Solved Google redirects, compromissed game account

Status
Not open for further replies.
D

Domiro

Posts: 22   +0
Just over a week ago I lost an account related to games. I noticed later on that AVG(2009) ran out. I removed AVG, installed Microsoft Security Essentials, updated my remaining windows updates and defragged the HDD.

Now i'm running into the issue that google redirects my searchresults to several sites not even remotely related. Other than that; Firefox seems to refuse to start, forcing me to reboot my machine (Taskmanager shows several instances running) and in some instances my machine slows down severely.

As mentioned in the sticky, my AV has run its course, removing several infections. Java has been removed and the latest release installed, Adobe has been removed.

Any help to solve this issue would be greatly appreciated. If there are questions regarding translation (Considering my OS is installed in Dutch), then i'm more than happy to help.

===

Step 2 - Malwarebytes Anti-Malware

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Databaseversie: 6885

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

18-6-2011 13:22:16
mbam-log-2011-06-18 (13-22-16).txt

Scantype: Volledige scan (C:\|E:\|F:\|)
Objecten gescand: 373902
Verstreken tijd: 1 uur/uren, 28 minuut/minuten, 9 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 1
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 1
Bestanden geïnfecteerd: 7

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WV3E3W0UXE4W1H6JOEOJOSEIHJTGBG (Trojan.SpyEyes) -> Value: WV3E3W0UXE4W1H6JOEOJOSEIHJTGBG -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
c:\pkgfurotmvn (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:
c:\documents and settings\lennart de groot\local settings\Temp\jar_cache1843015428022091892.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\documents and settings\lennart de groot\local settings\Temp\jar_cache4530388770589662388.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b92a4fe4-3e3d-4416-b2a4-69c1259896d7}\RP143\A0117459.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b92a4fe4-3e3d-4416-b2a4-69c1259896d7}\RP146\A0119946.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b92a4fe4-3e3d-4416-b2a4-69c1259896d7}\RP147\A0119955.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b92a4fe4-3e3d-4416-b2a4-69c1259896d7}\RP149\A0121054.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\pkgfurotmvn\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

===

Step 3: GMER

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-18 13:44:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort4 SAMSUNG_HD642JJ rev.1AA01108
Running: kxubi2uj.exe; Driver: C:\DOCUME~1\LENNAR~1\LOCALS~1\Temp\uxrdapob.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xB9ECFA50]
SSDT sptd.sys ZwEnumerateKey [0xB9F03FFE]
SSDT sptd.sys ZwEnumerateValueKey [0xB9F0438C]
SSDT sptd.sys ZwOpenKey [0xB9ECFA30]
SSDT sptd.sys ZwQueryKey [0xB9F04464]
SSDT sptd.sys ZwQueryValueKey [0xB9F042E4]
SSDT sptd.sys ZwSetValueKey [0xB9F044F6]

INT 0x63 ? 8AEFFCC8
INT 0x63 ? 8AEFFCC8
INT 0x63 ? 8AEFFCC8
INT 0x63 ? 8AEFFCC8
INT 0x63 ? 8ACBCF00
INT 0x83 ? 8AEFFCC8
INT 0x83 ? 8AEFFCC8
INT 0x83 ? 8ACBCF00
INT 0x83 ? 8AEFFCC8
INT 0x84 ? 8ACBCF00
INT 0xA4 ? 8ACBCF00
INT 0xA4 ? 8ACBCF00
INT 0xA4 ? 8ACBCF00
INT 0xA4 ? 8ACBCF00
INT 0xB4 ? 8ACBCF00

---- Kernel code sections - GMER 1.0.15 ----

PAGE sptd.sys B9EF3000 1 Byte [74]
PAGE sptd.sys B9EF3004 5 Bytes [40, 33, EF, B9, A3]
PAGE sptd.sys B9EF300C 5 Bytes [50, 34, EF, B9, 98]
PAGE sptd.sys B9EF3014 5 Bytes [B8, 33, EF, B9, 59] {MOV EAX, 0x59b9ef33}
PAGE sptd.sys B9EF301C 5 Bytes [78, 32, EF, B9, 61]
PAGE ...
.sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB9F8CD38]
? C:\WINDOWS\system32\drivers\sptd.sys Het proces heeft geen toegang tot het bestand omdat
het bestand door een ander proces wordt gebruikt.
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB95DB000, 0x2A1A98, 0xE8000020]
.text USBPORT.SYS!DllUnload B95928AC 5 Bytes JMP 8ACBC410
.text ayu81ieq.SYS B951F306 50 Bytes [00, 00, 00, 42, 03, 00, F0, ...]
.text ayu81ieq.SYS B951F339 23 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ayu81ieq.SYS B951F351 87 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ayu81ieq.SYS B951F3A9 10 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ayu81ieq.SYS B951F3B4 12 Bytes [40, 00, 00, C8, 50, 41, 47, ...] {INC EAX; ADD [EAX], AL; ENTER 0x4150, 0x47; INC EBP; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FDB8B8D-373E-4B57-8872-6ECB23BC3077}\MpKslf962e264.sys Het systeem kan het opgegeven bestand niet vinden. !
? system32\drivers\xpsec.sys Het systeem kan het opgegeven pad niet vinden. !
? system32\drivers\xcpip.sys Het systeem kan het opgegeven pad niet vinden. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\userinit.exe[268] ntdll.dll!NtClose 7C90CFEE 3 Bytes JMP 009103B2
.text C:\WINDOWS\system32\userinit.exe[268] ntdll.dll!NtClose + 4 7C90CFF2 1 Byte [84]
.text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\system32\winlogon.exe[640] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\system32\winlogon.exe[640] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\system32\winlogon.exe[640] Secur32.dll!LsaLogonUser 77F133F1 5 Bytes JMP 01112946
.text C:\WINDOWS\system32\winlogon.exe[640] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\system32\winlogon.exe[640] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\system32\winlogon.exe[640] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\system32\winlogon.exe[640] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\system32\lsass.exe[748] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\system32\lsass.exe[748] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\system32\lsass.exe[748] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\system32\lsass.exe[748] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\system32\lsass.exe[748] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\system32\lsass.exe[748] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\system32\lsass.exe[748] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\system32\lsass.exe[748] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\system32\lsass.exe[748] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\system32\lsass.exe[748] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\system32\Ati2evxx.exe[924] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00DD03B2
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\system32\svchost.exe[944] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\system32\svchost.exe[944] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\system32\svchost.exe[944] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] kernel32.dll!CreateFileW 7C7E0800 8 Bytes JMP 0BB754CB
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 024A9E0A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 024A9CBC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] WS2_32.dll!recv 71A3676F 5 Bytes JMP 024A9A88
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 024A9B5B
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] USER32.dll!TrackPopupMenu 7E3E531E 5 Bytes JMP 1040C334 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[952] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\system32\svchost.exe[1016] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\system32\svchost.exe[1016] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\system32\svchost.exe[1016] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BC0A7ED
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BC14882
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BC261F5
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BC0A537
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BC14938
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BC1045F
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BC1C594
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BC0BDD9
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01659E0A
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BC1D3A3
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01659CBC
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01659A88
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01659B5B
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BC1D3C5
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BC1938C
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BC0C3E1
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BC1DC3D
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BC22A3B
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BC1D6E8
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BC211F9
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BC21109
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BC22CF7
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BC21313
.text C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe[1052] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BC22B99
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0C9BA7ED
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0C9C4882
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0C9D61F5
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0C9BA537
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0C9C4938
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0C9BBDD9
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0C9CC594
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0C9C045F
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0C9CD3C5
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0C9C938C
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0C9BC3E1
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0C9CDC3D
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0C9D2A3B
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0C9CD6E8
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0C9D11F9
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0C9D1109
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0C9D2CF7
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0C9D1313
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0C9D2B99
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00DF9E0A
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WS2_32.dll!send 71A34C27 8 Bytes JMP 0C9CD3A3
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00DF9CBC
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00DF9A88
.text C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1100] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00DF9B5B
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
GMER log is incomplete.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\System32\svchost.exe[1144] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\System32\svchost.exe[1144] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\System32\svchost.exe[1144] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 007C03B2
.text C:\WINDOWS\Mixer.exe[1256] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\Mixer.exe[1256] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\Mixer.exe[1256] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\Mixer.exe[1256] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\Mixer.exe[1256] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\Mixer.exe[1256] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\Mixer.exe[1256] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\Mixer.exe[1256] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\Mixer.exe[1256] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 03C29E0A
.text C:\WINDOWS\Mixer.exe[1256] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\Mixer.exe[1256] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 03C29CBC
.text C:\WINDOWS\Mixer.exe[1256] WS2_32.dll!recv 71A3676F 5 Bytes JMP 03C29A88
.text C:\WINDOWS\Mixer.exe[1256] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 03C29B5B
.text C:\WINDOWS\Mixer.exe[1256] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\Mixer.exe[1256] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\Mixer.exe[1256] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\Mixer.exe[1256] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\Mixer.exe[1256] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\Mixer.exe[1256] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\Mixer.exe[1256] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\Mixer.exe[1256] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\Mixer.exe[1256] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\Mixer.exe[1256] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\Mixer.exe[1256] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\System32\svchost.exe[1260] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\System32\svchost.exe[1260] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\System32\svchost.exe[1260] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\System32\svchost.exe[1260] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\System32\svchost.exe[1260] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\System32\svchost.exe[1260] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\System32\svchost.exe[1356] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\System32\svchost.exe[1356] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\System32\svchost.exe[1356] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\System32\svchost.exe[1356] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\System32\svchost.exe[1356] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\System32\svchost.exe[1356] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\system32\Ati2evxx.exe[1432] WININET.dll!HttpSendRequestW771D3254 8 Bytes JMP 0BB82B99
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00FB9E0A
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00FB9CBC
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00FB9A88
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00FB9B5B
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe[1500] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\system32\spoolsv.exe[1568] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\system32\spoolsv.exe[1568] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\system32\spoolsv.exe[1568] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\system32\spoolsv.exe[1568] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\system32\spoolsv.exe[1568] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\system32\spoolsv.exe[1568] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\system32\spoolsv.exe[1568] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\system32\spoolsv.exe[1568] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\system32\spoolsv.exe[1568] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\system32\spoolsv.exe[1568] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 02209E0A
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 02209CBC
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WS2_32.dll!recv 71A3676F 5 Bytes JMP 02209A88
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 02209B5B
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe[1788] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 03599E0A
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 03599CBC
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WS2_32.dll!recv 71A3676F 5 Bytes JMP 03599A88
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 03599B5B
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
 
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe[1808] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\RTHDCPL.EXE[1900] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\RTHDCPL.EXE[1900] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\RTHDCPL.EXE[1900] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\RTHDCPL.EXE[1900] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\RTHDCPL.EXE[1900] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\RTHDCPL.EXE[1900] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\RTHDCPL.EXE[1900] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\RTHDCPL.EXE[1900] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\RTHDCPL.EXE[1900] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 05B79E0A
.text C:\WINDOWS\RTHDCPL.EXE[1900] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\RTHDCPL.EXE[1900] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 05B79CBC
.text C:\WINDOWS\RTHDCPL.EXE[1900] WS2_32.dll!recv 71A3676F 5 Bytes JMP 05B79A88
.text C:\WINDOWS\RTHDCPL.EXE[1900] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 05B79B5B
.text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\RTHDCPL.EXE[1900] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\Program[1916] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program[1916] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program[1916] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program[1916] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program[1916] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program[1916] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program[1916] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program[1916] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program[1916] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 025D9E0A
.text C:\Program[1916] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program[1916] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 025D9CBC
.text C:\Program[1916] WS2_32.dll!recv 71A3676F 5 Bytes JMP 025D9A88
.text C:\Program[1916] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 025D9B5B
.text C:\Program[1916] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program[1916] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program[1916] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program[1916] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program[1916] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program[1916] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program[1916] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program[1916] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program[1916] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program[1916] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program[1916] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] ntdll.dll!NtVdmControl
7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01119E0A
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01119CBC
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01119A88
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01119B5B
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe[2104] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01139E0A
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01139CBC
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01139A88
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01139B5B
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\Razer\Naga\RazerNagaSysTray.exe[2264] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\System32\svchost.exe[2312] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\System32\svchost.exe[2312] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\System32\svchost.exe[2312] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\System32\svchost.exe[2312] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\System32\svchost.exe[2312] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\System32\svchost.exe[2312] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\System32\svchost.exe[2312] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\System32\svchost.exe[2312] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\System32\svchost.exe[2312] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\System32\svchost.exe[2312] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 018C9E0A
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 018C9CBC
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WS2_32.dll!recv 71A3676F 5 Bytes JMP 018C9A88
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 018C9B5B
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2448] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01E69E0A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01E69CBC
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01E69A88
.text C:\Program Files\Microsoft Security Client\msseces.exe[2464] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01E69B5B
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 03F89E0A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 03F89CBC
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WS2_32.dll!recv 71A3676F 5 Bytes JMP 03F89A88
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 03F89B5B
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2484] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\system32\ctfmon.exe[2492] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\system32\ctfmon.exe[2492] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\system32\ctfmon.exe[2492] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\system32\ctfmon.exe[2492] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\system32\ctfmon.exe[2492] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\system32\ctfmon.exe[2492] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\system32\ctfmon.exe[2492] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\system32\ctfmon.exe[2492] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\system32\ctfmon.exe[2492] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00DF9E0A
.text C:\WINDOWS\system32\ctfmon.exe[2492] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\system32\ctfmon.exe[2492] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00DF9CBC
.text C:\WINDOWS\system32\ctfmon.exe[2492] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00DF9A88
.text C:\WINDOWS\system32\ctfmon.exe[2492] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00DF9B5B
.text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
 
.text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\system32\ctfmon.exe[2492] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text F:\games\steam\steam.exe[2508] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0D33A7ED
.text F:\games\steam\steam.exe[2508] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0D344882
.text F:\games\steam\steam.exe[2508] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0D3561F5
.text F:\games\steam\steam.exe[2508] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0D33A537
.text F:\games\steam\steam.exe[2508] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0D344938
.text F:\games\steam\steam.exe[2508] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 05049E0A
.text F:\games\steam\steam.exe[2508] WS2_32.dll!send 71A34C27 8 Bytes JMP 0D34D3A3
.text F:\games\steam\steam.exe[2508] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 05049CBC
.text F:\games\steam\steam.exe[2508] WS2_32.dll!recv 71A3676F 5 Bytes JMP 05049A88
.text F:\games\steam\steam.exe[2508] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 05049B5B
.text F:\games\steam\steam.exe[2508] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0D34C594
.text F:\games\steam\steam.exe[2508] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0D33BDD9
.text F:\games\steam\steam.exe[2508] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0D34045F
.text F:\games\steam\steam.exe[2508] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0D34D3C5
.text F:\games\steam\steam.exe[2508] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0D34938C
.text F:\games\steam\steam.exe[2508] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0D33C3E1
.text F:\games\steam\steam.exe[2508] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0D34DC3D
.text F:\games\steam\steam.exe[2508] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0D352A3B
.text F:\games\steam\steam.exe[2508] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0D34D6E8
.text F:\games\steam\steam.exe[2508] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0D3511F9
.text F:\games\steam\steam.exe[2508] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0D351109
.text F:\games\steam\steam.exe[2508] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0D352CF7
.text F:\games\steam\steam.exe[2508] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0D351313
.text F:\games\steam\steam.exe[2508] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0D352B99
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01439E0A
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01439CBC
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01439A88
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01439B5B
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00D99E0A
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00D99CBC
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00D99A88
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00D99B5B
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01DA9E0A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01DA9CBC
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01DA9A88
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01DA9B5B
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 010E9E0A
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 010E9CBC
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!recv 71A3676F 5 Bytes JMP 010E9A88
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 010E9B5B
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BC0A7ED
.text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BC14882
.text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BC261F5
.text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BC0A537
.text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BC14938
.text C:\WINDOWS\explorer.exe[2832] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BC1C594
.text C:\WINDOWS\explorer.exe[2832] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BC0BDD9
.text C:\WINDOWS\explorer.exe[2832] USER32.dll!DisplayExitWindowsWarnings 7E3D9F91 5 Bytes JMP 01272758
.text C:\WINDOWS\explorer.exe[2832] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BC1045F
.text C:\WINDOWS\explorer.exe[2832] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BC1DC3D
.text C:\WINDOWS\explorer.exe[2832] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BC22A3B
.text C:\WINDOWS\explorer.exe[2832] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BC22CF7
.text C:\WINDOWS\explorer.exe[2832] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BC22B99
.text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00F39E0A
.text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BC1D3A3
.text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00F39CBC
.text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00F39A88
.text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00F39B5B
.text C:\WINDOWS\system32\PnkBstrA.exe[3228] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 006A03B2
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01829E0A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01829CBC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01829A88
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01829B5B
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\System32\svchost.exe[3644] ntdll.dll!NtClose 7C90CFEE 3 Bytes JMP 009103B2
.text C:\WINDOWS\System32\svchost.exe[3644] ntdll.dll!NtClose + 4 7C90CFF2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\System32\svchost.exe[3728] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\System32\svchost.exe[3728] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\System32\svchost.exe[3728] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\System32\svchost.exe[3728] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BADA7ED
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BAE4882
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BAF61F5
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BADA537
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BAE4938
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BADBDD9
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BAEC594
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BAE045F
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BAED3A3
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BAED3C5
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BAE938C
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BADC3E1
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BAEDC3D
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BAF2A3B
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BAED6E8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BAF11F9
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BAF1109
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BAF2CF7
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BAF1313
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BAF2B99
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0D81A7ED
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0D824882
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0D8361F5
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0D81A537
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0D824938
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0D81BDD9
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0D82C594
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 0EBB9E0A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!send 71A34C27 8 Bytes JMP 0D82D3A3
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 0EBB9CBC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!recv 71A3676F 5 Bytes JMP 0EBB9A88
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 0EBB9B5B
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0D82045F
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0D82D3C5
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0D82938C
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0D81C3E1
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0D82DC3D
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0D832A3B
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0D82D6E8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0D8311F9
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0D831109
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0D832CF7
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0D831313
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0D832B99
.text C:\WINDOWS\system32\CTsvcCDA.exe[3804] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00AE03B2
.text C:\Program Files\Creative\Shared Files\CTDevSrv.exe[3924] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005F03B2
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtEnumerateValueKey
 
