
    2011-06-09 12:21 . 2010-11-09 14:52 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
    2011-06-09 12:04 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-06-09 12:01 . 2011-06-09 12:01 -------- d-----w- c:\program files\Microsoft Security Client
    2011-06-09 11:31 . 2011-06-09 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
    2011-06-09 11:25 . 2011-06-09 11:25 -------- d-----w- c:\documents and settings\Lennart de Groot\Application Data\AVG10
    2011-06-09 11:23 . 2011-06-09 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
    2011-06-09 11:16 . 2011-06-09 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-06-07 13:53 . 2011-06-07 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Solidshield
    2011-06-07 13:51 . 2011-06-07 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
    2011-06-07 13:51 . 2011-06-07 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\EA Core
    2011-05-30 14:47 . 2011-05-30 14:47 -------- d-----w- c:\documents and settings\Lennart de Groot\Local Settings\Application Data\Ubisoft Game Launcher
    2011-05-21 15:51 . 2011-05-21 15:51 -------- d-----w- c:\documents and settings\Lennart de Groot\Local Settings\Application Data\The Witcher 2
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-18 11:27 . 2010-07-09 11:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-06-03 08:59 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
    2011-06-03 08:59 . 2009-08-18 10:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-05-25 20:16 . 2010-04-12 07:59 140024 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-05-25 20:16 . 2010-04-12 08:15 280768 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2011-05-25 20:16 . 2010-04-12 07:58 280768 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-05-25 20:11 . 2010-04-12 07:58 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2011-04-20 02:41 . 2010-04-10 20:25 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
    2011-04-20 02:38 . 2010-04-10 21:51 311296 ----a-w- c:\windows\system32\atiiiexx.dll
    2011-04-20 02:29 . 2010-04-10 21:51 57344 ----a-w- c:\windows\system32\aticalrt.dll
    2011-04-20 02:29 . 2010-04-10 21:51 53248 ----a-w- c:\windows\system32\aticalcl.dll
    2011-04-20 02:24 . 2010-04-10 21:51 5459968 ----a-w- c:\windows\system32\aticaldd.dll
    2011-04-20 02:14 . 2010-04-10 21:51 17743872 ----a-w- c:\windows\system32\atioglxx.dll
    2011-04-20 02:04 . 2010-04-10 21:51 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-04-20 02:02 . 2010-04-10 20:25 302080 ----a-w- c:\windows\system32\ati2dvag.dll
    2011-04-20 02:01 . 2010-04-10 20:25 4017408 ----a-w- c:\windows\system32\ati3duag.dll
    2011-04-20 01:55 . 2011-03-09 09:15 1115008 ----a-w- c:\windows\system32\ativvamv.dll
    2011-04-20 01:45 . 2010-04-10 20:25 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
    2011-04-20 01:44 . 2010-04-10 21:51 212992 ----a-w- c:\windows\system32\atipdlxx.dll
    2011-04-20 01:44 . 2010-04-10 21:51 155648 ----a-w- c:\windows\system32\Oemdspif.dll
    2011-04-20 01:44 . 2010-04-10 21:51 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
    2011-04-20 01:44 . 2010-04-10 21:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2011-04-20 01:43 . 2010-04-10 21:51 188416 ----a-w- c:\windows\system32\ati2evxx.dll
    2011-04-20 01:42 . 2010-04-10 21:51 643072 ----a-w- c:\windows\system32\ati2evxx.exe
    2011-04-20 01:41 . 2010-04-10 21:51 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
    2011-04-20 01:40 . 2010-04-10 21:51 151552 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-04-20 01:36 . 2010-04-10 21:51 651264 ----a-w- c:\windows\system32\atikvmag.dll
    2011-04-20 01:34 . 2010-04-10 21:51 200704 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-04-20 01:33 . 2010-04-10 21:51 17408 ----a-w- c:\windows\system32\atitvo32.dll
    2011-04-20 01:30 . 2010-04-10 21:51 503808 ----a-w- c:\windows\system32\atiok3x2.dll
    2011-04-20 01:28 . 2010-04-10 20:25 851968 ----a-w- c:\windows\system32\ati2cqag.dll
    2011-04-20 01:27 . 2010-04-10 21:51 64512 ----a-w- c:\windows\system32\atimpc32.dll
    2011-04-20 01:27 . 2010-04-10 21:51 64512 ----a-w- c:\windows\system32\amdpcom32.dll
    2011-04-20 01:26 . 2010-04-10 21:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-04-19 21:10 . 2011-04-19 21:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
    2011-04-19 21:10 . 2011-04-19 21:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
    2011-02-16 22:51 . 2011-02-16 22:52 728858 ----a-w- c:\program files\Common Files\unins000.exe
    2008-03-09 06:25 . 2011-02-16 22:28 236 ----a-w- c:\program files\Common Files\dx.reg
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-06-18_20.36.49 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-06-18 21:44 . 2011-06-18 21:44 16384 c:\windows\Temp\Perflib_Perfdata_f58.dat
    + 2011-06-18 21:44 . 2011-06-18 21:44 16384 c:\windows\Temp\Perflib_Perfdata_710.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="f:\games\steam\steam.exe" [2011-02-25 1242448]
    "SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
    "Grid"="c:\program files\ATI Technologies\HydraVision\HydraGrd.exe" [2010-04-06 385024]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
    "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 868352]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "C-Media Mixer"="Mixer.exe" [2003-03-20 1855488]
    "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-12-10 357384]
    "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-12-10 1573384]
    "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-12-10 3203080]
    "RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
    "SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
    "Razer Naga Driver"="c:\program files\Razer\Naga\RazerNagaSysTray.exe" [2011-02-17 953744]
    "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
    "Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-04-19 380416]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Lennart de Groot\Menu Start\Programma's\Opstarten\
    ATI Tray Tools.lnk - c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "f:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
    "f:\\Program Files\\World of Warcraft\\Launcher.exe"=
    "f:\\Games\\Steam\\steam.exe"=
    "f:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "f:\\Program Files\\StarCraft II\\StarCraft II.exe"=
    "f:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
    "f:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "f:\\Program Files\\StarCraft II\\Versions\\Base16755\\SC2.exe"=
    "f:\\Program Files\\StarCraft II\\Versions\\Base16939\\SC2.exe"=
    "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
    "f:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\conviction_game.exe"=
    "f:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\gu.exe"=
    "f:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\UPlayBrowser.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "f:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=
    "f:\\Games\\Steam\\SteamApps\\dark_eye_nl\\counter-strike source\\hl2.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\mass effect 2\\Binaries\\MassEffect2.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\mass effect 2\\MassEffect2Launcher.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\mass effect 2\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
    "f:\\Games\\Steam\\SteamApps\\common\\supreme commander 2\\bin\\SupremeCommander2.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\borderlands\\Binaries\\Borderlands.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javacpl.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\assassins creed\\AssassinsCreed_Game.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\dragon age ultimate edition\\DAOriginsLauncher.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\dragon age ultimate edition\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
    "f:\\Games\\Steam\\SteamApps\\common\\dragon age ultimate edition\\bin_ship\\DAOrigins.exe"=
    "c:\\Program Files\\Mumble\\mumble.exe"=
    "c:\\Program Files\\Mumble\\mumble11x.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\splinter cell - double agent\\SCDALauncher.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\splinter cell - double agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\mass effect\\Binaries\\MassEffect.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\mass effect\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
    "e:\\Program Files\\The Witcher 2\\bin\\witcher2.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOpsMP.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\assassin's creed 2\\AssassinsCreedIIGame.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOps.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\dragon age ii\\DragonAge2Launcher.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\dragon age ii\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
    "f:\\Games\\Steam\\SteamApps\\common\\red faction ii\\Red Faction II.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\red faction guerrilla\\rfg_launcher.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\red faction guerrilla\\rfg.exe"=
    "e:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"=
    "f:\\Games\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6112:TCP"= 6112:TCP:WoW Downloader 6112
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
    "25565:TCP"= 25565:TCP:Minecraft
    "25566:TCP"= 25566:TCP:Minecraft2
    "3389:TCP"= 3389:TCP:Remote Desktop
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    "2015:TCP"= 2015:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15-5-2010 20:04 436792]
    R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [12-4-2010 16:21 17952]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7-9-2001 14:00 14336]
    R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [10-7-2010 21:35 20328]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11-2-2011 15:24 10448]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-6-2011 11:52 366640]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [23-11-2009 17:37 19720]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [12-4-2010 8:44 14856]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-6-2011 11:50 22712]
    R3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [23-2-2011 16:35 103424]
    S1 MpKsl08cddf9a;MpKsl08cddf9a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E8591EE-4FD2-4067-B6C1-C3560203FF35}\MpKsl08cddf9a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E8591EE-4FD2-4067-B6C1-C3560203FF35}\MpKsl08cddf9a.sys [?]
    S1 MpKsl3f8316a1;MpKsl3f8316a1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3C8D7CA-F673-489F-9574-E4A229964C12}\MpKsl3f8316a1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3C8D7CA-F673-489F-9574-E4A229964C12}\MpKsl3f8316a1.sys [?]
    S1 MpKslf962e264;MpKslf962e264;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FDB8B8D-373E-4B57-8872-6ECB23BC3077}\MpKslf962e264.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FDB8B8D-373E-4B57-8872-6ECB23BC3077}\MpKslf962e264.sys [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12-4-2010 14:08 1691480]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [6-10-2010 16:53 16512]
    S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21-5-2008 13:42 64000]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;f:\games\Steam\SteamApps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [6-3-2011 1:51 25832]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [18-6-2011 11:52 39984]
    S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [11-4-2010 12:35 16456]
    S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [11-4-2010 12:35 11088]
    S3 slicedisk.sys;slicedisk.sys;c:\windows\system32\slicedisk.sys [11-4-2010 22:10 8832]
    S3 SliceDisk5;SliceDisk5;\??\c:\program files\A-FF Find and Mount\slicedisk.sys --> c:\program files\A-FF Find and Mount\slicedisk.sys [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-06-18 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
    .
    2011-06-18 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2002-01-01 21:18]
    .
    .
    ------- Bijkomende Scan -------
    .
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://operation7.fiaa.eu/OPLauncher.cab
    FF - ProfilePath - c:\documents and settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.volkskrant.nl
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
    FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-19 00:20
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen ...
    .
    scannen van verborgen autostart items ...
    .
    scannen van verborgen bestanden ...
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-789336058-616249376-725345543-1003\Software\SecuROM\License information*]
    "datasecu"=hex:b2,c1,48,9e,43,18,5a,b2,f6,df,d4,a1,6c,72,ef,d3,a5,27,03,15,7f,
    5c,e7,4f,9f,ac,e4,83,77,ae,ef,80,e3,d4,b7,03,2c,9c,77,83,88,74,c0,7c,25,76,\
    "rkeysecu"=hex:41,0c,08,e9,f6,31,10,b0,48,85,6f,c2,c7,2d,48,08
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------
    .
    - - - - - - - > 'winlogon.exe'(644)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    - - - - - - - > 'explorer.exe'(852)
    c:\program files\ATI Technologies\HydraVision\HydraGH.dll
    c:\windows\system32\msi.dll
    c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Voltooingstijd: 2011-06-19 00:20:47
    ComboFix-quarantined-files.txt 2011-06-18 22:20
    ComboFix2.txt 2011-06-18 21:46
    ComboFix3.txt 2011-06-18 20:37
    .
    Pre-Run: 46.289.944.576 bytes beschikbaar
    Post-Run: 46.273.019.904 bytes beschikbaar
    .
    - - End Of File - - FFA2359C866DA69AF38B6033C98E4577
     