7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 07069E0A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 07069CBC
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!recv 71A3676F 5 Bytes JMP 07069A88
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 07069B5B
.text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\system32\wscntfy.exe[4320] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\system32\wscntfy.exe[4320] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\system32\wscntfy.exe[4320] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00FD9E0A
.text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00FD9CBC
.text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00FD9A88
.text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00FD9B5B
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\system32\rundll32.exe[4688] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\system32\rundll32.exe[4688] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\system32\rundll32.exe[4688] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 02839E0A
.text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 02839CBC
.text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!recv 71A3676F 5 Bytes JMP 02839A88
.text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 02839B5B
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005803B2
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 006E9E0A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!send 71A34C27 5 Bytes JMP 006E99A7
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 006E9CBC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!recv 71A3676F 5 Bytes JMP 006E9A88
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 006E9B5B
.text C:\WINDOWS\System32\alg.exe[5044] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A203B2
.text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00BA9E0A
.text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!send 71A34C27 5 Bytes JMP 00BA99A7
.text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00BA9CBC
.text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00BA9A88
.text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00BA9B5B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0CFDA7ED
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0CFE4882
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0CFF61F5
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0CFDA537
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0CFE4938
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0CFEC594
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0CFDBDD9
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WS2_32.dll!send 71A34C27 8 Bytes JMP 0CFED3A3
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0CFE045F
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0CFED3C5
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0CFE938C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0CFDC3E1
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0CFEDC3D
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0CFF2A3B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0CFED6E8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0CFF11F9
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0CFF1109
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0CFF2CF7
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0CFF1313
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0CFF2B99
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] kernel32.dll!CreateFileW 7C7E0800 8 Bytes JMP 0BB754CB
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\system32\msiexec.exe[5556] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\system32\msiexec.exe[5556] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\system32\msiexec.exe[5556] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpSendRequestA
771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00C19E0A
.text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00C19CBC
.text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00C19A88
.text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00C19B5B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BADA7ED
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BAE4882
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BAF61F5
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BADA537
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BAE4938
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BAEC594
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BADBDD9
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BAE045F
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 018B9E0A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BAED3A3
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 018B9CBC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!recv 71A3676F 5 Bytes JMP 018B9A88
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 018B9B5B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BAED3C5
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BAE938C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BADC3E1
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BAEDC3D
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BAF2A3B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BAED6E8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BAF11F9
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BAF1109
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BAF2CF7
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BAF1313
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BAF2B99
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!recv 71A3676F 5 Bytes JMP 0EBB9A88
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 0EBB9B5B
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0D82045F
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0D82D3C5
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0D82938C
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0D81C3E1
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0D82DC3D
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0D832A3B
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0D82D6E8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0D8311F9
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0D831109
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0D832CF7
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0D831313
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0D832B99
.text C:\WINDOWS\system32\CTsvcCDA.exe[3804] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00AE03B2
.text C:\Program Files\Creative\Shared Files\CTDevSrv.exe[3924] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005F03B2
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 07069E0A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 07069CBC
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!recv 71A3676F 5 Bytes JMP 07069A88
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 07069B5B
.text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\system32\wscntfy.exe[4320] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\system32\wscntfy.exe[4320] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\system32\wscntfy.exe[4320] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00FD9E0A
.text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00FD9CBC
 
.text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00FD9A88
.text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00FD9B5B
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\system32\rundll32.exe[4688] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\system32\rundll32.exe[4688] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\system32\rundll32.exe[4688] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 02839E0A
.text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 02839CBC
.text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!recv 71A3676F 5 Bytes JMP 02839A88
.text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 02839B5B
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005803B2
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 006E9E0A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!send 71A34C27 5 Bytes JMP 006E99A7
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 006E9CBC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!recv 71A3676F 5 Bytes JMP 006E9A88
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 006E9B5B
.text C:\WINDOWS\System32\alg.exe[5044] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A203B2
.text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00BA9E0A
.text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!send 71A34C27 5 Bytes JMP 00BA99A7
.text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00BA9CBC
.text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00BA9A88
.text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00BA9B5B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0CFDA7ED
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0CFE4882
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0CFF61F5
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0CFDA537
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0CFE4938
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0CFEC594
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0CFDBDD9
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WS2_32.dll!send
71A34C27 8 Bytes JMP 0CFED3A3
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0CFE045F
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0CFED3C5
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0CFE938C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0CFDC3E1
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0CFEDC3D
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0CFF2A3B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0CFED6E8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0CFF11F9
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0CFF1109
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0CFF2CF7
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0CFF1313
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0CFF2B99
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] kernel32.dll!CreateFileW 7C7E0800 8 Bytes JMP 0BB754CB
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\system32\msiexec.exe[5556] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\system32\msiexec.exe[5556] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\system32\msiexec.exe[5556] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00C19E0A
.text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00C19CBC
.text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00C19A88
.text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00C19B5B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BADA7ED
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BAE4882
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BAF61F5
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BADA537
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BAE4938
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BAEC594
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BADBDD9
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BAE045F
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 018B9E0A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BAED3A3
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 018B9CBC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!recv 71A3676F 5 Bytes JMP 018B9A88
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 018B9B5B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BAED3C5
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BAE938C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BADC3E1
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BAEDC3D
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BAF2A3B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BAED6E8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BAF11F9
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BAF1109
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BAF2CF7
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BAF1313
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BAF2B99
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ADVAPI32.dll!CryptEncrypt


.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01439E0A
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01439CBC
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01439A88
.text C:\Program Files\Creative\Software Update 3\SoftAuto.exe[2528] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01439B5B
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
 
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00D99E0A
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00D99CBC
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00D99A88
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00D99B5B
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe[2576] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01DA9E0A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01DA9CBC
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01DA9A88
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01DA9B5B
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2596] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 010E9E0A
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 010E9CBC
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!recv 71A3676F 5 Bytes JMP 010E9A88
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 010E9B5B
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[2752] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BC0A7ED
.text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BC14882
.text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BC261F5
.text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BC0A537
.text C:\WINDOWS\explorer.exe[2832] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BC14938
.text C:\WINDOWS\explorer.exe[2832] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BC1C594
.text C:\WINDOWS\explorer.exe[2832] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BC0BDD9
.text C:\WINDOWS\explorer.exe[2832] USER32.dll!DisplayExitWindowsWarnings 7E3D9F91 5 Bytes JMP 01272758
.text C:\WINDOWS\explorer.exe[2832] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BC1045F
.text C:\WINDOWS\explorer.exe[2832] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BC1DC3D
.text C:\WINDOWS\explorer.exe[2832] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BC22A3B
.text C:\WINDOWS\explorer.exe[2832] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BC22CF7
.text C:\WINDOWS\explorer.exe[2832] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BC22B99
.text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00F39E0A
.text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BC1D3A3
.text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00F39CBC
.text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00F39A88
.text C:\WINDOWS\explorer.exe[2832] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00F39B5B
.text C:\WINDOWS\system32\PnkBstrA.exe[3228] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 006A03B2
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01829E0A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 01829CBC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!recv 71A3676F 5 Bytes JMP 01829A88
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 01829B5B
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3404] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\System32\svchost.exe[3644] ntdll.dll!NtClose 7C90CFEE 3 Bytes JMP 009103B2
.text C:\WINDOWS\System32\svchost.exe[3644] ntdll.dll!NtClose + 4 7C90CFF2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\System32\svchost.exe[3728] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\System32\svchost.exe[3728] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\System32\svchost.exe[3728] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\System32\svchost.exe[3728] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\System32\svchost.exe[3728] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\System32\svchost.exe[3728] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BADA7ED

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BAE4882
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BAF61F5
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BADA537
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BAE4938
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BADBDD9
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BAEC594
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BAE045F
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BAED3A3
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BAED3C5
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BAE938C
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BADC3E1
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BAEDC3D
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BAF2A3B
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BAED6E8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BAF11F9
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BAF1109
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BAF2CF7
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BAF1313
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3756] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BAF2B99
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0D81A7ED
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0D824882
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0D8361F5
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0D81A537
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0D824938
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0D81BDD9
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0D82C594
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 0EBB9E0A
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!send 71A34C27 8 Bytes JMP 0D82D3A3
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 0EBB9CBC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!recv 71A3676F 5 Bytes JMP 0EBB9A88
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 0EBB9B5B
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0D82045F
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0D82D3C5
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0D82938C
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0D81C3E1
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0D82DC3D
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0D832A3B
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0D82D6E8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0D8311F9
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0D831109
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0D832CF7
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0D831313
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3796] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0D832B99
.text C:\WINDOWS\system32\CTsvcCDA.exe[3804] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00AE03B2
.text C:\Program Files\Creative\Shared Files\CTDevSrv.exe[3924] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005F03B2
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 07069E0A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 07069CBC
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!recv 71A3676F 5 Bytes JMP 07069A88
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3992] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 07069B5B
.text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\system32\wscntfy.exe[4320] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\system32\wscntfy.exe[4320] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\system32\wscntfy.exe[4320] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\system32\wscntfy.exe[4320] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00FD9E0A
.text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00FD9CBC
.text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00FD9A88
.text C:\WINDOWS\system32\wscntfy.exe[4320] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00FD9B5B
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpAddRequestHeadersA
 
771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\system32\wscntfy.exe[4320] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\system32\rundll32.exe[4688] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\system32\rundll32.exe[4688] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\system32\rundll32.exe[4688] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\system32\rundll32.exe[4688] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 02839E0A
.text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 02839CBC
.text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!recv 71A3676F 5 Bytes JMP 02839A88
.text C:\WINDOWS\system32\rundll32.exe[4688] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 02839B5B
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\system32\rundll32.exe[4688] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005803B2
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 006E9E0A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!send 71A34C27 5 Bytes JMP 006E99A7
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 006E9CBC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!recv 71A3676F 5 Bytes JMP 006E9A88
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 006E9B5B
.text C:\WINDOWS\System32\alg.exe[5044] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A203B2
.text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00BA9E0A
.text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!send 71A34C27 5 Bytes JMP 00BA99A7
.text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00BA9CBC
.text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00BA9A88
.text C:\WINDOWS\System32\alg.exe[5044] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00BA9B5B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0CFDA7ED
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0CFE4882
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0CFF61F5
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0CFDA537
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0CFE4938
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0CFEC594
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0CFDBDD9
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WS2_32.dll!send 71A34C27 8 Bytes JMP 0CFED3A3
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0CFE045F
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0CFED3C5
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0CFE938C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0CFDC3E1
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0CFEDC3D
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0CFF2A3B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0CFED6E8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0CFF11F9
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0CFF1109
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0CFF2CF7
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0CFF1313
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5132] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0CFF2B99
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] kernel32.dll!CreateFileW 7C7E0800 8 Bytes JMP 0BB754CB
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\Mozilla Firefox\firefox.exe[5372] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\WINDOWS\system32\msiexec.exe[5556] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\WINDOWS\system32\msiexec.exe[5556] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\WINDOWS\system32\msiexec.exe[5556] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\WINDOWS\system32\msiexec.exe[5556] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\WINDOWS\system32\msiexec.exe[5556] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99
.text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 00C19E0A
.text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 00C19CBC
.text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!recv 71A3676F 5 Bytes JMP 00C19A88
.text C:\WINDOWS\system32\msiexec.exe[5556] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 00C19B5B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BADA7ED
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BAE4882
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BAF61F5
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BADA537
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BAE4938
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BAEC594
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BADBDD9
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BAE045F
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 018B9E0A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BAED3A3
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!WSARecv 71A34CB5 5 Bytes JMP 018B9CBC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!recv 71A3676F 5 Bytes JMP 018B9A88
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WS2_32.dll!WSASend 71A368FA 5 Bytes JMP 018B9B5B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BAED3C5
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BAE938C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BADC3E1
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BAEDC3D
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BAF2A3B
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BAED6E8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BAF11F9
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BAF1109
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BAF2CF7
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BAF1313
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[5768] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BAF2B99
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtEnumerateValueKey 7C90D2EE 8 Bytes JMP 0BB6A7ED
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtQueryDirectoryFile 7C90D76E 8 Bytes JMP 0BB74882
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtResumeThread 7C90DB3E 8 Bytes JMP 0BB861F5
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtSetInformationFile 7C90DC5E 8 Bytes JMP 0BB6A537
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ntdll.dll!NtVdmControl 7C90DF1E 8 Bytes JMP 0BB74938
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WS2_32.dll!send 71A34C27 8 Bytes JMP 0BB7D3A3
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] ADVAPI32.dll!CryptEncrypt 77F5E360 8 Bytes JMP 0BB7C594
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] USER32.dll!TranslateMessage 7E398BF6 8 Bytes JMP 0BB6BDD9
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] CRYPT32.dll!PFXImportCertStore 77AAFF8F 8 Bytes JMP 0BB7045F
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!InternetQueryOptionA 771771AB 8 Bytes JMP 0BB7D3C5
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!HttpOpenRequestA 77182B11 8 Bytes JMP 0BB7938C
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!HttpAddRequestHeadersA 771840E2 8 Bytes JMP 0BB6C3E1
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!InternetCloseHandle 77184DA4 8 Bytes JMP 0BB7DC3D
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!HttpSendRequestA 771860B9 8 Bytes JMP 0BB82A3B
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!HttpQueryInfoA 771879DA 8 Bytes JMP 0BB7D6E8
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!InternetReadFile 77188302 8 Bytes JMP 0BB811F9
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!InternetQueryDataAvailable 77198A77 8 Bytes JMP 0BB81109
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!InternetWriteFile 771B8E39 8 Bytes JMP 0BB82CF7
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!InternetReadFileExA 771B9380 8 Bytes JMP 0BB81313
.text C:\Program Files\Java\jre6\bin\jqs.exe[5992] WININET.dll!HttpSendRequestW 771D3254 8 Bytes JMP 0BB82B99

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B9E96574] sptd.sys
IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B9E960C0] sptd.sys
IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B9E96FE0] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9E960C0] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9E96362] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9E962A4] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9E971BC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9E96FE0] sptd.sys
IAT \SystemRoot\System32\Drivers\ayu81ieq.SYS[HAL.dll!KeGetCurrentIrql] 56227411
IAT \SystemRoot\System32\Drivers\ayu81ieq.SYS[HAL.dll!KfAcquireSpinLock] 52162E68
IAT \SystemRoot\System32\Drivers\ayu81ieq.SYS[HAL.dll!KfReleaseSpinLock] D9F753B9
IAT \SystemRoot\System32\Drivers\ayu81ieq.SYS[HAL.dll!KfRaiseIrql] F7C31352
IAT \SystemRoot\System32\Drivers\ayu81ieq.SYS[HAL.dll!KfLowerIrql] FF5150D8
IAT \SystemRoot\System32\Drivers\ayu81ieq.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] 25E85300

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AEFE1F8
Device \FileSystem\Fastfat \FatCdrom 8A0341F8
Device \FileSystem\Udfs \UdfsCdRom 8A59F1F8
Device \FileSystem\Udfs \UdfsDisk 8A59F1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{AF794023-DC67-4F2E-BBC0-AB05A411DDDF} 8ACA1430
Device \Driver\usbuhci \Device\USBPDO-0 8ACBA430
Device \Driver\usbuhci \Device\USBPDO-1 8ACBA430
Device \Driver\usbuhci \Device\USBPDO-2 8ACBA430
Device \Driver\usbehci \Device\USBPDO-3 8ACBD430
Device \Driver\usbuhci \Device\USBPDO-4 8ACBA430
Device \Driver\usbuhci \Device\USBPDO-5 8ACBA430
Device \Driver\PCI_PNP5400 \Device\00000049 sptd.sys
Device \Driver\PCI_PNP5400 \Device\00000049 sptd.sys
Device \Driver\usbuhci \Device\USBPDO-6 8ACBA430
Device \Driver\Cdrom \Device\CdRom0 8ACC7430
Device \Driver\atapi \Device\Ide\IdePort0 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-14 [B9DE8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8ACC7430
Device \Driver\Cdrom \Device\CdRom2 8ACC7430
Device \Driver\NetBT \Device\NetBt_Wins_Export 8ACA1430
Device \Driver\NetBT \Device\NetbiosSmb 8ACA1430
Device \Driver\usbuhci \Device\USBFDO-0 8ACBA430
Device \Driver\usbuhci \Device\USBFDO-1 8ACBA430
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8AC70430
Device \Driver\usbuhci \Device\USBFDO-2 8ACBA430
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8AC70430
Device \Driver\usbehci \Device\USBFDO-3 8ACBD430
Device \Driver\usbuhci \Device\USBFDO-4 8ACBA430
Device \Driver\usbuhci \Device\USBFDO-5 8ACBA430
Device \Driver\usbuhci \Device\USBFDO-6 8ACBA430
Device \Driver\ayu81ieq \Device\Scsi\ayu81ieq1Port6Path0Target1Lun0 8ACBF430
Device \Driver\ayu81ieq \Device\Scsi\ayu81ieq1 8ACBF430
Device \Driver\ayu81ieq \Device\Scsi\ayu81ieq1Port6Path0Target0Lun0 8ACBF430
Device \FileSystem\Fastfat \Fat 8A0341F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 89EFC1F8
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\Program [1916] 0x00400000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x12 0xD5 0xD3 0x7C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x58 0xFE 0xDC 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAB 0x2C 0x1E 0xD8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE1 0x20 0x66 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x7D 0x74 0x33 0x38 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x12 0xD5 0xD3 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x58 0xFE 0xDC 0x5F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAB 0x2C 0x1E 0xD8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE1 0x20 0x66 0x5C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x7D 0x74 0x33 0x38 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@9E6XYH0W0DYH3C2EMRAC C:\iduhsfuisdf\28ED27230B7.exe /q

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- Files - GMER 1.0.15 ----

File C:\iduhsfuisdf 0 bytes
File C:\iduhsfuisdf\28ED27230B7.exe 240128 bytes executable
File C:\iduhsfuisdf\4FFD086BCE06AB4 78674 bytes