  20. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Well done :)

    You didn't say:
    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  21. Domiro

    Domiro TS Rookie Topic Starter Posts: 22

    After having ComboFix run for the first time redirection went fine. After having it run with the added notepad files google redirects to other sites again. It runs smoother though, boots up quicker and some minor things (Like the double quote issue) are resolved.


    Log;

    OTL logfile created on: 19-6-2011 0:34:20 - Run 1
    OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Lennart de Groot\Bureaublad
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3,25 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 75,33% Memory free
    5,09 Gb Paging File | 4,28 Gb Available in Paging File | 84,04% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 128,00 Gb Total Space | 43,12 Gb Free Space | 33,69% Space Free | Partition Type: NTFS
    Drive D: | 7,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
    Drive E: | 195,30 Gb Total Space | 79,38 Gb Free Space | 40,64% Space Free | Partition Type: NTFS
    Drive F: | 272,87 Gb Total Space | 55,73 Gb Free Space | 20,42% Space Free | Partition Type: NTFS

    Computer Name: LENNART | User Name: Lennart de Groot | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011-06-19 00:32:41 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\OTL.exe
    PRC - [2011-05-29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011-04-30 13:52:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2011-02-25 22:56:44 | 001,242,448 | ---- | M] (Valve Corporation) -- F:\Games\Steam\steam.exe
    PRC - [2010-11-30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2010-11-11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010-04-06 19:21:22 | 000,385,024 | ---- | M] () -- C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe
    PRC - [2009-12-10 10:27:26 | 000,357,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    PRC - [2009-12-10 10:25:16 | 003,203,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    PRC - [2009-12-10 10:00:42 | 001,573,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    PRC - [2009-04-23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
    PRC - [2008-04-14 22:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007-05-30 14:52:32 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    PRC - [2007-04-02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    PRC - [2003-03-20 09:21:00 | 001,855,488 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe


    ========== Modules (SafeList) ==========

    MOD - [2011-06-19 00:32:41 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\OTL.exe
    MOD - [2010-08-23 18:13:25 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2010-04-06 19:21:12 | 000,241,664 | ---- | M] (AMD) -- C:\Program Files\ATI Technologies\HydraVision\HydraGH.dll
    MOD - [2009-08-29 18:09:14 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.dll
    MOD - [2008-05-15 16:12:33 | 000,065,536 | ---- | M] (Stardock.net, Inc) -- C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011-06-16 09:12:28 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll -- (Akamai)
    SRV - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011-03-06 01:51:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- f:\Games\Steam\SteamApps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
    SRV - [2010-11-11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2008-05-21 13:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
    SRV - [2007-04-02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011-05-29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2011-05-29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011-04-20 04:41:56 | 006,537,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2010-12-16 10:23:14 | 000,103,424 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RzSynapse.sys -- (RzSynapse)
    DRV - [2010-12-07 18:50:26 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010-07-09 13:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
    DRV - [2010-04-07 01:42:12 | 000,095,232 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV - [2010-04-06 18:13:04 | 005,912,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2010-03-18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2010-03-18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2010-03-18 11:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
    DRV - [2010-01-27 11:05:00 | 004,078,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
    DRV - [2009-12-21 20:39:14 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
    DRV - [2009-12-21 20:39:12 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
    DRV - [2009-11-23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGVirHid.sys -- (LGVirHid)
    DRV - [2009-11-23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGBusEnum.sys -- (LGBusEnum)
    DRV - [2009-11-18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2009-11-18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2008-04-14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2007-11-05 09:55:04 | 000,017,952 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys -- (atitray)
    DRV - [2007-05-31 19:13:48 | 000,008,832 | ---- | M] (Atola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\slicedisk.sys -- (slicedisk.sys)
    DRV - [2006-11-10 15:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
    DRV - [2002-11-18 10:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
    DRV - [2002-07-17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
    DRV - [2001-08-17 22:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029) NT-stuurprogramma voor Realtek RTL8029(AS)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-789336058-616249376-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.volkskrant.nl"
    FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-05-18 19:46:08 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-18 13:19:02 | 000,000,000 | ---D | M]

    [2011-03-03 17:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Extensions
    [2011-03-03 17:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
    [2011-06-18 21:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions
    [2011-03-06 10:24:30 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2011-03-06 10:24:30 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
    [2011-03-06 10:24:29 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    [2011-06-16 09:28:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions\Access Privileges Test
    [2011-03-25 14:31:28 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions\battlefieldplay4free@ea.com
    [2011-03-06 10:24:31 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions\nasanightlaunch@example.com
    [2011-06-18 21:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010-07-09 13:56:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2011-06-18 13:27:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011-06-18 13:27:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2002-01-01 08:55:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011-06-18 13:27:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010-12-10 21:13:35 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
    [2010-12-10 21:13:35 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
    [2010-12-10 21:13:35 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
    [2010-12-10 21:13:35 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
    [2010-12-10 21:13:35 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

    O1 HOSTS File: ([2011-06-18 23:42:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
    O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
    O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
    O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-789336058-616249376-725345543-1003..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
    O4 - HKU\S-1-5-21-789336058-616249376-725345543-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-789336058-616249376-725345543-1003..\Run: [Grid] C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe ()
    O4 - HKU\S-1-5-21-789336058-616249376-725345543-1003..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-789336058-616249376-725345543-1003..\Run: [Steam] F:\games\steam\steam.exe (Valve Corporation)
    O4 - Startup: C:\Documents and Settings\Lennart de Groot\Menu Start\Programma's\Opstarten\ATI Tray Tools.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-789336058-616249376-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-789336058-616249376-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-789336058-616249376-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-789336058-616249376-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} http://operation7.fiaa.eu/OPLauncher.cab (Perparer Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
    O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Lennart de Groot\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lennart de Groot\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010-04-10 21:43:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (5599091165757440)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011-06-19 00:32:38 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\OTL.exe
    [2011-06-18 22:00:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011-06-18 21:57:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011-06-18 21:57:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011-06-18 21:57:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011-06-18 21:57:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011-06-18 21:57:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011-06-18 21:57:48 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011-06-18 21:52:06 | 004,130,419 | R--- | C] (Swearware) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\ComboFix.exe
    [2011-06-18 21:13:10 | 000,581,120 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\aswMBR.exe
    [2011-06-18 13:44:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lennart de Groot\Menu Start\Programma's\Systeembeheer
    [2011-06-18 13:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011-06-18 13:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2011-06-18 13:09:55 | 012,557,920 | ---- | C] (Foxit Corporation ) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\FoxitReader501.0523_enu_Setup.exe
    [2011-06-18 11:57:43 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\spybotsd162.exe
    [2011-06-18 11:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Application Data\Malwarebytes
    [2011-06-18 11:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware
    [2011-06-18 11:52:40 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011-06-18 11:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011-06-18 11:50:59 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011-06-18 11:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011-06-18 11:49:37 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\dds.scr
    [2011-06-18 11:48:51 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\mbam-setup-1.51.0.1200.exe
    [2011-06-10 09:17:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
    [2011-06-10 09:16:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
    [2011-06-09 14:01:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
    [2011-06-09 14:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2011-06-09 13:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Nieuwe map
    [2011-06-09 13:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
    [2011-06-09 13:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Application Data\AVG10
    [2011-06-09 13:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2011-06-09 13:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011-06-07 15:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Mijn documenten\Crysis2
    [2011-06-07 15:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Solidshield
    [2011-06-07 15:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
    [2011-06-07 15:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EA Core
    [2011-05-30 16:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Local Settings\Application Data\Ubisoft Game Launcher
    [2011-05-24 22:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Mijn documenten\My Cheat Tables
    [2011-05-21 17:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Mijn documenten\Witcher 2
    [2011-05-21 17:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Local Settings\Application Data\The Witcher 2
    [2011-05-21 17:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\The Witcher 2
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011-06-19 00:32:41 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\OTL.exe
    [2011-06-18 23:47:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011-06-18 23:42:46 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
    [2011-06-18 23:42:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011-06-18 23:42:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011-06-18 22:00:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011-06-18 21:52:37 | 004,130,419 | R--- | M] (Swearware) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\ComboFix.exe
    [2011-06-18 21:17:06 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\MBR.dat
    [2011-06-18 21:14:28 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\RKUnhookerLE.EXE
    [2011-06-18 21:14:07 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\MBR.dat
    [2011-06-18 21:13:11 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\aswMBR.exe
    [2011-06-18 13:10:57 | 012,557,920 | ---- | M] (Foxit Corporation ) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\FoxitReader501.0523_enu_Setup.exe
    [2011-06-18 11:58:25 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\spybotsd162.exe
    [2011-06-18 11:52:41 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
    [2011-06-18 11:50:22 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\mbam-setup-1.51.0.1200.exe
    [2011-06-18 11:49:40 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\dds.scr
    [2011-06-18 11:49:20 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe
    [2011-06-18 10:15:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011-06-15 08:07:56 | 000,499,226 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
    [2011-06-15 08:07:56 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011-06-15 08:07:56 | 000,086,256 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
    [2011-06-15 08:07:56 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011-06-14 21:46:11 | 000,000,322 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Warriors_Archery_and_Dual_Weapon-2340-1.zip
    [2011-06-14 21:45:26 | 000,001,287 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Level_Cap_50-2844-1-02.rar
    [2011-06-14 21:41:59 | 000,038,284 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Ability_Restrictions_Removal-2213-1-1.rar
    [2011-06-10 11:47:54 | 004,261,556 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Duran Duran - The Reflex.mp3
    [2011-06-09 14:33:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat
    [2011-06-09 14:02:00 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2011-05-29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011-05-29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011-05-25 22:16:26 | 000,140,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2011-05-25 22:16:18 | 000,280,768 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
    [2011-05-25 22:11:26 | 000,266,400 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011-06-18 22:00:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011-06-18 22:00:49 | 000,261,936 | RHS- | C] () -- C:\cmldr
    [2011-06-18 21:57:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011-06-18 21:57:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011-06-18 21:57:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011-06-18 21:57:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011-06-18 21:57:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011-06-18 21:17:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\MBR.dat
    [2011-06-18 21:14:25 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\RKUnhookerLE.EXE
    [2011-06-18 21:14:07 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\MBR.dat
    [2011-06-18 11:52:41 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
    [2011-06-18 11:49:16 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe
    [2011-06-14 21:46:10 | 000,000,322 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Warriors_Archery_and_Dual_Weapon-2340-1.zip
    [2011-06-14 21:45:26 | 000,001,287 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Level_Cap_50-2844-1-02.rar
    [2011-06-14 21:41:59 | 000,038,284 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Ability_Restrictions_Removal-2213-1-1.rar
    [2011-06-10 11:47:11 | 004,261,556 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Duran Duran - The Reflex.mp3
    [2011-06-09 14:06:32 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011-06-09 13:53:36 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
    [2011-04-19 23:10:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
    [2011-03-03 18:57:56 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2011-03-03 18:57:56 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2011-02-28 02:31:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat
    [2011-02-17 00:52:24 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\M2000Twn.dll
    [2011-02-17 00:52:23 | 000,728,858 | ---- | C] () -- C:\Program Files\Common Files\unins000.exe
    [2011-02-17 00:52:23 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\CompressATI2.dll
    [2011-02-17 00:52:23 | 000,003,054 | ---- | C] () -- C:\Program Files\Common Files\unins000.dat
    [2011-02-17 00:39:44 | 000,025,037 | ---- | C] () -- C:\WINDOWS\System32\Nucleus.dll
    [2011-02-17 00:28:39 | 000,124,931 | ---- | C] () -- C:\WINDOWS\System32\dxgi.dll
    [2011-02-17 00:28:39 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg
    [2011-02-17 00:28:38 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
    [2011-02-17 00:28:38 | 000,716,153 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
    [2011-02-17 00:28:38 | 000,182,275 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
    [2011-02-17 00:28:38 | 000,007,871 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
    [2010-11-04 20:01:05 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
    [2010-11-04 20:01:05 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
    [2010-11-04 20:01:05 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2010-11-04 20:01:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
    [2010-10-14 02:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
    [2010-05-15 19:45:44 | 002,373,712 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
    [2010-05-01 09:09:50 | 003,494,576 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
    [2010-04-12 16:21:38 | 000,472,576 | ---- | C] () -- C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
    [2010-04-12 16:21:01 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2010-04-12 15:06:37 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\atiamdag.dat
    [2010-04-12 09:59:02 | 000,140,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2010-04-12 09:59:02 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Application Data\PnkBstrK.sys
    [2010-04-12 09:58:33 | 000,280,768 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
    [2010-04-12 09:58:32 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
    [2010-04-12 09:58:32 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
    [2010-04-12 08:39:26 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010-04-11 22:47:44 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010-04-11 12:35:24 | 000,461,368 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
    [2010-04-11 12:35:23 | 000,016,456 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
    [2010-04-11 12:35:23 | 000,011,088 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
    [2010-04-10 23:51:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2010-04-10 23:51:11 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
    [2010-04-10 23:51:10 | 000,233,012 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2010-04-10 23:51:10 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
    [2010-04-10 23:35:20 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010-04-10 23:33:34 | 000,135,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010-04-10 22:38:28 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
    [2010-04-10 22:01:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010-04-10 22:00:18 | 000,039,279 | ---- | C] () -- C:\WINDOWS\cmijack.dat
    [2010-04-10 22:00:18 | 000,023,041 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
    [2010-04-10 22:00:18 | 000,018,442 | ---- | C] () -- C:\WINDOWS\cmijack.ini
    [2010-04-10 22:00:18 | 000,016,271 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
    [2010-04-10 22:00:18 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
    [2010-04-10 22:00:18 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
    [2010-04-10 21:44:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010-04-10 21:41:37 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2006-11-10 15:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
    [2004-08-02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2001-09-07 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001-09-07 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2001-09-07 14:00:00 | 000,499,226 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
    [2001-09-07 14:00:00 | 000,432,492 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2001-09-07 14:00:00 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
    [2001-09-07 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2001-09-07 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2001-09-07 14:00:00 | 000,086,256 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
    [2001-09-07 14:00:00 | 000,067,448 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2001-09-07 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2001-09-07 14:00:00 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
    [2001-09-07 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2001-09-07 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2001-09-07 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2001-09-07 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