---- EOF - GMER 1.0.15 ----
 
===
DDS

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
Run by Lennart de Groot at 13:44:33 on 2011-06-18
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2124 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Razer\Naga\RazerNagaSysTray.exe
C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
F:\games\steam\steam.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Steam] "f:\games\steam\steam.exe" -silent
uRun: [SoftAuto.exe] "c:\program files\creative\software update 3\SoftAuto.exe"
uRun: [Grid] "c:\program files\ati technologies\hydravision\HydraGrd.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [8F6X5AZYZI4D5CZIRBQOCJIUI] c:\sadoahskudh\sadoahskudh.exe /q
uRun: [9D6UWFXE7G3B9C5XVFXSSCNBM] c:\sdjafsdjfsd\279A3E880B7.exe /q
uRun: [9D6UWFXE7G3B9C5XVFXSSCNBM] c:\sdjafsdjfsd\279A3E880B7.exe /q
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SMSTray] c:\program files\samsung\samsung media studio 5\SMSTray.exe
mRun: [Razer Naga Driver] c:\program files\razer\naga\RazerNagaSysTray.exe
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [Philips Device Listener] "c:\program files\philips\philips songbird resources\autolauncher\PhilipsDeviceListener.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\lennar~1\menust~1\progra~1\opstar~1\atitra~1.lnk - c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.exe
StartupFolder: c:\docume~1\lennar~1\menust~1\progra~1\opstar~1\openof~1.lnk - c:\program files\openoffice.org 2.3\program\quickstart.exe
StartupFolder: c:\docume~1\lennar~1\menust~1\progra~1\opstar~1\openof~2.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://operation7.fiaa.eu/OPLauncher.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AF794023-DC67-4F2E-BBC0-AB05A411DDDF} : DhcpNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.1.1 spynettest.microsoft.com
Hosts: 127.0.1.1 spynet2.microsoft.com
Hosts: 127.0.1.1 mpa.one.microsoft.com
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lennart de groot\application data\mozilla\firefox\profiles\x60z6gy6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.volkskrant.nl
FF - plugin: c:\documents and settings\lennart de groot\application data\mozilla\firefox\profiles\x60z6gy6.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 atitray;atitray;c:\program files\radeon omega drivers\v4.8.442\ati tray tools\atitray.sys [2010-4-12 17952]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl25b5d496;MpKsl25b5d496;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3a051bf8-968f-4308-8b02-a249d09807bf}\MpKsl25b5d496.sys [2011-6-18 28752]
R1 MpKslf962e264;MpKslf962e264;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6fdb8b8d-373e-4b57-8872-6ecb23bc3077}\mpkslf962e264.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6fdb8b8d-373e-4b57-8872-6ecb23bc3077}\MpKslf962e264.sys [?]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2001-9-7 14336]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-7-10 20328]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-2-11 10448]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-18 366640]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2010-4-12 14856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-18 22712]
R3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [2011-2-23 103424]
R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S1 MpKsl08cddf9a;MpKsl08cddf9a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e8591ee-4fd2-4067-b6c1-c3560203ff35}\mpksl08cddf9a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e8591ee-4fd2-4067-b6c1-c3560203ff35}\MpKsl08cddf9a.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-4-12 1691480]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-10-6 16512]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;f:\games\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [2011-3-6 25832]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-18 39984]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-4-11 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-4-11 11088]
S3 slicedisk.sys;slicedisk.sys;c:\windows\system32\slicedisk.sys [2010-4-11 8832]
S3 SliceDisk5;SliceDisk5;\??\c:\program files\a-ff find and mount\slicedisk.sys --> c:\program files\a-ff find and mount\slicedisk.sys [?]
.
=============== File Associations ===============
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-06-18 11:27:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-18 11:22:26 54016 ----a-w- c:\windows\system32\drivers\anuwar.sys
2011-06-18 09:52:45 -------- d-----w- c:\documents and settings\lennart de groot\application data\Malwarebytes
2011-06-18 09:52:40 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-18 09:52:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-18 09:50:59 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-18 09:50:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-18 08:37:00 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3a051bf8-968f-4308-8b02-a249d09807bf}\MpKsl25b5d496.sys
2011-06-18 08:36:35 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3a051bf8-968f-4308-8b02-a249d09807bf}\mpengine.dll
2011-06-11 07:49:45 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-06-10 08:16:56 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-06-10 08:16:45 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-06-10 08:16:21 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-06-10 08:15:40 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-06-10 08:01:43 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-06-10 08:01:29 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-06-10 08:01:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-06-10 08:01:16 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-06-10 08:01:15 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-06-10 08:01:15 285696 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-06-10 08:01:15 111104 -c----w- c:\windows\system32\dllcache\services.exe
2011-06-10 08:01:14 684544 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-06-10 08:01:14 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-06-10 08:01:13 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-06-10 08:00:58 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-06-10 07:59:50 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-06-10 07:59:43 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-06-10 07:58:58 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-06-10 07:57:04 293376 ------w- c:\windows\system32\browserchoice.exe
2011-06-10 07:53:12 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-06-10 07:53:12 215920 ----a-w- c:\windows\system32\muweb.dll
2011-06-10 07:53:12 17776 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-06-10 07:51:17 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-06-10 07:50:19 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-06-10 07:19:04 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-06-10 07:17:47 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2011-06-10 07:17:45 87040 -c----w- c:\windows\system32\dllcache\cabview.dll
2011-06-10 07:17:45 -------- d-----w- c:\windows\system32\PreInstall
2011-06-10 07:16:57 -------- d--h--w- c:\windows\$hf_mig$
2011-06-10 07:16:36 221184 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-06-09 12:21:18 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll
2011-06-09 12:21:16 200704 -c----w- c:\windows\system32\dllcache\msadox.dll
2011-06-09 12:21:15 143360 -c----w- c:\windows\system32\dllcache\msadco.dll
2011-06-09 12:21:15 102400 -c----w- c:\windows\system32\dllcache\msjro.dll
2011-06-09 12:21:14 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll
2011-06-09 12:21:11 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2011-06-09 12:04:43 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-09 12:01:49 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-06-09 12:01:04 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-09 11:31:06 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
2011-06-09 11:25:51 -------- d-----w- c:\documents and settings\lennart de groot\application data\AVG10
2011-06-09 11:23:49 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-06-09 11:16:10 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-06-07 13:53:43 -------- d-----w- c:\documents and settings\all users\application data\Solidshield
2011-06-07 13:51:35 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts
2011-06-07 13:51:35 -------- d-----w- c:\documents and settings\all users\application data\EA Core
2011-05-30 14:47:54 -------- d-----w- c:\documents and settings\lennart de groot\local settings\application data\Ubisoft Game Launcher
2011-05-21 15:51:32 -------- d-----w- c:\documents and settings\lennart de groot\local settings\application data\The Witcher 2
.
==================== Find3M ====================
.
2011-06-18 11:27:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-25 20:16:26 140024 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-25 20:16:18 280768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-25 20:16:18 280768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-25 20:11:26 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-20 02:41:56 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38:50 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-20 02:29:06 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 02:29:00 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 02:24:20 5459968 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 02:14:04 17743872 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:04:00 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:02:58 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-04-20 02:01:50 4017408 ----a-w- c:\windows\system32\ati3duag.dll
2011-04-20 01:55:20 1115008 ----a-w- c:\windows\system32\ativvamv.dll
2011-04-20 01:45:06 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
2011-04-20 01:44:34 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 01:44:22 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44:14 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:44:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:43:54 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-04-20 01:42:40 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-04-20 01:41:22 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:40:08 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 01:36:24 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-04-20 01:34:10 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:33:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:30:48 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-04-20 01:28:32 851968 ----a-w- c:\windows\system32\ati2cqag.dll
2011-04-20 01:27:32 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:27:32 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:26:26 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-19 21:10:32 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 21:10:02 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-02-16 22:51:50 728858 ----a-w- c:\program files\common files\unins000.exe
2008-03-09 06:25:10 236 ----a-w- c:\program files\common files\dx.reg
.
============= FINISH: 13:44:54,59 ===============

===
Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10-4-2010 21:44:53
System Uptime: 18-6-2011 10:25:24 (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5Q
Processor: Intel Pentium III Xeon-processor | LGA 775 | 2999/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 128 GiB total, 40,415 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 195 GiB total, 79,375 GiB free.
F: is FIXED (NTFS) - 273 GiB total, 55,725 GiB free.
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet-controller
Device ID: PCI\VEN_1969&DEV_1026&SUBSYS_82261043&REV_B0\4&20515DB1&0&00E5
Manufacturer:
Name: Ethernet-controller
PNP Device ID: PCI\VEN_1969&DEV_1026&SUBSYS_82261043&REV_B0\4&20515DB1&0&00E5
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB-controller
Device ID: PCI\VEN_8086&DEV_3A3A&SUBSYS_82D41043&REV_00\3&11583659&0&EF
Manufacturer:
Name: USB-controller
PNP Device ID: PCI\VEN_8086&DEV_3A3A&SUBSYS_82D41043&REV_00\3&11583659&0&EF
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM-buscontroller
Device ID: PCI\VEN_8086&DEV_3A30&SUBSYS_82D41043&REV_00\3&11583659&0&FB
Manufacturer:
Name: SM-buscontroller
PNP Device ID: PCI\VEN_8086&DEV_3A30&SUBSYS_82D41043&REV_00\3&11583659&0&FB
Service:
.
==== System Restore Points ===================
.
RP38: 1-5-2010 19:00:16 - Installed Adobe Reader 9.3 - Nederlands.
RP39: 6-5-2010 10:32:50 - Avg Update
RP40: 12-5-2010 14:57:25 - Installed Supreme Commander (TM)
RP41: 12-5-2010 14:57:38 - DirectX is geïnstalleerd.
RP42: 15-5-2010 19:39:06 - Installed Far Cry 2
RP43: 15-5-2010 19:46:29 - Geïnstalleerd: Microsoft Visual C++ 2005 Redistributable
RP44: 15-5-2010 19:46:37 - DirectX is geïnstalleerd.
RP45: 15-5-2010 20:04:48 - SPTD setup V1.58
RP46: 15-5-2010 20:45:41 - Installed Command & Conquer The First Decade
RP47: 16-5-2010 0:15:21 - Installed Command & Conquer The First Decade
RP48: 25-5-2010 14:06:11 - Installed LG PC Suite II
RP49: 25-5-2010 14:07:11 - Geïnstalleerd LG USB Modem driver
RP50: 3-6-2010 8:50:34 - Avg Update
RP51: 24-6-2010 19:17:17 - Verwijderd: OpenOffice.org 2.3
RP52: 24-6-2010 19:18:13 - Geïnstalleerd: OpenOffice.org 3.2
RP53: 30-6-2010 14:23:43 - Avg Update
RP54: 9-7-2010 13:56:39 - Installed Java(TM) 6 Update 20
RP55: 17-7-2010 9:13:25 - Avg Update
RP56: 17-7-2010 9:14:07 - Avg Update
RP57: 21-7-2010 10:28:07 - Avg Update
RP58: 2-8-2010 19:02:59 - Installed Java(TM) 6 Update 21
RP59: 23-9-2010 9:28:55 - Avg Update
RP60: 23-9-2010 9:29:27 - Avg Update
RP61: 5-10-2010 10:05:08 - Avg Update
RP62: 17-10-2010 23:15:24 - Installed Quake Live Mozilla Plugin
RP63: 27-10-2010 11:25:33 - Avg Update
RP64: 4-11-2010 19:00:56 - Installed Samsung Media Studio 5
RP65: 10-11-2010 10:38:06 - Avg Update
RP66: 10-11-2010 10:38:22 - Avg Update
RP67: 25-11-2010 11:14:59 - Avg Update
RP68: 25-11-2010 11:15:27 - Avg Update
RP69: 30-11-2010 12:26:38 - Installed Tom Clancy's Splinter Cell Conviction
RP70: 30-11-2010 12:41:43 - DirectX is geïnstalleerd.
RP71: 30-11-2010 12:42:41 - Installed Ubisoft Game Launcher
RP72: 7-12-2010 17:50:26 - SPTD setup V1.74
RP73: 7-12-2010 20:10:52 - Windows XP KB942288-v3 is geïnstalleerd.
RP74: 7-12-2010 21:23:06 - Nero Multimedia Suite 10 geïnstalleerd.
RP75: 10-12-2010 17:37:50 - DirectX is geïnstalleerd.
RP76: 24-12-2010 23:39:05 - DirectX is geïnstalleerd.
RP77: 27-12-2010 1:20:20 - DirectX is geïnstalleerd.
RP78: 29-1-2011 13:15:18 - Installed Half-Life(R) 2
RP79: 6-2-2011 0:34:31 - DirectX is geïnstalleerd.
RP80: 6-2-2011 0:35:47 - Installed Duty Calls.
RP81: 9-2-2011 16:32:43 - Installed MagicTune Premium
RP82: 11-2-2011 14:13:29 - Removed MagicTune Premium
RP83: 11-2-2011 14:15:08 - Installed MagicTune Premium
RP84: 11-2-2011 14:25:13 - Removed MagicTune Premium
RP85: 11-2-2011 14:26:52 - Installed MagicTune Premium
RP86: 16-2-2011 23:20:03 - DirectX is geïnstalleerd.
RP87: 16-2-2011 23:33:53 - DirectX is geïnstalleerd.
RP88: 18-2-2011 12:54:51 - DirectX is geïnstalleerd.
RP89: 20-2-2011 15:17:37 - DirectX is geïnstalleerd.
RP90: 20-2-2011 23:40:35 - DirectX is geïnstalleerd.
RP91: 23-2-2011 13:15:46 - DirectX is geïnstalleerd.
RP92: 23-2-2011 15:35:16 - Installed Razer Naga.
RP93: 25-2-2011 21:58:37 - Removed Duty Calls.
RP94: 26-2-2011 0:47:08 - DirectX is geïnstalleerd.
RP95: 26-2-2011 0:47:30 - Installed NVIDIA PhysX
RP96: 26-2-2011 0:48:35 - DirectX is geïnstalleerd.
RP97: 26-2-2011 0:54:35 - Installed Windows Live ID Sign-in Assistant
RP98: 26-2-2011 0:54:44 - Installed Microsoft Games for Windows - LIVE Redistributable
RP99: 3-3-2011 16:49:44 - Installed Windows Media Format Runtime
RP100: 3-3-2011 18:32:29 - Geïnstalleerd: iTunes
RP101: 3-3-2011 18:40:20 - Verwijderd: Apple Mobile Device Support
RP102: 3-3-2011 18:42:19 - Removed Apple Application Support
RP103: 3-3-2011 18:52:42 - Verwijderd: Apple Software Update
RP104: 3-3-2011 18:53:04 - Verwijderd: iTunes
RP105: 3-3-2011 19:04:31 - Nero Multimedia Suite 10 verwijderd.
RP106: 3-3-2011 19:46:13 - Removed LG PC Suite II
RP107: 3-3-2011 19:46:46 - Verwijderd LG USB Modem driver
RP108: 3-3-2011 20:35:35 - Removed Half-Life(R) 2
RP109: 4-3-2011 8:31:44 - Printerstuurprogramma Microsoft XPS Document W is geïnstalleerd
RP110: 5-3-2011 22:04:21 - DirectX is geïnstalleerd.
RP111: 5-3-2011 22:28:32 - DirectX is geïnstalleerd.
RP112: 5-3-2011 22:29:19 - Installed Windows Media Format Runtime
RP113: 6-3-2011 11:51:30 - DirectX is geïnstalleerd.
RP114: 8-3-2011 13:49:36 - DirectX is geïnstalleerd.
RP115: 10-3-2011 0:15:16 - DirectX is geïnstalleerd.
RP116: 14-3-2011 16:12:10 - Avg Update
RP117: 14-3-2011 16:12:53 - Avg Update
RP118: 29-3-2011 13:13:38 - DirectX is geïnstalleerd.
RP119: 10-4-2011 19:53:51 - Geïnstalleerd Mumble 1.2.3
RP120: 6-5-2011 10:14:36 - Avg Update
RP121: 10-5-2011 10:14:46 - Avg Update
RP122: 12-5-2011 10:06:11 - Avg Update
RP123: 21-5-2011 17:22:39 - Installed The Witcher 2
RP124: 30-5-2011 16:42:33 - DirectX is geïnstalleerd.
RP125: 30-5-2011 16:43:26 - Configured Ubisoft Game Launcher
RP126: 3-6-2011 10:56:02 - DirectX is geïnstalleerd.
RP127: 7-6-2011 14:59:44 - Installed ProductName from default.wxl
RP128: 9-6-2011 13:21:56 - Geïnstalleerd AVG 2011
RP129: 9-6-2011 13:23:14 - Removed AVG Free 9.0
RP130: 9-6-2011 13:23:36 - Geïnstalleerd AVG 2011
RP131: 9-6-2011 13:48:50 - Verwijderd AVG 2011
RP132: 9-6-2011 13:49:39 - Verwijderd AVG 2011
RP133: 9-6-2011 14:04:42 - Software Distribution Service 3.0
RP134: 9-6-2011 14:09:54 - Verwijderd: Bonjour
RP135: 9-6-2011 14:12:54 - Removed Command & Conquer™ 4 Tiberian Twilight
RP136: 9-6-2011 14:14:08 - Removed Dragon Age II
RP137: 9-6-2011 14:15:10 - Removed Far Cry 2
RP138: 9-6-2011 14:16:23 - Removed GPGNet
RP139: 9-6-2011 14:17:03 - Removed MagicTune Premium
RP140: 9-6-2011 14:27:02 - Removed Quake Live Mozilla Plugin
RP141: 9-6-2011 14:29:10 - Removed Supreme Commander (TM)
RP142: 9-6-2011 14:56:10 - Removed LightScribe System Software.
RP143: 10-6-2011 9:16:34 - Software Distribution Service 3.0
RP144: 11-6-2011 9:20:23 - Software Distribution Service 3.0
RP145: 11-6-2011 9:49:15 - Software Distribution Service 3.0
RP146: 1-1-2002 7:40:58 - Software Distribution Service 3.0
RP147: 15-6-2011 8:16:21 - Software Distribution Service 3.0
RP148: 16-6-2011 9:37:10 - Software Distribution Service 3.0
RP149: 17-6-2011 10:22:00 - Software Distribution Service 3.0
RP150: 18-6-2011 10:36:30 - Software Distribution Service 3.0
RP151: 18-6-2011 13:18:56 - Removed Adobe Reader 9.3 - Nederlands.
RP152: 18-6-2011 13:20:26 - Removed Java(TM) 6 Update 21
RP153: 18-6-2011 13:23:28 - Removed Java(TM) 6 Update 21
RP154: 18-6-2011 13:27:19 - Installed Java(TM) 6 Update 26
.
==== Installed Programs ======================
.
Aangifte inkomstenbelasting 2007
Aangifte inkomstenbelasting 2008
Aangifte inkomstenbelasting 2009
ABC Amber ePub Converter
ABC Amber LIT Converter
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Akamai NetSession Interface
AMD APP SDK Runtime
Application Profiles
Assassin's Creed
Assassin's Creed II
ATI AVIVO Codecs
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI MCE Encoder
ATI Problem Report Wizard
µTorrent
Battlefield: Bad Company™ 2
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Media Player (KB2378111)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player (KB954155)
Beveiligingsupdate voor Windows Media Player (KB973540)
Beveiligingsupdate voor Windows Media Player (KB975558)
Beveiligingsupdate voor Windows Media Player (KB978695)
Beveiligingsupdate voor Windows XP (KB2079403)
Beveiligingsupdate voor Windows XP (KB2115168)
Beveiligingsupdate voor Windows XP (KB2121546)
Beveiligingsupdate voor Windows XP (KB2229593)
Beveiligingsupdate voor Windows XP (KB2296011)
Beveiligingsupdate voor Windows XP (KB2347290)
Beveiligingsupdate voor Windows XP (KB2360937)
Beveiligingsupdate voor Windows XP (KB2387149)
Beveiligingsupdate voor Windows XP (KB2393802)
Beveiligingsupdate voor Windows XP (KB2412687)
Beveiligingsupdate voor Windows XP (KB2419632)
Beveiligingsupdate voor Windows XP (KB2423089)
Beveiligingsupdate voor Windows XP (KB2440591)
Beveiligingsupdate voor Windows XP (KB2443105)
Beveiligingsupdate voor Windows XP (KB2476687)
Beveiligingsupdate voor Windows XP (KB2478960)
Beveiligingsupdate voor Windows XP (KB2478971)
Beveiligingsupdate voor Windows XP (KB2479943)
Beveiligingsupdate voor Windows XP (KB2481109)
Beveiligingsupdate voor Windows XP (KB2483185)
Beveiligingsupdate voor Windows XP (KB2485663)
Beveiligingsupdate voor Windows XP (KB2497640)
Beveiligingsupdate voor Windows XP (KB2503658)
Beveiligingsupdate voor Windows XP (KB2506212)
Beveiligingsupdate voor Windows XP (KB2506223)
Beveiligingsupdate voor Windows XP (KB2507618)
Beveiligingsupdate voor Windows XP (KB2508272)
Beveiligingsupdate voor Windows XP (KB2508429)
Beveiligingsupdate voor Windows XP (KB2509553)
Beveiligingsupdate voor Windows XP (KB2510581)
Beveiligingsupdate voor Windows XP (KB2511455)
Beveiligingsupdate voor Windows XP (KB2524375)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956744)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956844)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB960859)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB969059)
Beveiligingsupdate voor Windows XP (KB971657)
Beveiligingsupdate voor Windows XP (KB972270)
Beveiligingsupdate voor Windows XP (KB973507)
Beveiligingsupdate voor Windows XP (KB973869)
Beveiligingsupdate voor Windows XP (KB973904)
Beveiligingsupdate voor Windows XP (KB974112)
Beveiligingsupdate voor Windows XP (KB974318)
Beveiligingsupdate voor Windows XP (KB974392)
Beveiligingsupdate voor Windows XP (KB974571)
Beveiligingsupdate voor Windows XP (KB975025)
Beveiligingsupdate voor Windows XP (KB975467)
Beveiligingsupdate voor Windows XP (KB975560)
Beveiligingsupdate voor Windows XP (KB975562)
Beveiligingsupdate voor Windows XP (KB975713)
Beveiligingsupdate voor Windows XP (KB977816)
Beveiligingsupdate voor Windows XP (KB977914)
Beveiligingsupdate voor Windows XP (KB978338)
Beveiligingsupdate voor Windows XP (KB978542)
Beveiligingsupdate voor Windows XP (KB978601)
Beveiligingsupdate voor Windows XP (KB978706)
Beveiligingsupdate voor Windows XP (KB979309)
Beveiligingsupdate voor Windows XP (KB979482)
Beveiligingsupdate voor Windows XP (KB979687)
Beveiligingsupdate voor Windows XP (KB980436)
Beveiligingsupdate voor Windows XP (KB981322)
Beveiligingsupdate voor Windows XP (KB981997)
Beveiligingsupdate voor Windows XP (KB982132)
Beveiligingsupdate voor Windows XP (KB982665)
Borderlands
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-utility
CCC Help English
ContentSAFER for Wizmax
Core Temp version 0.99.8
CPUID CPU-Z 1.55
Creative Centrale
Creative Software Update
Creative ZEN X-Fi-Gebruikershandleiding
Crysis® 2
DAEMON Tools Toolbar
DirectX10 LV (Last Version)
DirectX10 RC2 Pre Fix 3
DivX Setup
Dragon Age II
Dragon Age: Origins - Ultimate Edition
eReg
Find and Mount 2.3
Fraps (remove only)
GIMP 2.6.11
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix voor Windows XP (KB2443685)
Hotfix voor Windows XP (KB942288-v3)
Hotfix voor Windows XP (KB952287)
Hotfix voor Windows XP (KB961118)
HydraVision
IconPackager
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 26
Logitech GamePanel Software 3.04.137
Malwarebytes' Anti-Malware versie 1.51.0.1200
Mass Effect
Mass Effect 2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD
Microsoft .NET Framework 3.0 Dutch Language Pack
Microsoft .NET Framework 3.0 Nederlands taalpakket
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD
Microsoft .NET Framework 3.5 Language Pack SP1 - nld
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Antimalware Service NL-NL Language Pack
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Security Client
Microsoft Security Client NL-NL Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.6.17)
MSXML 6.0 Parser (KB925673)
MultiRes (remove only)
Mumble 1.2.3
MyFreeCodec
Notepad++
NVIDIA PhysX
OpenAL
OpenOffice.org 3.2
PCI Audio Driver
Philips Songbird
PunkBuster Services
Radeon Omega Drivers v4.8.442 Setup Files and Tools
Razer Naga
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Red Faction II
Red Faction: Guerrilla
Riva FLV Encoder 2.0
Samsung Media Studio 5
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
StarCraft II
Supreme Commander 2
Switch Sound File Converter
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
TeamSpeak 3 Client
The Witcher 2
Tom Clancy's Rainbow Six: Vegas 2
Tom Clancy's Splinter Cell Conviction
Tom Clancy's Splinter Cell: Double Agent
Ubisoft Game Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update voor Windows XP (KB898461)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955759)
Update voor Windows XP (KB968389)
Update voor Windows XP (KB971029)
Update voor Windows XP (KB973687)
Update voor Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Verzoek of wijziging voorlopige aanslag 2009
VLC media player 1.0.5
Warhammer® 40,000™: Dawn of War® II
WebFldrs XP
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (NLD)
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
Xvid Video Codec
ZEN V Series Media Explorer
.
==== End Of File ===========================
 