    ========== LOP Check ==========

    [2011-06-09 14:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2011-06-09 13:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2011-03-06 13:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
    [2011-03-14 17:13:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010-05-15 20:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2011-06-07 15:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
    [2011-06-07 15:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
    [2010-12-07 21:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2011-06-09 13:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011-06-07 15:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
    [2011-03-04 02:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011-02-25 22:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle
    [2011-03-14 20:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
    [2011-03-04 01:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
    [2010-04-12 22:40:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{26D901A1-2540-4430-81DC-0317F01BD7BE}
    [2011-03-03 19:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010-04-12 09:25:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
    [2010-04-12 22:40:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BF1E655E-0210-4F9E-BE22-94A9069BF84B}
    [2011-03-03 17:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{F0489EF2-D393-4114-85BA-A94D71D89543}
    [2010-04-12 22:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{F40E9D30-5DFC-4B21-BFDB-A5CDEE6440A6}
    [2011-04-23 22:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\.minecraft
    [2010-11-04 19:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Aura4You
    [2011-06-09 13:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\AVG10
    [2011-02-18 10:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Belastingdienst
    [2010-04-14 19:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Command and Conquer 4
    [2010-05-15 20:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\DAEMON Tools Lite
    [2010-11-04 20:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\DataCast
    [2010-04-30 23:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\FreeAudioPack
    [2011-02-17 00:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\GetRightToGo
    [2011-03-16 12:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\gtk-2.0
    [2011-06-09 14:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\id Software
    [2011-01-18 16:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\IrfanView
    [2010-04-13 15:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Leadertech
    [2010-05-25 14:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\LG Electronics
    [2011-06-18 00:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Mumble
    [2010-07-04 21:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\NCH Swift Sound
    [2010-04-28 22:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Notepad++
    [2010-06-24 19:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\OpenOffice.org
    [2011-03-03 17:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Philips-Songbird
    [2011-06-09 14:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\SWF.max
    [2010-11-18 01:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\TS3Client
    [2011-03-31 23:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Tunngle
    [2011-05-30 16:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Ubisoft
    [2011-06-06 20:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\uTorrent
    [2011-03-04 01:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\WindSolutions
    [2011-06-18 23:47:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2011-06-18 23:42:46 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010-04-10 21:43:38 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011-01-02 11:58:56 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011-06-18 22:00:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2001-09-07 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
    [2004-08-03 23:00:14 | 000,261,936 | RHS- | M] () -- C:\cmldr
    [2011-06-19 00:20:47 | 000,027,105 | ---- | M] () -- C:\ComboFix.txt
    [2010-04-10 21:43:38 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010-04-10 21:43:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010-04-10 21:43:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010-04-10 22:23:57 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010-04-10 22:30:50 | 000,251,712 | RHS- | M] () -- C:\ntldr
    [2011-06-18 23:42:22 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2011-05-20 08:10:19 | 000,023,344 | ---- | M] () -- C:\wmdm.log

    < %systemroot%\Fonts\*.com >
    [2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2010-04-10 21:43:27 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008-07-06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008-07-06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2010-04-10 23:32:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2010-04-10 23:32:31 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2010-04-10 23:32:31 | 000,458,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010-04-10 21:47:35 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureaublad weergeven.scf
    [2010-04-10 22:38:18 | 000,000,189 | -HS- | M] () -- C:\Documents and Settings\Lennart de Groot\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >
    [2008-03-09 08:25:10 | 000,000,236 | ---- | M] () -- C:\Program Files\Common Files\dx.reg
    [2011-02-17 00:52:26 | 000,003,054 | ---- | M] () -- C:\Program Files\Common Files\unins000.dat
    [2011-02-17 00:51:50 | 000,728,858 | ---- | M] () -- C:\Program Files\Common Files\unins000.exe