Right, that's everything. Sorry for huge pile of posts, had to copy, cut and paste to get posts as close as possible to the 50K limit.

MBAM keeps blocking remote access (Or rather, my PC is trying to contact an outside IP), happens every 15 minutes or so. I can note down the IP if needed. Thanks in advance for any help.
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
 
aswMBR file;

aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-18 21:13:34
-----------------------------
21:13:34.140 OS Version: Windows 5.1.2600 Service Pack 3
21:13:34.140 Number of processors: 2 586 0x170A
21:13:34.140 ComputerName: LENNART UserName:
21:13:35.078 Initialize success
21:13:43.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-14
21:13:43.500 Disk 0 Vendor: SAMSUNG_HD642JJ 1AA01108 Size: 610480MB BusType: 3
21:13:43.500 Disk 0 MBR read error 0
21:13:43.515 Disk 0 MBR scan
21:13:43.515 Disk 0 unknown MBR code
21:13:43.515 MBR BIOS signature not found 0
21:13:43.515 Disk 0 scanning sectors +1250258624
21:13:43.515 Disk 0 scanning C:\WINDOWS\system32\drivers
21:13:46.171 Service scanning
21:13:47.453 Disk 0 trace - called modules:
21:13:47.453 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8acc85f0]<<
21:13:47.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae52ab8]
21:13:47.453 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000074[0x8aefc198]
21:13:47.468 5 ACPI.sys[b9e53620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-14[0x8ae55d98]
21:13:47.796 Scan finished successfully
21:14:07.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lennart de Groot\MBR.dat"
21:14:07.890 The log file has been saved successfully to "C:\Documents and Settings\Lennart de Groot\aswMBR.txt"
21:17:06.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lennart de Groot\Bureaublad\MBR.dat"
21:17:06.281 The log file has been saved successfully to "C:\Documents and Settings\Lennart de Groot\Bureaublad\aswMBR.txt"

============

Rootkit Unhooker


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB95DA000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 6868992 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xACD35000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6168576 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF25F000 C:\WINDOWS\System32\ati3duag.dll 4018176 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF9C6000 C:\WINDOWS\System32\ativvaxx.dll 3268608 bytes (Advanced Micro Devices, Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2158592 bytes (Microsoft Corporation, NT-kernel & -systeem)
0x804D7000 PnpManager 2158592 bytes
0x804D7000 RAW 2158592 bytes
0x804D7000 WMIxWDM 2158592 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32-stuurprogramma)
0xB9E94000 PCI_PNP5400 1126400 bytes
0xB9E94000 sptd.sys 1126400 bytes
0xBF060000 C:\WINDOWS\System32\ati2cqag.dll 851968 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF130000 C:\WINDOWS\System32\atikvmag.dll 716800 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xB9CF6000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF1DF000 C:\WINDOWS\System32\atiok3x2.dll 524288 bytes (Advanced Micro Devices, Inc., Ring 0 x2 component)
0xAC9C3000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xACA87000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB93A1000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xACC32000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA9F06000 C:\WINDOWS\system32\drivers\xcpip.sys 364544 bytes
0xA8A4B000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 319488 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF634000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA8497000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB951F000 C:\WINDOWS\System32\Drivers\ayu81ieq.SYS 229376 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB93FF000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9E4D000 ACPI.sys 192512 bytes (Microsoft Corporation, ACPI-stuurprogramma voor NT)
0xA8BBB000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9CC9000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA5776000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xACAF7000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB959E000 C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xACC0A000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xACCBE000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xB9DF7000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT-schijfbeheer I/O-stuurprogramma)
0xACBE4000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA8EDD000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAD317000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB957A000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9557000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA8618000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xACBC2000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E6000 ACPI_HAL 134400 bytes
0x806E6000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9DBF000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9E1D000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT-schijfstuurprogramma)
0xAD33B000 C:\WINDOWS\system32\drivers\AtiHdmi.sys 114688 bytes (ATI Technologies, Inc., ATI High Definition Audio Function Driver)
0xB9CAF000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xACA34000 C:\WINDOWS\system32\DRIVERS\RzSynapse.sys 106496 bytes (Razer USA Ltd, Razer Synapse Engine)
0xA55F5000 C:\DOCUME~1\LENNAR~1\LOCALS~1\Temp\uxrdapob.sys 102400 bytes
0xB9DDF000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAC9AB000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9E7C000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9D96000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9508000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA9929000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB95C6000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xACC8B000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9D83000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xA9F5F000 C:\WINDOWS\system32\drivers\xpsec.sys 77824 bytes
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9DAD000 sr.sys 73728 bytes (Microsoft Corporation, Stuurprogramma voor systeemherstel)
0xB9E3C000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug en Play PCI-enumerator)
0xB942F000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xACA4E000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xA9081000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA288000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA2A8000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA2B8000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Stuurprogramma voor serieel apparaat)
0xBA1F8000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA188000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA298000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter-stuurprogramma)
0xA9C0E000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA248000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xBA198000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0B8000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA0E8000 VolSnap.sys 57344 bytes (Microsoft Corporation, Volume Shadow Copy-stuurprogramma)
0xB94F8000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xBA108000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA2C8000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA2E8000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA81F7000 C:\DOCUME~1\LENNAR~1\LOCALS~1\Temp\aswMBR.sys 45056 bytes
0xBA208000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Cryptografisch FIPS-stuurprogramma)
0xBA278000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA2D8000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA258000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Processorstuurprogramm)
0xBA0C8000 isapnp.sys 40960 bytes (Microsoft Corporation, Stuurprogramma voor PNP ISA-bus)
0xBA318000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA308000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA82EF000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA268000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xA8883000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xBA2F8000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA1D8000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA1C8000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA498000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA340000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3C8000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA480000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA448000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Stuurprogramma voor verschillende toetsenbordtypen)
0xBA4B0000 C:\DOCUME~1\LENNAR~1\LOCALS~1\Temp\mbr.sys 28672 bytes
0xBA328000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA3B8000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA450000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Stuurprogramma voor muistypen)
0xBA3F8000 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A051BF8-968F-4308-8B02-A249D09807BF}\MpKsl25b5d496.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xBA4A8000 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FDB8B8D-373E-4B57-8872-6ECB23BC3077}\MpKslf962e264.sys 24576 bytes
0xBA3E8000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA3A0000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA488000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA468000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xBA490000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA438000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA440000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA3C0000 C:\WINDOWS\System32\DRIVERS\RTL8029.SYS 20480 bytes (Realtek Semiconductor Corporation, NDIS 5.0 driver)
0xBA430000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA380000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA544000 C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys 16384 bytes
0xA8E71000 C:\WINDOWS\system32\drivers\cpuz134_x32.sys 16384 bytes (Windows (R) Win 7 DDK provider, CPUID Driver)
0xACD0D000 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, Stuurprogramma voor HID-muisfilter)
0xBA5A0000 C:\WINDOWS\system32\drivers\LGBusEnum.sys 16384 bytes (Logitech Inc., Logitech WingMan Virtual Bus Enumerator Driver)
0xA8F51000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xBA59C000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9CC6000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA570000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xACD05000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xACD19000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xACD15000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, Stuurprogramma voor HID-muisfilter)
0xBA580000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9389000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5EA000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5F4000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5E8000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5BE000 C:\WINDOWS\system32\drivers\LGVirHid.sys 8192 bytes (Logitech Inc., Logitech GamePanel Virtual Hid Device Driver)
0xBA5EC000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5EE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5CA000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5D6000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7D7000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA7C6000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA74D000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
0xBA712000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus-stuurprogramma)
0x8AEFE1F8 unknown_irp_handler 3592 bytes
0x8A0341F8 unknown_irp_handler 3592 bytes
0x8A59F1F8 unknown_irp_handler 3592 bytes
0x89EFC1F8 unknown_irp_handler 3592 bytes
0x8ACBA430 unknown_irp_handler 3024 bytes
0x8ACBF430 unknown_irp_handler 3024 bytes
0x8ACA1430 unknown_irp_handler 3024 bytes
0x8ACC7430 unknown_irp_handler 3024 bytes
0x8ACBD430 unknown_irp_handler 3024 bytes
0x8AC70430 unknown_irp_handler 3024 bytes
==============================================
>Stealth
==============================================
0x8A549AFE Unknown page with executable code, 1282 bytes
0x8A557AC4 Unknown page with executable code, 1340 bytes
0x8A54A54E Unknown page with executable code, 2738 bytes
0x8A54B502 Unknown page with executable code, 2814 bytes
0x8A54A33B Unknown page with executable code, 3269 bytes
0x8A535E9A Unknown page with executable code, 358 bytes
0x8A515194 Unknown page with executable code, 3692 bytes
0x8A53605F Unknown page with executable code, 4001 bytes
0x8A54CDAE Unknown page with executable code, 594 bytes
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Right, had some trouble with this step. I downloaded ComboFix, shut down Anti-Virus and Malware apps and closed all remaining apps including FireFox. Double-clicked, allowed ComboFix to update itself as described.

Prompt appeared where it stated that it was creating a recovery point. After this happened the PC went into a blue screen (Didn't look like a BSOD), stating a hardware issue arrised and if the problem persisted I was to boot into safe mode.

PC rebooted, I checked for the ComboFix.txt file, yet nothing there. Let ComboFix run again, not it starting scanning, finished and stated it was creating a log file. Explorer.exe error appeared and nothing happened for several minutes. After that I rebooted manually, ran ComboFix for the final time (At this point I was doubting as to whether I should run it in safe mode, as technically the app runs). It scanned, created a log and finished.

My quote button works fine again (It double-quoted for whatever reason), some settings have changed (The way explorer looks, etc) and FireFox wasn't default browser anymore (Which I believe is normal).

As stated in the guide, I didn't touch the CombofFix screen unless prompted, didn't open my browser, just left the PC alone.