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >
     
  22. Domiro

    Domiro TS Rookie Topic Starter Posts: 22

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    Radeon Omega Drivers v4.8.442 Uninstall.exe

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011-06-19 00:20:58 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2005-01-28 13:44:28 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2001-05-02 15:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
    [2008-04-14 22:32:24 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004-07-17 11:41:10 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2001-03-07 06:00:26 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2001-05-29 12:38:10 | 000,000,958 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2008-05-02 16:05:59 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008-04-13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008-04-14 22:33:08 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2001-02-01 06:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
    [2001-08-01 21:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
    [2004-07-17 11:41:10 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004-07-17 11:41:10 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004-07-17 11:41:10 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2000-12-05 13:10:32 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004-07-17 11:35:48 | 000,118,265 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8D65F32
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96D0C06F

    < End of report >


    OTL Extras logfile created on: 19-6-2011 0:34:20 - Run 1
    OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Lennart de Groot\Bureaublad
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3,25 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 75,33% Memory free
    5,09 Gb Paging File | 4,28 Gb Available in Paging File | 84,04% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 128,00 Gb Total Space | 43,12 Gb Free Space | 33,69% Space Free | Partition Type: NTFS
    Drive D: | 7,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
    Drive E: | 195,30 Gb Total Space | 79,38 Gb Free Space | 40,64% Space Free | Partition Type: NTFS
    Drive F: | 272,87 Gb Total Space | 55,73 Gb Free Space | 20,42% Space Free | Partition Type: NTFS

    Computer Name: LENNART | User Name: Lennart de Groot | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-789336058-616249376-725345543-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
    "65533:TCP" = 65533:TCP:*:Enabled:Services
    "52344:TCP" = 52344:TCP:*:Enabled:Services

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "6112:TCP" = 6112:TCP:*:Enabled:WoW Downloader 6112
    "3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
    "25565:TCP" = 25565:TCP:*:Enabled:Minecraft
    "25566:TCP" = 25566:TCP:*:Enabled:Minecraft2
    "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
    "65533:TCP" = 65533:TCP:*:Enabled:Services
    "52344:TCP" = 52344:TCP:*:Enabled:Services
    "2015:TCP" = 2015:TCP:*:Enabled:Akamai NetSession Interface
    "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "F:\Games\Steam\SteamApps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe" = F:\Games\Steam\SteamApps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
    "F:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe" = F:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
    "F:\Program Files\World of Warcraft\Launcher.exe" = F:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
    "F:\Games\Steam\steam.exe" = F:\Games\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "F:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe" = F:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
    "F:\Program Files\StarCraft II\StarCraft II.exe" = F:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
    "F:\Program Files\StarCraft II\Versions\Base15405\SC2.exe" = F:\Program Files\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
    "F:\Program Files\World of Warcraft\BackgroundDownloader.exe" = F:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:BackgroundDownloader.exe -- (Blizzard Entertainment)
    "F:\Program Files\StarCraft II\Versions\Base16755\SC2.exe" = F:\Program Files\StarCraft II\Versions\Base16755\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
    "F:\Program Files\StarCraft II\Versions\Base16939\SC2.exe" = F:\Program Files\StarCraft II\Versions\Base16939\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
    "C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()
    "F:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe" = F:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction -- ()
    "F:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe" = F:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction Update -- (Ubisoft)
    "F:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\UPlayBrowser.exe" = F:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\UPlayBrowser.exe:*:Enabled:UPlayBrowser Application -- (Ubisoft Entertainment)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "F:\Program Files\StarCraft II\Versions\Base17326\SC2.exe" = F:\Program Files\StarCraft II\Versions\Base17326\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
    "F:\Games\Steam\SteamApps\dark_eye_nl\counter-strike source\hl2.exe" = F:\Games\Steam\SteamApps\dark_eye_nl\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
    "F:\Games\Steam\SteamApps\common\mass effect 2\Binaries\MassEffect2.exe" = F:\Games\Steam\SteamApps\common\mass effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 -- (BioWare)
    "F:\Games\Steam\SteamApps\common\mass effect 2\MassEffect2Launcher.exe" = F:\Games\Steam\SteamApps\common\mass effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 -- (BioWare)
    "F:\Games\Steam\SteamApps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm" = F:\Games\Steam\SteamApps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Mass Effect 2 -- ()
    "F:\Games\Steam\SteamApps\common\supreme commander 2\bin\SupremeCommander2.exe" = F:\Games\Steam\SteamApps\common\supreme commander 2\bin\SupremeCommander2.exe:*:Enabled:Supreme Commander 2 -- (Gas Powered Games)
    "F:\Games\Steam\SteamApps\common\borderlands\Binaries\Borderlands.exe" = F:\Games\Steam\SteamApps\common\borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- (Take-Two Interactive Software, Inc.)
    "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:java.exe -- (Sun Microsystems, Inc.)
    "C:\Program Files\Java\jre6\bin\javaws.exe" = C:\Program Files\Java\jre6\bin\javaws.exe:*:Enabled:javaws.exe -- (Sun Microsystems, Inc.)
    "C:\Program Files\Java\jre6\bin\javacpl.exe" = C:\Program Files\Java\jre6\bin\javacpl.exe:*:Enabled:javacpl.exe -- (Sun Microsystems, Inc.)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "F:\Games\Steam\SteamApps\common\assassins creed\AssassinsCreed_Game.exe" = F:\Games\Steam\SteamApps\common\assassins creed\AssassinsCreed_Game.exe:*:Enabled:Assassin's Creed -- (Ubisoft)
    "F:\Games\Steam\SteamApps\common\dragon age ultimate edition\DAOriginsLauncher.exe" = F:\Games\Steam\SteamApps\common\dragon age ultimate edition\DAOriginsLauncher.exe:*:Enabled:Dragon Age: Origins - Ultimate Edition -- (BioWare)
    "F:\Games\Steam\SteamApps\common\dragon age ultimate edition\docs\EA Help\Electronic_Arts_Technical_Support.htm" = F:\Games\Steam\SteamApps\common\dragon age ultimate edition\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Dragon Age: Origins - Ultimate Edition -- ()
    "F:\Games\Steam\SteamApps\common\dragon age ultimate edition\bin_ship\DAOrigins.exe" = F:\Games\Steam\SteamApps\common\dragon age ultimate edition\bin_ship\DAOrigins.exe:*:Enabled:Dragon Age: Origins -- (BioWare)
    "C:\Program Files\Mumble\mumble.exe" = C:\Program Files\Mumble\mumble.exe:*:Enabled:Mumble -- (Thorvald Natvig)
    "C:\Program Files\Mumble\mumble11x.exe" = C:\Program Files\Mumble\mumble11x.exe:*:Enabled:Mumble (Backwards Compatible) -- (Thorvald Natvig)
    "F:\Games\Steam\SteamApps\common\splinter cell - double agent\SCDALauncher.exe" = F:\Games\Steam\SteamApps\common\splinter cell - double agent\SCDALauncher.exe:*:Enabled:Tom Clancy's Splinter Cell: Double Agent -- ()
    "F:\Games\Steam\SteamApps\common\splinter cell - double agent\SCDA-Offline\System\SplinterCell4.exe" = F:\Games\Steam\SteamApps\common\splinter cell - double agent\SCDA-Offline\System\SplinterCell4.exe:*:Enabled:SplinterCell4 -- ()
    "F:\Games\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = F:\Games\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
    "F:\Games\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = F:\Games\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
    "F:\Games\Steam\SteamApps\common\mass effect\Binaries\MassEffect.exe" = F:\Games\Steam\SteamApps\common\mass effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect -- (BioWare)
    "F:\Games\Steam\SteamApps\common\mass effect\docs\EA Help\Electronic_Arts_Technical_Support.htm" = F:\Games\Steam\SteamApps\common\mass effect\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Mass Effect -- ()
    "E:\Program Files\The Witcher 2\bin\witcher2.exe" = E:\Program Files\The Witcher 2\bin\witcher2.exe:*:Enabled:The Witcher 2: Assasins of Kings -- ()
    "F:\Games\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe" = F:\Games\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe:*:Enabled:Call of Duty: Black Ops - Multiplayer -- ()
    "F:\Games\Steam\SteamApps\common\assassin's creed 2\AssassinsCreedIIGame.exe" = F:\Games\Steam\SteamApps\common\assassin's creed 2\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II -- ()
    "F:\Games\Steam\SteamApps\common\call of duty black ops\BlackOps.exe" = F:\Games\Steam\SteamApps\common\call of duty black ops\BlackOps.exe:*:Enabled:Call of Duty: Black Ops -- ()
    "F:\Games\Steam\SteamApps\common\dragon age ii\DragonAge2Launcher.exe" = F:\Games\Steam\SteamApps\common\dragon age ii\DragonAge2Launcher.exe:*:Enabled:Dragon Age II -- (BioWare)
    "F:\Games\Steam\SteamApps\common\dragon age ii\docs\EA Help\Electronic_Arts_Technical_Support.htm" = F:\Games\Steam\SteamApps\common\dragon age ii\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Dragon Age II -- ()
    "F:\Games\Steam\SteamApps\common\red faction ii\Red Faction II.exe" = F:\Games\Steam\SteamApps\common\red faction ii\Red Faction II.exe:*:Enabled:Red Faction II -- ()
    "F:\Games\Steam\SteamApps\common\red faction guerrilla\rfg_launcher.exe" = F:\Games\Steam\SteamApps\common\red faction guerrilla\rfg_launcher.exe:*:Enabled:Red Faction: Guerrilla -- (THQ Inc.)
    "F:\Games\Steam\SteamApps\common\red faction guerrilla\rfg.exe" = F:\Games\Steam\SteamApps\common\red faction guerrilla\rfg.exe:*:Enabled:Red Faction: Guerrilla -- (THQ Inc.)
    "E:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe" = E:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe:*:Enabled:Crysis2 -- (Crytek GmbH)
    "F:\Games\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe" = F:\Games\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
    "{0BF1B902-D614-8706-962B-1FE1D8B1F204}" = ATI Problem Report Wizard
    "{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
    "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
    "{19AAE765-632C-498A-9948-379E02CF8472}" = OpenOffice.org 3.2
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
    "{25A18E40-3263-416E-B672-BE85DA47BBFD}" = Mumble 1.2.3
    "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
    "{350C97BD-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{43502311-A8E5-233F-BEBC-9F47C112800E}" = ATI AVIVO Codecs
    "{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
    "{55C09FC1-D2D8-495A-BD80-D6725F0DCA58}" = Logitech GamePanel Software 3.04.137
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
    "{64371D22-A18B-436E-863B-2E12DA8042FF}" = Microsoft .NET Framework 3.0 Dutch Language Pack
    "{655A0785-CB7A-42C2-A1AE-B3FE1BFB2617}" = Windows Presentation Foundation Language Pack (NLD)
    "{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
    "{6C9EF6DE-391E-665A-92F2-2BF72DF53E61}" = Catalyst Control Center
    "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{7B85381C-0C6A-FC5B-97BC-FC0F392ED8AA}" = Application Profiles
    "{7C4C5B40-43E1-4890-AD50-E1E8F8446D5F}" = Microsoft Antimalware Service NL-NL Language Pack
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client NL-NL Language Pack
    "{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A1027CE-83F6-3CB2-B9BA-9DA38D0907D0}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AFBF90DF-9FBE-002F-E8F4-2EC713678BD7}" = Catalyst Control Center InstallProxy
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BB85B4D1-FE48-9AC2-ACF3-5833D539C606}" = ATI Catalyst Install Manager
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
    "{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio 5
    "{C325B98A-455F-51CE-9234-ECD562DCE162}" = ATI MCE Encoder
    "{C85C8CE6-CA92-7CDC-75C3-AA9C22E7FD75}" = ccc-utility
    "{CDBA6855-330C-31F9-2E2E-9C2421A1B85E}" = HydraVision
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D41DA7B0-DE4C-20A5-FC4C-F00327548F0D}" = CCC Help English
    "{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
    "{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4F7F393-A8E8-42CC-8C2E-7A999B48B2AE}_is1" = DirectX10 LV (Last Version)
    "{F73EA8BF-81F5-32AF-8D8A-24F12FD23B79}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD
    "{F90D9C89-7918-7994-66CC-513C4A92D3A6}" = Catalyst Control Center Graphics Previews Common
    "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Aangifte inkomstenbelasting 2007" = Aangifte inkomstenbelasting 2007
    "Aangifte inkomstenbelasting 2008" = Aangifte inkomstenbelasting 2008
    "Aangifte inkomstenbelasting 2009" = Aangifte inkomstenbelasting 2009
    "ABC Amber ePub Converter" = ABC Amber ePub Converter
    "ABC Amber LIT Converter" = ABC Amber LIT Converter
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Akamai" = Akamai NetSession Interface
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
    "Creative Centrale" = Creative Centrale
    "Digital Editions" = Adobe Digital Editions
    "DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3
    "DivX Setup.divx.com" = DivX Setup
    "Find and Mount_is1" = Find and Mount 2.3
    "Fraps" = Fraps (remove only)
    "IconPackager" = IconPackager
    "IrfanView" = IrfanView (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware versie 1.51.0.1200
    "Microsoft .NET Framework 3.0 Dutch Language Pack" = Microsoft .NET Framework 3.0 Nederlands taalpakket
    "Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
    "MultiRes (remove only)" = MultiRes (remove only)
    "MyFreeCodec" = MyFreeCodec
    "Notepad++" = Notepad++
    "OpenAL" = OpenAL
    "PCI Audio Driver" = PCI Audio Driver
    "Philips Songbird" = Philips Songbird
    "PunkBusterSvc" = PunkBuster Services
    "Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
    "StarCraft II" = StarCraft II
    "Steam App 10180" = Call of Duty: Modern Warfare 2
    "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
    "Steam App 13580" = Tom Clancy's Splinter Cell: Double Agent
    "Steam App 15100" = Assassin's Creed
    "Steam App 15120" = Tom Clancy's Rainbow Six: Vegas 2
    "Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
    "Steam App 17460" = Mass Effect
    "Steam App 20500" = Red Faction: Guerrilla
    "Steam App 20550" = Red Faction II
    "Steam App 24980" = Mass Effect 2
    "Steam App 33230" = Assassin's Creed II
    "Steam App 40100" = Supreme Commander 2
    "Steam App 42700" = Call of Duty: Black Ops
    "Steam App 42710" = Call of Duty: Black Ops - Multiplayer
    "Steam App 47810" = Dragon Age: Origins - Ultimate Edition
    "Steam App 47900" = Dragon Age II
    "Steam App 8980" = Borderlands
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "uTorrent" = µTorrent
    "Verzoek of wijziging voorlopige aanslag 2009" = Verzoek of wijziging voorlopige aanslag 2009
    "VLC media player" = VLC media player 1.0.5
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "World of Warcraft" = World of Warcraft
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
    "Xvid Video Codec 1.3.0" = Xvid Video Codec
    "Zen V Series Media Explorer" = ZEN V Series Media Explorer
    "ZENX-FI" = Creative ZEN X-Fi-Gebruikershandleiding

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12-12-2010 15:50:03 | Computer Name = LENNART | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: ts3client_win32.exe, versie: 1.0.0.0, vastgelopen
    module: unknown, versie: 0.0.0.0, vastgelopen op: 0x00000000.