ComboFix Textlog below


ComboFix 11-06-17.04 - Lennart de Groot 18-06-2011 22:32:06.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2609 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Lennart de Groot\Bureaublad\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Voorgaande Run -------
.
c:\documents and settings\Lennart de Groot\Menu Start\Programma's\Opstarten\OpenOffice.org 2.3 .lnk
c:\documents and settings\Lennart de Groot\Menu Start\Programma's\Opstarten\OpenOffice.org 3.2 .lnk
c:\windows\system32\muzapp.exe
E:\install.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-18 to 2011-06-18 ))))))))))))))))))))))))))))))
.
.
2011-06-18 20:28 . 2011-06-18 20:28 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-06-18 20:28 . 2011-06-18 20:28 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-06-18 20:28 . 2011-06-18 20:28 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-06-18 20:28 . 2011-06-18 20:28 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-06-18 20:28 . 2011-06-18 20:28 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-06-18 20:28 . 2011-06-18 20:28 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-06-18 20:28 . 2011-06-18 20:28 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-06-18 20:28 . 2011-06-18 20:28 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-06-18 20:28 . 2011-06-18 20:28 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-06-18 20:28 . 2011-06-18 20:28 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-06-18 20:28 . 2011-06-18 20:28 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-06-18 20:28 . 2011-06-18 20:28 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-06-18 20:27 . 2011-06-18 20:27 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-06-18 20:27 . 2011-06-18 20:27 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-06-18 20:27 . 2011-06-18 20:27 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-06-18 20:27 . 2011-06-18 20:27 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-06-18 20:27 . 2011-06-18 20:27 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-06-18 11:27 . 2011-06-18 11:27 -------- d-----w- c:\program files\Common Files\Java
2011-06-18 11:27 . 2011-06-18 11:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-18 11:27 . 2011-06-18 11:27 -------- d-----w- c:\program files\Java
2011-06-18 09:52 . 2011-06-18 09:52 -------- d-----w- c:\documents and settings\Lennart de Groot\Application Data\Malwarebytes
2011-06-18 09:52 . 2011-06-18 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-18 09:52 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-18 09:50 . 2011-06-18 11:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-18 09:50 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-18 08:36 . 2011-05-09 11:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A051BF8-968F-4308-8B02-A249D09807BF}\mpengine.dll
2011-06-11 07:49 . 2011-05-09 11:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-10 08:16 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-06-10 08:16 . 2010-08-23 16:13 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-06-10 08:16 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-06-10 08:15 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-06-10 08:01 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-06-10 08:01 . 2009-10-15 16:38 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-06-10 08:01 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-06-10 08:01 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-06-10 08:01 . 2009-03-06 14:23 285696 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-06-10 08:01 . 2009-02-09 11:27 111104 -c----w- c:\windows\system32\dllcache\services.exe
2011-06-10 08:01 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-06-10 08:01 . 2009-02-09 10:56 684544 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-06-10 08:01 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-06-10 08:01 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-06-10 08:00 . 2009-06-21 21:49 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-06-10 07:59 . 2010-06-14 07:43 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-06-10 07:59 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-06-10 07:58 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-06-10 07:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-06-10 07:53 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-06-10 07:53 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-06-10 07:51 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-06-10 07:50 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-06-10 07:19 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-06-10 07:17 . 2009-12-24 07:05 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2011-06-10 07:17 . 2010-01-13 14:06 87040 -c----w- c:\windows\system32\dllcache\cabview.dll
2011-06-10 07:16 . 2011-06-18 11:48 -------- d--h--w- c:\windows\$hf_mig$
2011-06-10 07:16 . 2010-07-16 11:58 221184 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-06-09 12:21 . 2010-11-09 14:52 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll
2011-06-09 12:21 . 2010-11-09 14:52 200704 -c----w- c:\windows\system32\dllcache\msadox.dll
2011-06-09 12:21 . 2010-11-09 14:52 143360 -c----w- c:\windows\system32\dllcache\msadco.dll
2011-06-09 12:21 . 2010-11-09 14:52 102400 -c----w- c:\windows\system32\dllcache\msjro.dll
2011-06-09 12:21 . 2010-11-09 14:52 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll
2011-06-09 12:21 . 2010-11-09 14:52 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2011-06-09 12:04 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-09 12:01 . 2011-06-09 12:01 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-09 11:31 . 2011-06-09 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2011-06-09 11:25 . 2011-06-09 11:25 -------- d-----w- c:\documents and settings\Lennart de Groot\Application Data\AVG10
2011-06-09 11:23 . 2011-06-09 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-06-09 11:16 . 2011-06-09 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-06-07 13:53 . 2011-06-07 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Solidshield
2011-06-07 13:51 . 2011-06-07 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2011-06-07 13:51 . 2011-06-07 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\EA Core
2011-05-30 14:47 . 2011-05-30 14:47 -------- d-----w- c:\documents and settings\Lennart de Groot\Local Settings\Application Data\Ubisoft Game Launcher
2011-05-21 15:51 . 2011-05-21 15:51 -------- d-----w- c:\documents and settings\Lennart de Groot\Local Settings\Application Data\The Witcher 2
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 11:27 . 2010-07-09 11:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-03 08:59 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-06-03 08:59 . 2009-08-18 10:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-25 20:16 . 2010-04-12 07:59 140024 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-25 20:16 . 2010-04-12 08:15 280768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-25 20:16 . 2010-04-12 07:58 280768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-25 20:11 . 2010-04-12 07:58 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-20 02:41 . 2010-04-10 20:25 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38 . 2010-04-10 21:51 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-20 02:29 . 2010-04-10 21:51 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 02:29 . 2010-04-10 21:51 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 02:24 . 2010-04-10 21:51 5459968 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 02:14 . 2010-04-10 21:51 17743872 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:04 . 2010-04-10 21:51 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:02 . 2010-04-10 20:25 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-04-20 02:01 . 2010-04-10 20:25 4017408 ----a-w- c:\windows\system32\ati3duag.dll
2011-04-20 01:55 . 2011-03-09 09:15 1115008 ----a-w- c:\windows\system32\ativvamv.dll
2011-04-20 01:45 . 2010-04-10 20:25 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
2011-04-20 01:44 . 2010-04-10 21:51 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 01:44 . 2010-04-10 21:51 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44 . 2010-04-10 21:51 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:44 . 2010-04-10 21:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:43 . 2010-04-10 21:51 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-04-20 01:42 . 2010-04-10 21:51 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-04-20 01:41 . 2010-04-10 21:51 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:40 . 2010-04-10 21:51 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 01:36 . 2010-04-10 21:51 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-04-20 01:34 . 2010-04-10 21:51 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:33 . 2010-04-10 21:51 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:30 . 2010-04-10 21:51 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-04-20 01:28 . 2010-04-10 20:25 851968 ----a-w- c:\windows\system32\ati2cqag.dll
2011-04-20 01:27 . 2010-04-10 21:51 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:27 . 2010-04-10 21:51 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:26 . 2010-04-10 21:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-19 21:10 . 2011-04-19 21:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 21:10 . 2011-04-19 21:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-02-16 22:51 . 2011-02-16 22:52 728858 ----a-w- c:\program files\Common Files\unins000.exe
2008-03-09 06:25 . 2011-02-16 22:28 236 ----a-w- c:\program files\Common Files\dx.reg
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="f:\games\steam\steam.exe" [2011-02-25 1242448]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"Grid"="c:\program files\ATI Technologies\HydraVision\HydraGrd.exe" [2010-04-06 385024]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 868352]
"9D6UWFXE7G3B9C5XVFXSSCNBM"="c:\sdjafsdjfsd\279A3E880B7.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2003-03-20 1855488]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-12-10 357384]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-12-10 1573384]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-12-10 3203080]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"Razer Naga Driver"="c:\program files\Razer\Naga\RazerNagaSysTray.exe" [2011-02-17 953744]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-04-19 380416]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Lennart de Groot\Menu Start\Programma's\Opstarten\
ATI Tray Tools.lnk - c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"f:\\Program Files\\World of Warcraft\\Launcher.exe"=
"f:\\Games\\Steam\\steam.exe"=
"f:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"f:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"f:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"f:\\Program Files\\StarCraft II\\Versions\\Base16755\\SC2.exe"=
"f:\\Program Files\\StarCraft II\\Versions\\Base16939\\SC2.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"f:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\conviction_game.exe"=
"f:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\gu.exe"=
"f:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\UPlayBrowser.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=
"f:\\Games\\Steam\\SteamApps\\dark_eye_nl\\counter-strike source\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\mass effect 2\\Binaries\\MassEffect2.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\mass effect 2\\MassEffect2Launcher.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\mass effect 2\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"f:\\Games\\Steam\\SteamApps\\common\\supreme commander 2\\bin\\SupremeCommander2.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javacpl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\assassins creed\\AssassinsCreed_Game.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\dragon age ultimate edition\\DAOriginsLauncher.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\dragon age ultimate edition\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"f:\\Games\\Steam\\SteamApps\\common\\dragon age ultimate edition\\bin_ship\\DAOrigins.exe"=
"c:\\Program Files\\Mumble\\mumble.exe"=
"c:\\Program Files\\Mumble\\mumble11x.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\splinter cell - double agent\\SCDALauncher.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\splinter cell - double agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\mass effect\\Binaries\\MassEffect.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\mass effect\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"e:\\Program Files\\The Witcher 2\\bin\\witcher2.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOpsMP.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\assassin's creed 2\\AssassinsCreedIIGame.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOps.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\dragon age ii\\DragonAge2Launcher.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\dragon age ii\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"f:\\Games\\Steam\\SteamApps\\common\\red faction ii\\Red Faction II.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\red faction guerrilla\\rfg_launcher.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\red faction guerrilla\\rfg.exe"=
"e:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:WoW Downloader 6112
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"25565:TCP"= 25565:TCP:Minecraft
"25566:TCP"= 25566:TCP:Minecraft2
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"1410:TCP"= 1410:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15-5-2010 20:04 436792]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [12-4-2010 16:21 17952]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7-9-2001 14:00 14336]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [10-7-2010 21:35 20328]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11-2-2011 15:24 10448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-6-2011 11:52 366640]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [23-11-2009 17:37 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [12-4-2010 8:44 14856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-6-2011 11:50 22712]
R3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [23-2-2011 16:35 103424]
R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S1 MpKsl08cddf9a;MpKsl08cddf9a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E8591EE-4FD2-4067-B6C1-C3560203FF35}\MpKsl08cddf9a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E8591EE-4FD2-4067-B6C1-C3560203FF35}\MpKsl08cddf9a.sys [?]
S1 MpKslf962e264;MpKslf962e264;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FDB8B8D-373E-4B57-8872-6ECB23BC3077}\MpKslf962e264.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FDB8B8D-373E-4B57-8872-6ECB23BC3077}\MpKslf962e264.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12-4-2010 14:08 1691480]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [6-10-2010 16:53 16512]
S3 BlackBox;BlackBox SR2; [x]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21-5-2008 13:42 64000]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;f:\games\Steam\SteamApps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [6-3-2011 1:51 25832]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [18-6-2011 11:52 39984]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [11-4-2010 12:35 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [11-4-2010 12:35 11088]
S3 slicedisk.sys;slicedisk.sys;c:\windows\system32\slicedisk.sys [11-4-2010 22:10 8832]
S3 SliceDisk5;SliceDisk5;\??\c:\program files\A-FF Find and Mount\slicedisk.sys --> c:\program files\A-FF Find and Mount\slicedisk.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
2011-06-18 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2002-01-01 21:18]
.
.
------- Bijkomende Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://operation7.fiaa.eu/OPLauncher.cab
FF - ProfilePath - c:\documents and settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.volkskrant.nl
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
------- Bestandsassociaties -------
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
HKCU-Run-8F6X5AZYZI4D5CZIRBQOCJIUI - c:\sadoahskudh\sadoahskudh.exe
HKCU-Run-9D6UWFXE7G3B9C5XVFXSSCNBM - c:\sdjafsdjfsd\279A3E880B7.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-2kv4.8.442 - c:\windows\Radeon Omega Drivers v4.8.442
AddRemove-Switch - c:\program files\NCH Swift Sound\Switch\uninst.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files\Common Files\BioWare\Uninstall Mass Effect 2.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-18 22:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
9E6XYH0W0DYH3C2EMRAC = c:\iduhsfuisdf\28ED27230B7.exe /q
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"9E6XYH0W0DYH3C2EMRAC"="c:\\iduhsfuisdf\\28ED27230B7.exe /q"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-616249376-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:b2,c1,48,9e,43,18,5a,b2,f6,df,d4,a1,6c,72,ef,d3,a5,27,03,15,7f,
5c,e7,4f,9f,ac,e4,83,77,ae,ef,80,e3,d4,b7,03,2c,9c,77,83,88,74,c0,7c,25,76,\
"rkeysecu"=hex:41,0c,08,e9,f6,31,10,b0,48,85,6f,c2,c7,2d,48,08
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1636)
c:\program files\ATI Technologies\HydraVision\HydraGH.dll
c:\windows\system32\msi.dll
c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
.
Voltooingstijd: 2011-06-18 22:37:57
ComboFix-quarantined-files.txt 2011-06-18 20:37
.
Pre-Run: 46.408.261.632 bytes beschikbaar
Post-Run: 46.362.284.032 bytes beschikbaar
.
- - End Of File - - FC96521BD99A8BEB9C767BE817A498B2
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box
  • Click OK
Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\drivers\xcpip.sys
c:\windows\system32\drivers\xpsec.sys


Folder::
c:\sdjafsdjfsd

Driver::
xcpip
xpsec
BlackBox


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"9D6UWFXE7G3B9C5XVFXSSCNBM"=-
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
9E6XYH0W0DYH3C2EMRAC =-