    Error - 14-12-2010 16:55:05 | Computer Name = LENNART | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: ts3client_win32.exe, versie: 1.0.0.0, vastgelopen
    module: msvcrt.dll, versie: 7.0.2600.5512, vastgelopen op: 0x00036fa3.

    [ System Events ]
    Error - 11-6-2011 3:22:13 | Computer Name = LENNART | Source = Windows Update Agent | ID = 20
    Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
    foutcode 0xd0000005: KB951376: Beveiligingsupdate voor Windows XP.

    Error - 16-6-2011 3:27:43 | Computer Name = LENNART | Source = Service Control Manager | ID = 7011
    Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
    transactie van deze service: SSDPSRV.

    Error - 16-6-2011 3:27:43 | Computer Name = LENNART | Source = Service Control Manager | ID = 7000
    Description = De SSDP Discovery-service-service kan vanwege de volgende fout niet
    worden gestart: %%1053

    Error - 16-6-2011 6:02:17 | Computer Name = LENNART | Source = Service Control Manager | ID = 7011
    Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
    transactie van deze service: SSDPSRV.

    Error - 16-6-2011 6:02:17 | Computer Name = LENNART | Source = Service Control Manager | ID = 7000
    Description = De SSDP Discovery-service-service kan vanwege de volgende fout niet
    worden gestart: %%1053

    Error - 18-6-2011 7:23:46 | Computer Name = LENNART | Source = Service Control Manager | ID = 7034
    Description = De Java Quick Starter-service is onverwacht beëindigd. Dit is nu 1
    keer gebeurd.

    Error - 18-6-2011 7:36:55 | Computer Name = LENNART | Source = atapi | ID = 262153
    Description = Het apparaat \Device\Ide\IdePort4 heeft niet binnen de tijd voor time-out
    gereageerd.

    Error - 18-6-2011 7:37:06 | Computer Name = LENNART | Source = atapi | ID = 262153
    Description = Het apparaat \Device\Ide\IdePort4 heeft niet binnen de tijd voor time-out
    gereageerd.

    Error - 18-6-2011 16:11:53 | Computer Name = LENNART | Source = System Error | ID = 1003
    Description = Foutcode; 000000ca, parameter1: 00000004, parameter2: 89989030, parameter3:
    00000000, parameter4: 00000000.

    Error - 18-6-2011 17:40:56 | Computer Name = LENNART | Source = PlugPlayManager | ID = 11
    Description = Het apparaat Root\LEGACY_BLACKBOX\0000 is uit het systeem verdwenen
    zonder dat de verwijdering is voorbereid.


    < End of report >


    That's all the files.
     
  23. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Which browser is getting redirected?

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  24. Domiro

    Domiro TS Rookie Topic Starter Posts: 22

    Both FireFox and Internet Explorer showed the same symptoms, after having done the TDSSKiller step both FF and IE redirect where they're intended to.


    Log;