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 11-06-17.04 - Lennart de Groot 18-06-2011 23:39:12.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2511 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Lennart de Groot\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Lennart de Groot\Bureaublad\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\drivers\xcpip.sys"
"c:\windows\system32\drivers\xpsec.sys"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\sdjafsdjfsd
c:\sdjafsdjfsd\857C612CCE06AB4
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BLACKBOX
-------\Service_BlackBox
-------\Service_xcpip
-------\Service_xpsec
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-18 to 2011-06-18 ))))))))))))))))))))))))))))))
.
.
2011-06-18 20:47 . 2011-05-09 11:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3C8D7CA-F673-489F-9574-E4A229964C12}\mpengine.dll
2011-06-18 20:28 . 2011-06-18 20:28 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-06-18 20:28 . 2011-06-18 20:28 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-06-18 20:28 . 2011-06-18 20:28 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-06-18 20:28 . 2011-06-18 20:28 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-06-18 20:28 . 2011-06-18 20:28 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-06-18 20:28 . 2011-06-18 20:28 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-06-18 20:28 . 2011-06-18 20:28 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-06-18 20:28 . 2011-06-18 20:28 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-06-18 20:28 . 2011-06-18 20:28 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-06-18 20:28 . 2011-06-18 20:28 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-06-18 20:28 . 2011-06-18 20:28 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-06-18 20:28 . 2011-06-18 20:28 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-06-18 20:27 . 2011-06-18 20:27 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-06-18 20:27 . 2011-06-18 20:27 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-06-18 20:27 . 2011-06-18 20:27 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-06-18 20:27 . 2011-06-18 20:27 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-06-18 20:27 . 2011-06-18 20:27 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-06-18 11:27 . 2011-06-18 11:27 -------- d-----w- c:\program files\Common Files\Java
2011-06-18 11:27 . 2011-06-18 11:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-18 11:27 . 2011-06-18 11:27 -------- d-----w- c:\program files\Java
2011-06-18 09:52 . 2011-06-18 09:52 -------- d-----w- c:\documents and settings\Lennart de Groot\Application Data\Malwarebytes
2011-06-18 09:52 . 2011-06-18 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-18 09:52 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-18 09:50 . 2011-06-18 11:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-18 09:50 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-11 07:49 . 2011-05-09 11:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-10 08:16 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-06-10 08:16 . 2010-08-23 16:13 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-06-10 08:16 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-06-10 08:15 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-06-10 08:01 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-06-10 08:01 . 2009-10-15 16:38 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-06-10 08:01 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-06-10 08:01 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-06-10 08:01 . 2009-03-06 14:23 285696 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-06-10 08:01 . 2009-02-09 11:27 111104 -c----w- c:\windows\system32\dllcache\services.exe
2011-06-10 08:01 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-06-10 08:01 . 2009-02-09 10:56 684544 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-06-10 08:01 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-06-10 08:01 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-06-10 08:00 . 2009-06-21 21:49 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-06-10 07:59 . 2010-06-14 07:43 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-06-10 07:59 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-06-10 07:58 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-06-10 07:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-06-10 07:53 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-06-10 07:53 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-06-10 07:51 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-06-10 07:50 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-06-10 07:19 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-06-10 07:17 . 2009-12-24 07:05 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2011-06-10 07:17 . 2010-01-13 14:06 87040 -c----w- c:\windows\system32\dllcache\cabview.dll
2011-06-10 07:16 . 2011-06-18 11:48 -------- d--h--w- c:\windows\$hf_mig$
2011-06-10 07:16 . 2010-07-16 11:58 221184 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-06-09 12:21 . 2010-11-09 14:52 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll
2011-06-09 12:21 . 2010-11-09 14:52 200704 -c----w- c:\windows\system32\dllcache\msadox.dll
2011-06-09 12:21 . 2010-11-09 14:52 143360 -c----w- c:\windows\system32\dllcache\msadco.dll
2011-06-09 12:21 . 2010-11-09 14:52 102400 -c----w- c:\windows\system32\dllcache\msjro.dll
2011-06-09 12:21 . 2010-11-09 14:52 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll
2011-06-09 12:21 . 2010-11-09 14:52 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2011-06-09 12:04 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-09 12:01 . 2011-06-09 12:01 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-09 11:31 . 2011-06-09 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2011-06-09 11:25 . 2011-06-09 11:25 -------- d-----w- c:\documents and settings\Lennart de Groot\Application Data\AVG10
2011-06-09 11:23 . 2011-06-09 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-06-09 11:16 . 2011-06-09 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-06-07 13:53 . 2011-06-07 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Solidshield
2011-06-07 13:51 . 2011-06-07 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2011-06-07 13:51 . 2011-06-07 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\EA Core
2011-05-30 14:47 . 2011-05-30 14:47 -------- d-----w- c:\documents and settings\Lennart de Groot\Local Settings\Application Data\Ubisoft Game Launcher
2011-05-21 15:51 . 2011-05-21 15:51 -------- d-----w- c:\documents and settings\Lennart de Groot\Local Settings\Application Data\The Witcher 2
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 11:27 . 2010-07-09 11:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-03 08:59 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-06-03 08:59 . 2009-08-18 10:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-25 20:16 . 2010-04-12 07:59 140024 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-25 20:16 . 2010-04-12 08:15 280768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-25 20:16 . 2010-04-12 07:58 280768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-25 20:11 . 2010-04-12 07:58 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-20 02:41 . 2010-04-10 20:25 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38 . 2010-04-10 21:51 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-20 02:29 . 2010-04-10 21:51 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 02:29 . 2010-04-10 21:51 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 02:24 . 2010-04-10 21:51 5459968 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 02:14 . 2010-04-10 21:51 17743872 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:04 . 2010-04-10 21:51 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:02 . 2010-04-10 20:25 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-04-20 02:01 . 2010-04-10 20:25 4017408 ----a-w- c:\windows\system32\ati3duag.dll
2011-04-20 01:55 . 2011-03-09 09:15 1115008 ----a-w- c:\windows\system32\ativvamv.dll
2011-04-20 01:45 . 2010-04-10 20:25 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
2011-04-20 01:44 . 2010-04-10 21:51 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 01:44 . 2010-04-10 21:51 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44 . 2010-04-10 21:51 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:44 . 2010-04-10 21:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:43 . 2010-04-10 21:51 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-04-20 01:42 . 2010-04-10 21:51 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-04-20 01:41 . 2010-04-10 21:51 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:40 . 2010-04-10 21:51 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 01:36 . 2010-04-10 21:51 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-04-20 01:34 . 2010-04-10 21:51 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:33 . 2010-04-10 21:51 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:30 . 2010-04-10 21:51 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-04-20 01:28 . 2010-04-10 20:25 851968 ----a-w- c:\windows\system32\ati2cqag.dll
2011-04-20 01:27 . 2010-04-10 21:51 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:27 . 2010-04-10 21:51 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:26 . 2010-04-10 21:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-19 21:10 . 2011-04-19 21:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 21:10 . 2011-04-19 21:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-02-16 22:51 . 2011-02-16 22:52 728858 ----a-w- c:\program files\Common Files\unins000.exe
2008-03-09 06:25 . 2011-02-16 22:28 236 ----a-w- c:\program files\Common Files\dx.reg
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-18_20.36.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-18 21:44 . 2011-06-18 21:44 16384 c:\windows\Temp\Perflib_Perfdata_f58.dat
+ 2011-06-18 21:44 . 2011-06-18 21:44 16384 c:\windows\Temp\Perflib_Perfdata_710.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="f:\games\steam\steam.exe" [2011-02-25 1242448]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"Grid"="c:\program files\ATI Technologies\HydraVision\HydraGrd.exe" [2010-04-06 385024]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 868352]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 868352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2003-03-20 1855488]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-12-10 357384]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-12-10 1573384]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-12-10 3203080]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"Razer Naga Driver"="c:\program files\Razer\Naga\RazerNagaSysTray.exe" [2011-02-17 953744]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-04-19 380416]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Lennart de Groot\Menu Start\Programma's\Opstarten\
ATI Tray Tools.lnk - c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"f:\\Program Files\\World of Warcraft\\Launcher.exe"=
"f:\\Games\\Steam\\steam.exe"=
"f:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"f:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"f:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"f:\\Program Files\\StarCraft II\\Versions\\Base16755\\SC2.exe"=
"f:\\Program Files\\StarCraft II\\Versions\\Base16939\\SC2.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"f:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\conviction_game.exe"=
"f:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\gu.exe"=
"f:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\UPlayBrowser.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=
"f:\\Games\\Steam\\SteamApps\\dark_eye_nl\\counter-strike source\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\mass effect 2\\Binaries\\MassEffect2.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\mass effect 2\\MassEffect2Launcher.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\mass effect 2\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"f:\\Games\\Steam\\SteamApps\\common\\supreme commander 2\\bin\\SupremeCommander2.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javacpl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\assassins creed\\AssassinsCreed_Game.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\dragon age ultimate edition\\DAOriginsLauncher.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\dragon age ultimate edition\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"f:\\Games\\Steam\\SteamApps\\common\\dragon age ultimate edition\\bin_ship\\DAOrigins.exe"=
"c:\\Program Files\\Mumble\\mumble.exe"=
"c:\\Program Files\\Mumble\\mumble11x.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\splinter cell - double agent\\SCDALauncher.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\splinter cell - double agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\mass effect\\Binaries\\MassEffect.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\mass effect\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"e:\\Program Files\\The Witcher 2\\bin\\witcher2.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOpsMP.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\assassin's creed 2\\AssassinsCreedIIGame.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOps.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\dragon age ii\\DragonAge2Launcher.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\dragon age ii\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"f:\\Games\\Steam\\SteamApps\\common\\red faction ii\\Red Faction II.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\red faction guerrilla\\rfg_launcher.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\red faction guerrilla\\rfg.exe"=
"e:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:WoW Downloader 6112
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"25565:TCP"= 25565:TCP:Minecraft
"25566:TCP"= 25566:TCP:Minecraft2
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"1040:TCP"= 1040:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15-5-2010 20:04 436792]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [12-4-2010 16:21 17952]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7-9-2001 14:00 14336]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [10-7-2010 21:35 20328]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11-2-2011 15:24 10448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-6-2011 11:52 366640]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [23-11-2009 17:37 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [12-4-2010 8:44 14856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-6-2011 11:50 22712]
R3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [23-2-2011 16:35 103424]
S1 MpKsl08cddf9a;MpKsl08cddf9a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E8591EE-4FD2-4067-B6C1-C3560203FF35}\MpKsl08cddf9a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E8591EE-4FD2-4067-B6C1-C3560203FF35}\MpKsl08cddf9a.sys [?]
S1 MpKsl3f8316a1;MpKsl3f8316a1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3C8D7CA-F673-489F-9574-E4A229964C12}\MpKsl3f8316a1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3C8D7CA-F673-489F-9574-E4A229964C12}\MpKsl3f8316a1.sys [?]
S1 MpKslf962e264;MpKslf962e264;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FDB8B8D-373E-4B57-8872-6ECB23BC3077}\MpKslf962e264.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FDB8B8D-373E-4B57-8872-6ECB23BC3077}\MpKslf962e264.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12-4-2010 14:08 1691480]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [6-10-2010 16:53 16512]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21-5-2008 13:42 64000]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;f:\games\Steam\SteamApps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [6-3-2011 1:51 25832]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [18-6-2011 11:52 39984]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [11-4-2010 12:35 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [11-4-2010 12:35 11088]
S3 slicedisk.sys;slicedisk.sys;c:\windows\system32\slicedisk.sys [11-4-2010 22:10 8832]
S3 SliceDisk5;SliceDisk5;\??\c:\program files\A-FF Find and Mount\slicedisk.sys --> c:\program files\A-FF Find and Mount\slicedisk.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
2011-06-18 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2002-01-01 21:18]
.
.
------- Bijkomende Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://operation7.fiaa.eu/OPLauncher.cab
FF - ProfilePath - c:\documents and settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.volkskrant.nl
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-18 23:45
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
9E6XYH0W0DYH3C2EMRAC = c:\iduhsfuisdf\28ED27230B7.exe /q
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"9E6XYH0W0DYH3C2EMRAC"="c:\\iduhsfuisdf\\28ED27230B7.exe /q"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-616249376-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:b2,c1,48,9e,43,18,5a,b2,f6,df,d4,a1,6c,72,ef,d3,a5,27,03,15,7f,
5c,e7,4f,9f,ac,e4,83,77,ae,ef,80,e3,d4,b7,03,2c,9c,77,83,88,74,c0,7c,25,76,\
"rkeysecu"=hex:41,0c,08,e9,f6,31,10,b0,48,85,6f,c2,c7,2d,48,08
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(420)
c:\program files\ATI Technologies\HydraVision\HydraGH.dll
c:\windows\system32\msi.dll
c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\Mixer.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Voltooingstijd: 2011-06-18 23:46:29 - machine werd herstart
ComboFix-quarantined-files.txt 2011-06-18 21:46
ComboFix2.txt 2011-06-18 20:37
.
Pre-Run: 46.353.330.176 bytes beschikbaar
Post-Run: 46.269.267.968 bytes beschikbaar
.
- - End Of File - - A16422EDC3DCEDA2CF8FD0D5F9F3FE24
 
How is redirection?

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box
  • Click OK
Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
Registry::
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
9E6XYH0W0DYH3C2EMRAC =-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"9E6XYH0W0DYH3C2EMRAC"=-


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 11-06-17.04 - Lennart de Groot 19-06-2011 0:16.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2601 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Lennart de Groot\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Lennart de Groot\Bureaublad\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-18 to 2011-06-18 ))))))))))))))))))))))))))))))
.
.
2011-06-18 21:45 . 2011-06-18 21:45 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-06-18 21:45 . 2011-06-18 21:45 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-06-18 21:45 . 2011-06-18 21:45 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-06-18 21:45 . 2011-06-18 21:45 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-06-18 21:45 . 2011-06-18 21:45 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-06-18 21:45 . 2011-06-18 21:45 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-06-18 21:45 . 2011-06-18 21:45 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-06-18 21:45 . 2011-06-18 21:45 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-06-18 21:45 . 2011-06-18 21:45 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-06-18 21:45 . 2011-06-18 21:45 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-06-18 21:45 . 2011-06-18 21:45 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-06-18 21:45 . 2011-06-18 21:45 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-06-18 21:44 . 2011-06-18 21:44 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-06-18 21:44 . 2011-06-18 21:44 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-06-18 21:44 . 2011-06-18 21:44 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-06-18 21:44 . 2011-06-18 21:44 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-06-18 21:44 . 2011-06-18 21:44 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-06-18 20:47 . 2011-05-09 11:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3C8D7CA-F673-489F-9574-E4A229964C12}\mpengine.dll
2011-06-18 11:27 . 2011-06-18 11:27 -------- d-----w- c:\program files\Common Files\Java
2011-06-18 11:27 . 2011-06-18 11:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-18 11:27 . 2011-06-18 11:27 -------- d-----w- c:\program files\Java
2011-06-18 09:52 . 2011-06-18 09:52 -------- d-----w- c:\documents and settings\Lennart de Groot\Application Data\Malwarebytes
2011-06-18 09:52 . 2011-06-18 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-18 09:52 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-18 09:50 . 2011-06-18 11:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-18 09:50 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-11 07:49 . 2011-05-09 11:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-10 08:16 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-06-10 08:16 . 2010-08-23 16:13 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-06-10 08:16 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-06-10 08:15 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-06-10 08:01 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-06-10 08:01 . 2009-10-15 16:38 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-06-10 08:01 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-06-10 08:01 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-06-10 08:01 . 2009-03-06 14:23 285696 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-06-10 08:01 . 2009-02-09 11:27 111104 -c----w- c:\windows\system32\dllcache\services.exe
2011-06-10 08:01 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-06-10 08:01 . 2009-02-09 10:56 684544 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-06-10 08:01 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-06-10 08:01 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-06-10 08:00 . 2009-06-21 21:49 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-06-10 07:59 . 2010-06-14 07:43 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-06-10 07:59 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-06-10 07:58 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-06-10 07:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-06-10 07:53 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-06-10 07:53 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-06-10 07:51 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-06-10 07:50 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-06-10 07:19 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-06-10 07:17 . 2009-12-24 07:05 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2011-06-10 07:17 . 2010-01-13 14:06 87040 -c----w- c:\windows\system32\dllcache\cabview.dll
2011-06-10 07:16 . 2011-06-18 11:48 -------- d--h--w- c:\windows\$hf_mig$
2011-06-10 07:16 . 2010-07-16 11:58 221184 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-06-09 12:21 . 2010-11-09 14:52 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll
2011-06-09 12:21 . 2010-11-09 14:52 200704 -c----w- c:\windows\system32\dllcache\msadox.dll
2011-06-09 12:21 . 2010-11-09 14:52 143360 -c----w- c:\windows\system32\dllcache\msadco.dll
2011-06-09 12:21 . 2010-11-09 14:52 102400 -c----w- c:\windows\system32\dllcache\msjro.dll
2011-06-09 12:21 . 2010-11-09 14:52 180224 -c----w- c:\windows\system32\dllcache\msadomd.dll
2011-06-09 12:21 . 2010-11-09 14:52 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2011-06-09 12:04 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-09 12:01 . 2011-06-09 12:01 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-09 11:31 . 2011-06-09 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2011-06-09 11:25 . 2011-06-09 11:25 -------- d-----w- c:\documents and settings\Lennart de Groot\Application Data\AVG10
2011-06-09 11:23 . 2011-06-09 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-06-09 11:16 . 2011-06-09 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-06-07 13:53 . 2011-06-07 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Solidshield
2011-06-07 13:51 . 2011-06-07 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2011-06-07 13:51 . 2011-06-07 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\EA Core
2011-05-30 14:47 . 2011-05-30 14:47 -------- d-----w- c:\documents and settings\Lennart de Groot\Local Settings\Application Data\Ubisoft Game Launcher
2011-05-21 15:51 . 2011-05-21 15:51 -------- d-----w- c:\documents and settings\Lennart de Groot\Local Settings\Application Data\The Witcher 2
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 11:27 . 2010-07-09 11:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-03 08:59 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-06-03 08:59 . 2009-08-18 10:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-25 20:16 . 2010-04-12 07:59 140024 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-05-25 20:16 . 2010-04-12 08:15 280768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-05-25 20:16 . 2010-04-12 07:58 280768 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-05-25 20:11 . 2010-04-12 07:58 266400 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-04-20 02:41 . 2010-04-10 20:25 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38 . 2010-04-10 21:51 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-20 02:29 . 2010-04-10 21:51 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 02:29 . 2010-04-10 21:51 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 02:24 . 2010-04-10 21:51 5459968 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 02:14 . 2010-04-10 21:51 17743872 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:04 . 2010-04-10 21:51 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:02 . 2010-04-10 20:25 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-04-20 02:01 . 2010-04-10 20:25 4017408 ----a-w- c:\windows\system32\ati3duag.dll
2011-04-20 01:55 . 2011-03-09 09:15 1115008 ----a-w- c:\windows\system32\ativvamv.dll
2011-04-20 01:45 . 2010-04-10 20:25 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
2011-04-20 01:44 . 2010-04-10 21:51 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 01:44 . 2010-04-10 21:51 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44 . 2010-04-10 21:51 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:44 . 2010-04-10 21:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:43 . 2010-04-10 21:51 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-04-20 01:42 . 2010-04-10 21:51 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-04-20 01:41 . 2010-04-10 21:51 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:40 . 2010-04-10 21:51 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 01:36 . 2010-04-10 21:51 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-04-20 01:34 . 2010-04-10 21:51 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:33 . 2010-04-10 21:51 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:30 . 2010-04-10 21:51 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-04-20 01:28 . 2010-04-10 20:25 851968 ----a-w- c:\windows\system32\ati2cqag.dll
2011-04-20 01:27 . 2010-04-10 21:51 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:27 . 2010-04-10 21:51 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:26 . 2010-04-10 21:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-19 21:10 . 2011-04-19 21:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 21:10 . 2011-04-19 21:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-02-16 22:51 . 2011-02-16 22:52 728858 ----a-w- c:\program files\Common Files\unins000.exe
2008-03-09 06:25 . 2011-02-16 22:28 236 ----a-w- c:\program files\Common Files\dx.reg
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-18_20.36.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-18 21:44 . 2011-06-18 21:44 16384 c:\windows\Temp\Perflib_Perfdata_f58.dat
+ 2011-06-18 21:44 . 2011-06-18 21:44 16384 c:\windows\Temp\Perflib_Perfdata_710.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="f:\games\steam\steam.exe" [2011-02-25 1242448]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"Grid"="c:\program files\ATI Technologies\HydraVision\HydraGrd.exe" [2010-04-06 385024]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-05-30 868352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2003-03-20 1855488]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-12-10 357384]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-12-10 1573384]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-12-10 3203080]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"Razer Naga Driver"="c:\program files\Razer\Naga\RazerNagaSysTray.exe" [2011-02-17 953744]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-04-19 380416]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Lennart de Groot\Menu Start\Programma's\Opstarten\
ATI Tray Tools.lnk - c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"f:\\Program Files\\World of Warcraft\\Launcher.exe"=
"f:\\Games\\Steam\\steam.exe"=
"f:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"f:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"f:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"f:\\Program Files\\StarCraft II\\Versions\\Base16755\\SC2.exe"=
"f:\\Program Files\\StarCraft II\\Versions\\Base16939\\SC2.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"f:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\conviction_game.exe"=
"f:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\gu.exe"=
"f:\\Program Files\\Ubisoft\\Tom Clancy's Splinter Cell Conviction\\src\\system\\UPlayBrowser.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=
"f:\\Games\\Steam\\SteamApps\\dark_eye_nl\\counter-strike source\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\mass effect 2\\Binaries\\MassEffect2.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\mass effect 2\\MassEffect2Launcher.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\mass effect 2\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"f:\\Games\\Steam\\SteamApps\\common\\supreme commander 2\\bin\\SupremeCommander2.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\borderlands\\Binaries\\Borderlands.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javacpl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\assassins creed\\AssassinsCreed_Game.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\dragon age ultimate edition\\DAOriginsLauncher.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\dragon age ultimate edition\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"f:\\Games\\Steam\\SteamApps\\common\\dragon age ultimate edition\\bin_ship\\DAOrigins.exe"=
"c:\\Program Files\\Mumble\\mumble.exe"=
"c:\\Program Files\\Mumble\\mumble11x.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\splinter cell - double agent\\SCDALauncher.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\splinter cell - double agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\mass effect\\Binaries\\MassEffect.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\mass effect\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"e:\\Program Files\\The Witcher 2\\bin\\witcher2.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOpsMP.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\assassin's creed 2\\AssassinsCreedIIGame.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\call of duty black ops\\BlackOps.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\dragon age ii\\DragonAge2Launcher.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\dragon age ii\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"f:\\Games\\Steam\\SteamApps\\common\\red faction ii\\Red Faction II.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\red faction guerrilla\\rfg_launcher.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\red faction guerrilla\\rfg.exe"=
"e:\\Program Files\\Electronic Arts\\Crytek\\Crysis 2\\bin32\\Crysis2.exe"=
"f:\\Games\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:WoW Downloader 6112
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"25565:TCP"= 25565:TCP:Minecraft
"25566:TCP"= 25566:TCP:Minecraft2
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2015:TCP"= 2015:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15-5-2010 20:04 436792]
R1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [12-4-2010 16:21 17952]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7-9-2001 14:00 14336]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [10-7-2010 21:35 20328]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11-2-2011 15:24 10448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-6-2011 11:52 366640]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [23-11-2009 17:37 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [12-4-2010 8:44 14856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-6-2011 11:50 22712]
R3 RzSynapse;Razer Driver;c:\windows\system32\drivers\RzSynapse.sys [23-2-2011 16:35 103424]
S1 MpKsl08cddf9a;MpKsl08cddf9a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E8591EE-4FD2-4067-B6C1-C3560203FF35}\MpKsl08cddf9a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E8591EE-4FD2-4067-B6C1-C3560203FF35}\MpKsl08cddf9a.sys [?]
S1 MpKsl3f8316a1;MpKsl3f8316a1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3C8D7CA-F673-489F-9574-E4A229964C12}\MpKsl3f8316a1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3C8D7CA-F673-489F-9574-E4A229964C12}\MpKsl3f8316a1.sys [?]
S1 MpKslf962e264;MpKslf962e264;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FDB8B8D-373E-4B57-8872-6ECB23BC3077}\MpKslf962e264.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FDB8B8D-373E-4B57-8872-6ECB23BC3077}\MpKslf962e264.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12-4-2010 14:08 1691480]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [6-10-2010 16:53 16512]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21-5-2008 13:42 64000]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;f:\games\Steam\SteamApps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [6-3-2011 1:51 25832]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [18-6-2011 11:52 39984]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [11-4-2010 12:35 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [11-4-2010 12:35 11088]
S3 slicedisk.sys;slicedisk.sys;c:\windows\system32\slicedisk.sys [11-4-2010 22:10 8832]
S3 SliceDisk5;SliceDisk5;\??\c:\program files\A-FF Find and Mount\slicedisk.sys --> c:\program files\A-FF Find and Mount\slicedisk.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
2011-06-18 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2002-01-01 21:18]
.
.
------- Bijkomende Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://operation7.fiaa.eu/OPLauncher.cab
FF - ProfilePath - c:\documents and settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.volkskrant.nl
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-19 00:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-616249376-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:b2,c1,48,9e,43,18,5a,b2,f6,df,d4,a1,6c,72,ef,d3,a5,27,03,15,7f,
5c,e7,4f,9f,ac,e4,83,77,ae,ef,80,e3,d4,b7,03,2c,9c,77,83,88,74,c0,7c,25,76,\
"rkeysecu"=hex:41,0c,08,e9,f6,31,10,b0,48,85,6f,c2,c7,2d,48,08
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(852)
c:\program files\ATI Technologies\HydraVision\HydraGH.dll
c:\windows\system32\msi.dll
c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2011-06-19 00:20:47
ComboFix-quarantined-files.txt 2011-06-18 22:20
ComboFix2.txt 2011-06-18 21:46
ComboFix3.txt 2011-06-18 20:37
.
Pre-Run: 46.289.944.576 bytes beschikbaar
Post-Run: 46.273.019.904 bytes beschikbaar
.
- - End Of File - - FFA2359C866DA69AF38B6033C98E4577
 
Well done :)

You didn't say:
How is redirection?
Click to expand...

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
After having ComboFix run for the first time redirection went fine. After having it run with the added notepad files google redirects to other sites again. It runs smoother though, boots up quicker and some minor things (Like the double quote issue) are resolved.


Log;

OTL logfile created on: 19-6-2011 0:34:20 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Lennart de Groot\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,25 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 75,33% Memory free
5,09 Gb Paging File | 4,28 Gb Available in Paging File | 84,04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 128,00 Gb Total Space | 43,12 Gb Free Space | 33,69% Space Free | Partition Type: NTFS
Drive D: | 7,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 195,30 Gb Total Space | 79,38 Gb Free Space | 40,64% Space Free | Partition Type: NTFS
Drive F: | 272,87 Gb Total Space | 55,73 Gb Free Space | 20,42% Space Free | Partition Type: NTFS

Computer Name: LENNART | User Name: Lennart de Groot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-06-19 00:32:41 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\OTL.exe
PRC - [2011-05-29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-04-30 13:52:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-02-25 22:56:44 | 001,242,448 | ---- | M] (Valve Corporation) -- F:\Games\Steam\steam.exe
PRC - [2010-11-30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010-11-11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010-04-06 19:21:22 | 000,385,024 | ---- | M] () -- C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe
PRC - [2009-12-10 10:27:26 | 000,357,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2009-12-10 10:25:16 | 003,203,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2009-12-10 10:00:42 | 001,573,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2009-04-23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008-04-14 22:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-05-30 14:52:32 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2007-04-02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2003-03-20 09:21:00 | 001,855,488 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe


========== Modules (SafeList) ==========

MOD - [2011-06-19 00:32:41 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\OTL.exe
MOD - [2010-08-23 18:13:25 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010-04-06 19:21:12 | 000,241,664 | ---- | M] (AMD) -- C:\Program Files\ATI Technologies\HydraVision\HydraGH.dll
MOD - [2009-08-29 18:09:14 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.dll
MOD - [2008-05-15 16:12:33 | 000,065,536 | ---- | M] (Stardock.net, Inc) -- C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-06-16 09:12:28 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll -- (Akamai)
SRV - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-03-06 01:51:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- f:\Games\Steam\SteamApps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2010-11-11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008-05-21 13:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007-04-02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011-05-29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011-05-29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-04-20 04:41:56 | 006,537,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010-12-16 10:23:14 | 000,103,424 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RzSynapse.sys -- (RzSynapse)
DRV - [2010-12-07 18:50:26 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-07-09 13:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010-04-07 01:42:12 | 000,095,232 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010-04-06 18:13:04 | 005,912,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010-03-18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010-03-18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010-03-18 11:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010-01-27 11:05:00 | 004,078,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009-12-21 20:39:14 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2009-12-21 20:39:12 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2009-11-23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009-11-23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009-11-18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008-04-14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007-11-05 09:55:04 | 000,017,952 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys -- (atitray)
DRV - [2007-05-31 19:13:48 | 000,008,832 | ---- | M] (Atola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\slicedisk.sys -- (slicedisk.sys)
DRV - [2006-11-10 15:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2002-11-18 10:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2002-07-17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2001-08-17 22:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029) NT-stuurprogramma voor Realtek RTL8029(AS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-616249376-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.volkskrant.nl"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-05-18 19:46:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-18 13:19:02 | 000,000,000 | ---D | M]

[2011-03-03 17:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Extensions
[2011-03-03 17:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2011-06-18 21:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions
[2011-03-06 10:24:30 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011-03-06 10:24:30 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2011-03-06 10:24:29 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011-06-16 09:28:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions\Access Privileges Test
[2011-03-25 14:31:28 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions\battlefieldplay4free@ea.com
[2011-03-06 10:24:31 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Documents and Settings\Lennart de Groot\Application Data\Mozilla\Firefox\Profiles\x60z6gy6.default\extensions\nasanightlaunch@example.com
[2011-06-18 21:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-07-09 13:56:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011-06-18 13:27:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011-06-18 13:27:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2002-01-01 08:55:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011-06-18 13:27:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-12-10 21:13:35 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010-12-10 21:13:35 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010-12-10 21:13:35 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010-12-10 21:13:35 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010-12-10 21:13:35 | 000,001,106 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2011-06-18 23:42:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-789336058-616249376-725345543-1003..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-789336058-616249376-725345543-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-789336058-616249376-725345543-1003..\Run: [Grid] C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe ()
O4 - HKU\S-1-5-21-789336058-616249376-725345543-1003..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-789336058-616249376-725345543-1003..\Run: [Steam] F:\games\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\Lennart de Groot\Menu Start\Programma's\Opstarten\ATI Tray Tools.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-616249376-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-616249376-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-616249376-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-616249376-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} http://operation7.fiaa.eu/OPLauncher.cab (Perparer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Lennart de Groot\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lennart de Groot\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-04-10 21:43:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (5599091165757440)

========== Files/Folders - Created Within 30 Days ==========

[2011-06-19 00:32:38 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\OTL.exe
[2011-06-18 22:00:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011-06-18 21:57:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-06-18 21:57:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-06-18 21:57:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-06-18 21:57:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-06-18 21:57:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-06-18 21:57:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-06-18 21:52:06 | 004,130,419 | R--- | C] (Swearware) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\ComboFix.exe
[2011-06-18 21:13:10 | 000,581,120 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\aswMBR.exe
[2011-06-18 13:44:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lennart de Groot\Menu Start\Programma's\Systeembeheer
[2011-06-18 13:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011-06-18 13:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011-06-18 13:09:55 | 012,557,920 | ---- | C] (Foxit Corporation ) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\FoxitReader501.0523_enu_Setup.exe
[2011-06-18 11:57:43 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\spybotsd162.exe
[2011-06-18 11:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Application Data\Malwarebytes
[2011-06-18 11:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware
[2011-06-18 11:52:40 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-06-18 11:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-06-18 11:50:59 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-06-18 11:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-06-18 11:49:37 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\dds.scr
[2011-06-18 11:48:51 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\mbam-setup-1.51.0.1200.exe
[2011-06-10 09:17:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011-06-10 09:16:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011-06-09 14:01:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011-06-09 14:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011-06-09 13:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Nieuwe map
[2011-06-09 13:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2011-06-09 13:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Application Data\AVG10
[2011-06-09 13:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011-06-09 13:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-06-07 15:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Mijn documenten\Crysis2
[2011-06-07 15:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2011-06-07 15:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011-06-07 15:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011-05-30 16:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Local Settings\Application Data\Ubisoft Game Launcher
[2011-05-24 22:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Mijn documenten\My Cheat Tables
[2011-05-21 17:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Mijn documenten\Witcher 2
[2011-05-21 17:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lennart de Groot\Local Settings\Application Data\The Witcher 2
[2011-05-21 17:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\The Witcher 2
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-06-19 00:32:41 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\OTL.exe
[2011-06-18 23:47:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011-06-18 23:42:46 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011-06-18 23:42:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-06-18 23:42:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-06-18 22:00:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011-06-18 21:52:37 | 004,130,419 | R--- | M] (Swearware) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\ComboFix.exe
[2011-06-18 21:17:06 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\MBR.dat
[2011-06-18 21:14:28 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\RKUnhookerLE.EXE
[2011-06-18 21:14:07 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\MBR.dat
[2011-06-18 21:13:11 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\aswMBR.exe
[2011-06-18 13:10:57 | 012,557,920 | ---- | M] (Foxit Corporation ) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\FoxitReader501.0523_enu_Setup.exe
[2011-06-18 11:58:25 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\spybotsd162.exe
[2011-06-18 11:52:41 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2011-06-18 11:50:22 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\mbam-setup-1.51.0.1200.exe
[2011-06-18 11:49:40 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\Lennart de Groot\Bureaublad\dds.scr
[2011-06-18 11:49:20 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe
[2011-06-18 10:15:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-06-15 08:07:56 | 000,499,226 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2011-06-15 08:07:56 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-06-15 08:07:56 | 000,086,256 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2011-06-15 08:07:56 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-06-14 21:46:11 | 000,000,322 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Warriors_Archery_and_Dual_Weapon-2340-1.zip
[2011-06-14 21:45:26 | 000,001,287 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Level_Cap_50-2844-1-02.rar
[2011-06-14 21:41:59 | 000,038,284 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Ability_Restrictions_Removal-2213-1-1.rar
[2011-06-10 11:47:54 | 004,261,556 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Duran Duran - The Reflex.mp3
[2011-06-09 14:33:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat
[2011-06-09 14:02:00 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011-05-29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-05-29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-05-25 22:16:26 | 000,140,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011-05-25 22:16:18 | 000,280,768 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011-05-25 22:11:26 | 000,266,400 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[20 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-06-18 22:00:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011-06-18 22:00:49 | 000,261,936 | RHS- | C] () -- C:\cmldr
[2011-06-18 21:57:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-06-18 21:57:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-06-18 21:57:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-06-18 21:57:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-06-18 21:57:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-06-18 21:17:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\MBR.dat
[2011-06-18 21:14:25 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\RKUnhookerLE.EXE
[2011-06-18 21:14:07 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\MBR.dat
[2011-06-18 11:52:41 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2011-06-18 11:49:16 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\kxubi2uj.exe
[2011-06-14 21:46:10 | 000,000,322 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Warriors_Archery_and_Dual_Weapon-2340-1.zip
[2011-06-14 21:45:26 | 000,001,287 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Level_Cap_50-2844-1-02.rar
[2011-06-14 21:41:59 | 000,038,284 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Ability_Restrictions_Removal-2213-1-1.rar
[2011-06-10 11:47:11 | 004,261,556 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Bureaublad\Duran Duran - The Reflex.mp3
[2011-06-09 14:06:32 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011-06-09 13:53:36 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011-04-19 23:10:32 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011-03-03 18:57:56 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011-03-03 18:57:56 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011-02-28 02:31:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat
[2011-02-17 00:52:24 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\M2000Twn.dll
[2011-02-17 00:52:23 | 000,728,858 | ---- | C] () -- C:\Program Files\Common Files\unins000.exe
[2011-02-17 00:52:23 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\CompressATI2.dll
[2011-02-17 00:52:23 | 000,003,054 | ---- | C] () -- C:\Program Files\Common Files\unins000.dat
[2011-02-17 00:39:44 | 000,025,037 | ---- | C] () -- C:\WINDOWS\System32\Nucleus.dll
[2011-02-17 00:28:39 | 000,124,931 | ---- | C] () -- C:\WINDOWS\System32\dxgi.dll
[2011-02-17 00:28:39 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg
[2011-02-17 00:28:38 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
[2011-02-17 00:28:38 | 000,716,153 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2011-02-17 00:28:38 | 000,182,275 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
[2011-02-17 00:28:38 | 000,007,871 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2010-11-04 20:01:05 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2010-11-04 20:01:05 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2010-11-04 20:01:05 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2010-11-04 20:01:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2010-10-14 02:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010-05-15 19:45:44 | 002,373,712 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010-05-01 09:09:50 | 003,494,576 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010-04-12 16:21:38 | 000,472,576 | ---- | C] () -- C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
[2010-04-12 16:21:01 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010-04-12 15:06:37 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\atiamdag.dat
[2010-04-12 09:59:02 | 000,140,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-04-12 09:59:02 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Application Data\PnkBstrK.sys
[2010-04-12 09:58:33 | 000,280,768 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010-04-12 09:58:32 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2010-04-12 09:58:32 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010-04-12 08:39:26 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010-04-11 22:47:44 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\Lennart de Groot\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-04-11 12:35:24 | 000,461,368 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2010-04-11 12:35:23 | 000,016,456 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2010-04-11 12:35:23 | 000,011,088 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2010-04-10 23:51:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010-04-10 23:51:11 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-04-10 23:51:10 | 000,233,012 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-04-10 23:51:10 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-04-10 23:35:20 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-04-10 23:33:34 | 000,135,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-04-10 22:38:28 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2010-04-10 22:01:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-04-10 22:00:18 | 000,039,279 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2010-04-10 22:00:18 | 000,023,041 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[2010-04-10 22:00:18 | 000,018,442 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2010-04-10 22:00:18 | 000,016,271 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2010-04-10 22:00:18 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010-04-10 22:00:18 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010-04-10 21:44:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-04-10 21:41:37 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006-11-10 15:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2004-08-02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001-09-07 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-09-07 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-09-07 14:00:00 | 000,499,226 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2001-09-07 14:00:00 | 000,432,492 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-09-07 14:00:00 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2001-09-07 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-09-07 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-09-07 14:00:00 | 000,086,256 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2001-09-07 14:00:00 | 000,067,448 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-09-07 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-09-07 14:00:00 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2001-09-07 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-09-07 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-09-07 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001-09-07 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011-06-09 14:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011-06-09 13:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011-03-06 13:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2011-03-14 17:13:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010-05-15 20:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011-06-07 15:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011-06-07 15:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010-12-07 21:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011-06-09 13:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-06-07 15:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2011-03-04 02:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-02-25 22:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle
[2011-03-14 20:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2011-03-04 01:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010-04-12 22:40:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{26D901A1-2540-4430-81DC-0317F01BD7BE}
[2011-03-03 19:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010-04-12 09:25:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
[2010-04-12 22:40:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BF1E655E-0210-4F9E-BE22-94A9069BF84B}
[2011-03-03 17:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{F0489EF2-D393-4114-85BA-A94D71D89543}
[2010-04-12 22:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{F40E9D30-5DFC-4B21-BFDB-A5CDEE6440A6}
[2011-04-23 22:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\.minecraft
[2010-11-04 19:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Aura4You
[2011-06-09 13:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\AVG10
[2011-02-18 10:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Belastingdienst
[2010-04-14 19:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Command and Conquer 4
[2010-05-15 20:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\DAEMON Tools Lite
[2010-11-04 20:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\DataCast
[2010-04-30 23:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\FreeAudioPack
[2011-02-17 00:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\GetRightToGo
[2011-03-16 12:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\gtk-2.0
[2011-06-09 14:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\id Software
[2011-01-18 16:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\IrfanView
[2010-04-13 15:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Leadertech
[2010-05-25 14:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\LG Electronics
[2011-06-18 00:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Mumble
[2010-07-04 21:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\NCH Swift Sound
[2010-04-28 22:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Notepad++
[2010-06-24 19:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\OpenOffice.org
[2011-03-03 17:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Philips-Songbird
[2011-06-09 14:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\SWF.max
[2010-11-18 01:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\TS3Client
[2011-03-31 23:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Tunngle
[2011-05-30 16:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\Ubisoft
[2011-06-06 20:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\uTorrent
[2011-03-04 01:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lennart de Groot\Application Data\WindSolutions
[2011-06-18 23:47:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011-06-18 23:42:46 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010-04-10 21:43:38 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011-01-02 11:58:56 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011-06-18 22:00:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2001-09-07 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004-08-03 23:00:14 | 000,261,936 | RHS- | M] () -- C:\cmldr
[2011-06-19 00:20:47 | 000,027,105 | ---- | M] () -- C:\ComboFix.txt
[2010-04-10 21:43:38 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-04-10 21:43:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-04-10 21:43:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-04-10 22:23:57 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010-04-10 22:30:50 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011-06-18 23:42:22 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011-05-20 08:10:19 | 000,023,344 | ---- | M] () -- C:\wmdm.log

< %systemroot%\Fonts\*.com >
[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010-04-10 21:43:27 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008-07-06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010-04-10 23:32:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010-04-10 23:32:31 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010-04-10 23:32:31 | 000,458,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010-04-10 21:47:35 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureaublad weergeven.scf
[2010-04-10 22:38:18 | 000,000,189 | -HS- | M] () -- C:\Documents and Settings\Lennart de Groot\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >
[2008-03-09 08:25:10 | 000,000,236 | ---- | M] () -- C:\Program Files\Common Files\dx.reg
[2011-02-17 00:52:26 | 000,003,054 | ---- | M] () -- C:\Program Files\Common Files\unins000.dat
[2011-02-17 00:51:50 | 000,728,858 | ---- | M] () -- C:\Program Files\Common Files\unins000.exe