    2011/06/19 00:48:38.0375 2284 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
    2011/06/19 00:48:38.0578 2284 ================================================================================
    2011/06/19 00:48:38.0578 2284 SystemInfo:
    2011/06/19 00:48:38.0578 2284
    2011/06/19 00:48:38.0578 2284 OS Version: 5.1.2600 ServicePack: 3.0
    2011/06/19 00:48:38.0578 2284 Product type: Workstation
    2011/06/19 00:48:38.0578 2284 ComputerName: LENNART
    2011/06/19 00:48:38.0578 2284 UserName: Lennart de Groot
    2011/06/19 00:48:38.0578 2284 Windows directory: C:\WINDOWS
    2011/06/19 00:48:38.0578 2284 System windows directory: C:\WINDOWS
    2011/06/19 00:48:38.0578 2284 Processor architecture: Intel x86
    2011/06/19 00:48:38.0578 2284 Number of processors: 2
    2011/06/19 00:48:38.0578 2284 Page size: 0x1000
    2011/06/19 00:48:38.0578 2284 Boot type: Normal boot
    2011/06/19 00:48:38.0578 2284 ================================================================================
    2011/06/19 00:48:39.0312 2284 Initialize success
    2011/06/19 00:48:51.0187 5488 ================================================================================
    2011/06/19 00:48:51.0187 5488 Scan started
    2011/06/19 00:48:51.0187 5488 Mode: Manual;
    2011/06/19 00:48:51.0187 5488 ================================================================================
    2011/06/19 00:48:51.0906 5488 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/06/19 00:48:51.0921 5488 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/06/19 00:48:51.0953 5488 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/06/19 00:48:51.0968 5488 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
    2011/06/19 00:48:52.0062 5488 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
    2011/06/19 00:48:52.0078 5488 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/06/19 00:48:52.0140 5488 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
    2011/06/19 00:48:52.0156 5488 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/06/19 00:48:52.0156 5488 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/06/19 00:48:52.0296 5488 ati2mtag (8e280e25a7a3ca8f5f35946cdf41d434) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/06/19 00:48:52.0343 5488 AtiHdmiService (b5e6b3802c6b36308dfc8e9855e3a872) C:\WINDOWS\system32\drivers\AtiHdmi.sys
    2011/06/19 00:48:52.0375 5488 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\WINDOWS\system32\DRIVERS\ATITool.sys
    2011/06/19 00:48:52.0437 5488 atitray (6e51838f65c4f5264af489773a53d678) C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys
    2011/06/19 00:48:52.0453 5488 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/06/19 00:48:52.0468 5488 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/06/19 00:48:52.0500 5488 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/06/19 00:48:52.0531 5488 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/06/19 00:48:52.0578 5488 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/06/19 00:48:52.0593 5488 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/06/19 00:48:52.0593 5488 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/06/19 00:48:52.0640 5488 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys
    2011/06/19 00:48:52.0671 5488 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\WINDOWS\system32\drivers\cpuz134_x32.sys
    2011/06/19 00:48:52.0703 5488 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/06/19 00:48:52.0734 5488 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/06/19 00:48:52.0750 5488 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
    2011/06/19 00:48:52.0750 5488 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/06/19 00:48:52.0781 5488 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/06/19 00:48:52.0812 5488 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/06/19 00:48:52.0828 5488 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/06/19 00:48:52.0843 5488 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/06/19 00:48:52.0843 5488 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
    2011/06/19 00:48:52.0859 5488 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/06/19 00:48:52.0875 5488 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/06/19 00:48:52.0890 5488 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/06/19 00:48:52.0906 5488 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/06/19 00:48:52.0906 5488 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    2011/06/19 00:48:52.0937 5488 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2011/06/19 00:48:52.0937 5488 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/06/19 00:48:52.0953 5488 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/06/19 00:48:52.0968 5488 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/06/19 00:48:53.0000 5488 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/06/19 00:48:53.0031 5488 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\drivers\i8042prt.sys
    2011/06/19 00:48:53.0046 5488 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/06/19 00:48:53.0171 5488 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/06/19 00:48:53.0218 5488 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/06/19 00:48:53.0234 5488 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/06/19 00:48:53.0265 5488 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/06/19 00:48:53.0281 5488 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/06/19 00:48:53.0296 5488 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/06/19 00:48:53.0312 5488 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/06/19 00:48:53.0328 5488 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/06/19 00:48:53.0343 5488 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/06/19 00:48:53.0359 5488 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/06/19 00:48:53.0375 5488 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/06/19 00:48:53.0390 5488 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/06/19 00:48:53.0390 5488 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/06/19 00:48:53.0421 5488 LBeepKE (ca63fe81705ad660e482bef210bf2c73) C:\WINDOWS\system32\Drivers\LBeepKE.sys
    2011/06/19 00:48:53.0453 5488 LGBusEnum (170e7093a77ad586f3a012a3db651d94) C:\WINDOWS\system32\drivers\LGBusEnum.sys
    2011/06/19 00:48:53.0468 5488 LGVirHid (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\WINDOWS\system32\drivers\LGVirHid.sys
    2011/06/19 00:48:53.0500 5488 LHidFilt (b68309f25c5787385da842eb5b496958) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    2011/06/19 00:48:53.0515 5488 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    2011/06/19 00:48:53.0546 5488 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
    2011/06/19 00:48:53.0578 5488 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2011/06/19 00:48:53.0578 5488 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/06/19 00:48:53.0609 5488 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
    2011/06/19 00:48:53.0640 5488 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
    2011/06/19 00:48:53.0671 5488 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/06/19 00:48:53.0687 5488 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/06/19 00:48:53.0687 5488 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/06/19 00:48:53.0718 5488 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    2011/06/19 00:48:53.0781 5488 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/06/19 00:48:53.0812 5488 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/06/19 00:48:53.0828 5488 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/06/19 00:48:53.0843 5488 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/06/19 00:48:53.0859 5488 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/06/19 00:48:53.0875 5488 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/06/19 00:48:53.0890 5488 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/06/19 00:48:53.0890 5488 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/06/19 00:48:53.0906 5488 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/06/19 00:48:53.0921 5488 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/06/19 00:48:53.0937 5488 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/06/19 00:48:53.0937 5488 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/06/19 00:48:53.0953 5488 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/06/19 00:48:53.0968 5488 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/06/19 00:48:53.0968 5488 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/06/19 00:48:54.0000 5488 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/06/19 00:48:54.0000 5488 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/06/19 00:48:54.0015 5488 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/06/19 00:48:54.0031 5488 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/06/19 00:48:54.0062 5488 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/06/19 00:48:54.0062 5488 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/06/19 00:48:54.0078 5488 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/06/19 00:48:54.0093 5488 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
    2011/06/19 00:48:54.0093 5488 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/06/19 00:48:54.0125 5488 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/06/19 00:48:54.0125 5488 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/06/19 00:48:54.0140 5488 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/06/19 00:48:54.0156 5488 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/06/19 00:48:54.0218 5488 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/06/19 00:48:54.0234 5488 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
    2011/06/19 00:48:54.0250 5488 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/06/19 00:48:54.0265 5488 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/06/19 00:48:54.0281 5488 pwdrvio (99cf0190f1f346cb0a0bbd1873683425) C:\WINDOWS\system32\pwdrvio.sys
    2011/06/19 00:48:54.0281 5488 pwdspio (57febcc5f8c577faad55b0ff2d617826) C:\WINDOWS\system32\pwdspio.sys
    2011/06/19 00:48:54.0312 5488 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/06/19 00:48:54.0359 5488 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/06/19 00:48:54.0359 5488 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/06/19 00:48:54.0375 5488 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/06/19 00:48:54.0375 5488 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/06/19 00:48:54.0390 5488 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/06/19 00:48:54.0390 5488 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/06/19 00:48:54.0406 5488 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/06/19 00:48:54.0421 5488 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/06/19 00:48:54.0453 5488 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/06/19 00:48:54.0546 5488 RTHDMIAzAudService (3a5d16604e1744964e08432354c489a3) C:\WINDOWS\system32\drivers\RtKHDMI.sys
    2011/06/19 00:48:54.0578 5488 rtl8029 (493b54a894a6e70dd02961a68db8863f) C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
    2011/06/19 00:48:54.0609 5488 RzSynapse (2e2f0d988f6d46e5e5e84d9fcad39081) C:\WINDOWS\system32\DRIVERS\RzSynapse.sys
    2011/06/19 00:48:54.0625 5488 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/06/19 00:48:54.0640 5488 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/06/19 00:48:54.0656 5488 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/06/19 00:48:54.0687 5488 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/06/19 00:48:54.0718 5488 slicedisk.sys (4e88cd24d5ddfca74f64a4fec2ed7197) C:\WINDOWS\system32\slicedisk.sys
    2011/06/19 00:48:54.0781 5488 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/06/19 00:48:54.0812 5488 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\system32\Drivers\sptd.sys
    2011/06/19 00:48:54.0812 5488 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
    2011/06/19 00:48:54.0812 5488 sptd - detected LockedFile.Multi.Generic (1)
    2011/06/19 00:48:54.0828 5488 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/06/19 00:48:54.0843 5488 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/06/19 00:48:54.0859 5488 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/06/19 00:48:54.0875 5488 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/06/19 00:48:54.0906 5488 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/06/19 00:48:54.0937 5488 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/06/19 00:48:54.0953 5488 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/06/19 00:48:54.0953 5488 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/06/19 00:48:54.0968 5488 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/06/19 00:48:55.0000 5488 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/06/19 00:48:55.0015 5488 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/06/19 00:48:55.0031 5488 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/06/19 00:48:55.0046 5488 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/06/19 00:48:55.0078 5488 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/06/19 00:48:55.0078 5488 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/06/19 00:48:55.0109 5488 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/06/19 00:48:55.0140 5488 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/06/19 00:48:55.0140 5488 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/06/19 00:48:55.0156 5488 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/06/19 00:48:55.0171 5488 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/06/19 00:48:55.0203 5488 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    2011/06/19 00:48:55.0218 5488 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/06/19 00:48:55.0265 5488 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2011/06/19 00:48:55.0281 5488 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/06/19 00:48:55.0312 5488 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/06/19 00:48:55.0343 5488 MBR (0x1B8) (33acd7f96c8c543021d4b4a4c6afbe8a) \Device\Harddisk0\DR0
    2011/06/19 00:48:55.0343 5488 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
    2011/06/19 00:48:55.0343 5488 ================================================================================
    2011/06/19 00:48:55.0343 5488 Scan finished
    2011/06/19 00:48:55.0343 5488 ================================================================================
    2011/06/19 00:48:55.0359 2376 Detected object count: 2
    2011/06/19 00:48:55.0359 2376 Actual detected object count: 2
    2011/06/19 00:49:11.0218 2376 LockedFile.Multi.Generic(sptd) - User select action: Skip
    2011/06/19 00:49:11.0234 2376 \Device\Harddisk0\DR0 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot
    2011/06/19 00:49:11.0234 2376 \Device\Harddisk0\DR0 - ok
    2011/06/19 00:49:11.0234 2376 Backdoor.Win32.Sinowal.knf(\Device\Harddisk0\DR0) - User select action: Cure
    2011/06/19 00:49:33.0421 1056 Deinitialize success
     
  25. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Very good :)
    Please, give me fresh RKUnhooker log.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.