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >
 
< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
Radeon Omega Drivers v4.8.442 Uninstall.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011-06-19 00:20:58 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Lennart de Groot\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2005-01-28 13:44:28 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2001-05-02 15:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
[2008-04-14 22:32:24 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004-07-17 11:41:10 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2001-03-07 06:00:26 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2001-05-29 12:38:10 | 000,000,958 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008-05-02 16:05:59 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008-04-13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008-04-14 22:33:08 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2001-02-01 06:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
[2001-08-01 21:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
[2004-07-17 11:41:10 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004-07-17 11:41:10 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004-07-17 11:41:10 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2000-12-05 13:10:32 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004-07-17 11:35:48 | 000,118,265 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8D65F32
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96D0C06F

< End of report >


OTL Extras logfile created on: 19-6-2011 0:34:20 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Lennart de Groot\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,25 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 75,33% Memory free
5,09 Gb Paging File | 4,28 Gb Available in Paging File | 84,04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 128,00 Gb Total Space | 43,12 Gb Free Space | 33,69% Space Free | Partition Type: NTFS
Drive D: | 7,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 195,30 Gb Total Space | 79,38 Gb Free Space | 40,64% Space Free | Partition Type: NTFS
Drive F: | 272,87 Gb Total Space | 55,73 Gb Free Space | 20,42% Space Free | Partition Type: NTFS

Computer Name: LENNART | User Name: Lennart de Groot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-789336058-616249376-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"6112:TCP" = 6112:TCP:*:Enabled:WoW Downloader 6112
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"25565:TCP" = 25565:TCP:*:Enabled:Minecraft
"25566:TCP" = 25566:TCP:*:Enabled:Minecraft2
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2015:TCP" = 2015:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"F:\Games\Steam\SteamApps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe" = F:\Games\Steam\SteamApps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"F:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe" = F:\Program Files\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"F:\Program Files\World of Warcraft\Launcher.exe" = F:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"F:\Games\Steam\steam.exe" = F:\Games\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"F:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe" = F:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"F:\Program Files\StarCraft II\StarCraft II.exe" = F:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"F:\Program Files\StarCraft II\Versions\Base15405\SC2.exe" = F:\Program Files\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"F:\Program Files\World of Warcraft\BackgroundDownloader.exe" = F:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:BackgroundDownloader.exe -- (Blizzard Entertainment)
"F:\Program Files\StarCraft II\Versions\Base16755\SC2.exe" = F:\Program Files\StarCraft II\Versions\Base16755\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"F:\Program Files\StarCraft II\Versions\Base16939\SC2.exe" = F:\Program Files\StarCraft II\Versions\Base16939\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()
"F:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe" = F:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction -- ()
"F:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe" = F:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction Update -- (Ubisoft)
"F:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\UPlayBrowser.exe" = F:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\UPlayBrowser.exe:*:Enabled:UPlayBrowser Application -- (Ubisoft Entertainment)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"F:\Program Files\StarCraft II\Versions\Base17326\SC2.exe" = F:\Program Files\StarCraft II\Versions\Base17326\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"F:\Games\Steam\SteamApps\dark_eye_nl\counter-strike source\hl2.exe" = F:\Games\Steam\SteamApps\dark_eye_nl\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"F:\Games\Steam\SteamApps\common\mass effect 2\Binaries\MassEffect2.exe" = F:\Games\Steam\SteamApps\common\mass effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 -- (BioWare)
"F:\Games\Steam\SteamApps\common\mass effect 2\MassEffect2Launcher.exe" = F:\Games\Steam\SteamApps\common\mass effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 -- (BioWare)
"F:\Games\Steam\SteamApps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm" = F:\Games\Steam\SteamApps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Mass Effect 2 -- ()
"F:\Games\Steam\SteamApps\common\supreme commander 2\bin\SupremeCommander2.exe" = F:\Games\Steam\SteamApps\common\supreme commander 2\bin\SupremeCommander2.exe:*:Enabled:Supreme Commander 2 -- (Gas Powered Games)
"F:\Games\Steam\SteamApps\common\borderlands\Binaries\Borderlands.exe" = F:\Games\Steam\SteamApps\common\borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:java.exe -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaws.exe" = C:\Program Files\Java\jre6\bin\javaws.exe:*:Enabled:javaws.exe -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javacpl.exe" = C:\Program Files\Java\jre6\bin\javacpl.exe:*:Enabled:javacpl.exe -- (Sun Microsystems, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"F:\Games\Steam\SteamApps\common\assassins creed\AssassinsCreed_Game.exe" = F:\Games\Steam\SteamApps\common\assassins creed\AssassinsCreed_Game.exe:*:Enabled:Assassin's Creed -- (Ubisoft)
"F:\Games\Steam\SteamApps\common\dragon age ultimate edition\DAOriginsLauncher.exe" = F:\Games\Steam\SteamApps\common\dragon age ultimate edition\DAOriginsLauncher.exe:*:Enabled:Dragon Age: Origins - Ultimate Edition -- (BioWare)
"F:\Games\Steam\SteamApps\common\dragon age ultimate edition\docs\EA Help\Electronic_Arts_Technical_Support.htm" = F:\Games\Steam\SteamApps\common\dragon age ultimate edition\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Dragon Age: Origins - Ultimate Edition -- ()
"F:\Games\Steam\SteamApps\common\dragon age ultimate edition\bin_ship\DAOrigins.exe" = F:\Games\Steam\SteamApps\common\dragon age ultimate edition\bin_ship\DAOrigins.exe:*:Enabled:Dragon Age: Origins -- (BioWare)
"C:\Program Files\Mumble\mumble.exe" = C:\Program Files\Mumble\mumble.exe:*:Enabled:Mumble -- (Thorvald Natvig)
"C:\Program Files\Mumble\mumble11x.exe" = C:\Program Files\Mumble\mumble11x.exe:*:Enabled:Mumble (Backwards Compatible) -- (Thorvald Natvig)
"F:\Games\Steam\SteamApps\common\splinter cell - double agent\SCDALauncher.exe" = F:\Games\Steam\SteamApps\common\splinter cell - double agent\SCDALauncher.exe:*:Enabled:Tom Clancy's Splinter Cell: Double Agent -- ()
"F:\Games\Steam\SteamApps\common\splinter cell - double agent\SCDA-Offline\System\SplinterCell4.exe" = F:\Games\Steam\SteamApps\common\splinter cell - double agent\SCDA-Offline\System\SplinterCell4.exe:*:Enabled:SplinterCell4 -- ()
"F:\Games\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = F:\Games\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"F:\Games\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = F:\Games\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"F:\Games\Steam\SteamApps\common\mass effect\Binaries\MassEffect.exe" = F:\Games\Steam\SteamApps\common\mass effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect -- (BioWare)
"F:\Games\Steam\SteamApps\common\mass effect\docs\EA Help\Electronic_Arts_Technical_Support.htm" = F:\Games\Steam\SteamApps\common\mass effect\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Mass Effect -- ()
"E:\Program Files\The Witcher 2\bin\witcher2.exe" = E:\Program Files\The Witcher 2\bin\witcher2.exe:*:Enabled:The Witcher 2: Assasins of Kings -- ()
"F:\Games\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe" = F:\Games\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe:*:Enabled:Call of Duty: Black Ops - Multiplayer -- ()
"F:\Games\Steam\SteamApps\common\assassin's creed 2\AssassinsCreedIIGame.exe" = F:\Games\Steam\SteamApps\common\assassin's creed 2\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II -- ()
"F:\Games\Steam\SteamApps\common\call of duty black ops\BlackOps.exe" = F:\Games\Steam\SteamApps\common\call of duty black ops\BlackOps.exe:*:Enabled:Call of Duty: Black Ops -- ()
"F:\Games\Steam\SteamApps\common\dragon age ii\DragonAge2Launcher.exe" = F:\Games\Steam\SteamApps\common\dragon age ii\DragonAge2Launcher.exe:*:Enabled:Dragon Age II -- (BioWare)
"F:\Games\Steam\SteamApps\common\dragon age ii\docs\EA Help\Electronic_Arts_Technical_Support.htm" = F:\Games\Steam\SteamApps\common\dragon age ii\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Dragon Age II -- ()
"F:\Games\Steam\SteamApps\common\red faction ii\Red Faction II.exe" = F:\Games\Steam\SteamApps\common\red faction ii\Red Faction II.exe:*:Enabled:Red Faction II -- ()
"F:\Games\Steam\SteamApps\common\red faction guerrilla\rfg_launcher.exe" = F:\Games\Steam\SteamApps\common\red faction guerrilla\rfg_launcher.exe:*:Enabled:Red Faction: Guerrilla -- (THQ Inc.)
"F:\Games\Steam\SteamApps\common\red faction guerrilla\rfg.exe" = F:\Games\Steam\SteamApps\common\red faction guerrilla\rfg.exe:*:Enabled:Red Faction: Guerrilla -- (THQ Inc.)
"E:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe" = E:\Program Files\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe:*:Enabled:Crysis2 -- (Crytek GmbH)
"F:\Games\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe" = F:\Games\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0BF1B902-D614-8706-962B-1FE1D8B1F204}" = ATI Problem Report Wizard
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19AAE765-632C-498A-9948-379E02CF8472}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{25A18E40-3263-416E-B672-BE85DA47BBFD}" = Mumble 1.2.3
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{350C97BD-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{43502311-A8E5-233F-BEBC-9F47C112800E}" = ATI AVIVO Codecs
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{55C09FC1-D2D8-495A-BD80-D6725F0DCA58}" = Logitech GamePanel Software 3.04.137
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{64371D22-A18B-436E-863B-2E12DA8042FF}" = Microsoft .NET Framework 3.0 Dutch Language Pack
"{655A0785-CB7A-42C2-A1AE-B3FE1BFB2617}" = Windows Presentation Foundation Language Pack (NLD)
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{6C9EF6DE-391E-665A-92F2-2BF72DF53E61}" = Catalyst Control Center
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B85381C-0C6A-FC5B-97BC-FC0F392ED8AA}" = Application Profiles
"{7C4C5B40-43E1-4890-AD50-E1E8F8446D5F}" = Microsoft Antimalware Service NL-NL Language Pack
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client NL-NL Language Pack
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A1027CE-83F6-3CB2-B9BA-9DA38D0907D0}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AFBF90DF-9FBE-002F-E8F4-2EC713678BD7}" = Catalyst Control Center InstallProxy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB85B4D1-FE48-9AC2-ACF3-5833D539C606}" = ATI Catalyst Install Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio 5
"{C325B98A-455F-51CE-9234-ECD562DCE162}" = ATI MCE Encoder
"{C85C8CE6-CA92-7CDC-75C3-AA9C22E7FD75}" = ccc-utility
"{CDBA6855-330C-31F9-2E2E-9C2421A1B85E}" = HydraVision
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D41DA7B0-DE4C-20A5-FC4C-F00327548F0D}" = CCC Help English
"{ED4108A9-60FD-4F18-AF42-122219977773}" = Razer Naga
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F7F393-A8E8-42CC-8C2E-7A999B48B2AE}_is1" = DirectX10 LV (Last Version)
"{F73EA8BF-81F5-32AF-8D8A-24F12FD23B79}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD
"{F90D9C89-7918-7994-66CC-513C4A92D3A6}" = Catalyst Control Center Graphics Previews Common
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Aangifte inkomstenbelasting 2007" = Aangifte inkomstenbelasting 2007
"Aangifte inkomstenbelasting 2008" = Aangifte inkomstenbelasting 2008
"Aangifte inkomstenbelasting 2009" = Aangifte inkomstenbelasting 2009
"ABC Amber ePub Converter" = ABC Amber ePub Converter
"ABC Amber LIT Converter" = ABC Amber LIT Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"Creative Centrale" = Creative Centrale
"Digital Editions" = Adobe Digital Editions
"DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3
"DivX Setup.divx.com" = DivX Setup
"Find and Mount_is1" = Find and Mount 2.3
"Fraps" = Fraps (remove only)
"IconPackager" = IconPackager
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware versie 1.51.0.1200
"Microsoft .NET Framework 3.0 Dutch Language Pack" = Microsoft .NET Framework 3.0 Nederlands taalpakket
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MultiRes (remove only)" = MultiRes (remove only)
"MyFreeCodec" = MyFreeCodec
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"PCI Audio Driver" = PCI Audio Driver
"Philips Songbird" = Philips Songbird
"PunkBusterSvc" = PunkBuster Services
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 13580" = Tom Clancy's Splinter Cell: Double Agent
"Steam App 15100" = Assassin's Creed
"Steam App 15120" = Tom Clancy's Rainbow Six: Vegas 2
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 17460" = Mass Effect
"Steam App 20500" = Red Faction: Guerrilla
"Steam App 20550" = Red Faction II
"Steam App 24980" = Mass Effect 2
"Steam App 33230" = Assassin's Creed II
"Steam App 40100" = Supreme Commander 2
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 47810" = Dragon Age: Origins - Ultimate Edition
"Steam App 47900" = Dragon Age II
"Steam App 8980" = Borderlands
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
"Verzoek of wijziging voorlopige aanslag 2009" = Verzoek of wijziging voorlopige aanslag 2009
"VLC media player" = VLC media player 1.0.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid Video Codec 1.3.0" = Xvid Video Codec
"Zen V Series Media Explorer" = ZEN V Series Media Explorer
"ZENX-FI" = Creative ZEN X-Fi-Gebruikershandleiding

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12-12-2010 15:50:03 | Computer Name = LENNART | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: ts3client_win32.exe, versie: 1.0.0.0, vastgelopen
module: unknown, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 14-12-2010 16:55:05 | Computer Name = LENNART | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: ts3client_win32.exe, versie: 1.0.0.0, vastgelopen
module: msvcrt.dll, versie: 7.0.2600.5512, vastgelopen op: 0x00036fa3.

[ System Events ]
Error - 11-6-2011 3:22:13 | Computer Name = LENNART | Source = Windows Update Agent | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
foutcode 0xd0000005: KB951376: Beveiligingsupdate voor Windows XP.

Error - 16-6-2011 3:27:43 | Computer Name = LENNART | Source = Service Control Manager | ID = 7011
Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
transactie van deze service: SSDPSRV.

Error - 16-6-2011 3:27:43 | Computer Name = LENNART | Source = Service Control Manager | ID = 7000
Description = De SSDP Discovery-service-service kan vanwege de volgende fout niet
worden gestart: %%1053

Error - 16-6-2011 6:02:17 | Computer Name = LENNART | Source = Service Control Manager | ID = 7011
Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
transactie van deze service: SSDPSRV.

Error - 16-6-2011 6:02:17 | Computer Name = LENNART | Source = Service Control Manager | ID = 7000
Description = De SSDP Discovery-service-service kan vanwege de volgende fout niet
worden gestart: %%1053

Error - 18-6-2011 7:23:46 | Computer Name = LENNART | Source = Service Control Manager | ID = 7034
Description = De Java Quick Starter-service is onverwacht beëindigd. Dit is nu 1
keer gebeurd.

Error - 18-6-2011 7:36:55 | Computer Name = LENNART | Source = atapi | ID = 262153
Description = Het apparaat \Device\Ide\IdePort4 heeft niet binnen de tijd voor time-out
gereageerd.

Error - 18-6-2011 7:37:06 | Computer Name = LENNART | Source = atapi | ID = 262153
Description = Het apparaat \Device\Ide\IdePort4 heeft niet binnen de tijd voor time-out
gereageerd.

Error - 18-6-2011 16:11:53 | Computer Name = LENNART | Source = System Error | ID = 1003
Description = Foutcode; 000000ca, parameter1: 00000004, parameter2: 89989030, parameter3:
00000000, parameter4: 00000000.

Error - 18-6-2011 17:40:56 | Computer Name = LENNART | Source = PlugPlayManager | ID = 11
Description = Het apparaat Root\LEGACY_BLACKBOX\0000 is uit het systeem verdwenen
zonder dat de verwijdering is voorbereid.


< End of report >


That's all the files.
 
Which browser is getting redirected?

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Both FireFox and Internet Explorer showed the same symptoms, after having done the TDSSKiller step both FF and IE redirect where they're intended to.


Log;

2011/06/19 00:48:38.0375 2284 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/19 00:48:38.0578 2284 ================================================================================
2011/06/19 00:48:38.0578 2284 SystemInfo:
2011/06/19 00:48:38.0578 2284
2011/06/19 00:48:38.0578 2284 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/19 00:48:38.0578 2284 Product type: Workstation
2011/06/19 00:48:38.0578 2284 ComputerName: LENNART
2011/06/19 00:48:38.0578 2284 UserName: Lennart de Groot
2011/06/19 00:48:38.0578 2284 Windows directory: C:\WINDOWS
2011/06/19 00:48:38.0578 2284 System windows directory: C:\WINDOWS
2011/06/19 00:48:38.0578 2284 Processor architecture: Intel x86
2011/06/19 00:48:38.0578 2284 Number of processors: 2
2011/06/19 00:48:38.0578 2284 Page size: 0x1000
2011/06/19 00:48:38.0578 2284 Boot type: Normal boot
2011/06/19 00:48:38.0578 2284 ================================================================================
2011/06/19 00:48:39.0312 2284 Initialize success
2011/06/19 00:48:51.0187 5488 ================================================================================
2011/06/19 00:48:51.0187 5488 Scan started
2011/06/19 00:48:51.0187 5488 Mode: Manual;
2011/06/19 00:48:51.0187 5488 ================================================================================
2011/06/19 00:48:51.0906 5488 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/19 00:48:51.0921 5488 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/19 00:48:51.0953 5488 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/19 00:48:51.0968 5488 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/19 00:48:52.0062 5488 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/06/19 00:48:52.0078 5488 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/19 00:48:52.0140 5488 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
2011/06/19 00:48:52.0156 5488 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/19 00:48:52.0156 5488 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/19 00:48:52.0296 5488 ati2mtag (8e280e25a7a3ca8f5f35946cdf41d434) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/19 00:48:52.0343 5488 AtiHdmiService (b5e6b3802c6b36308dfc8e9855e3a872) C:\WINDOWS\system32\drivers\AtiHdmi.sys
2011/06/19 00:48:52.0375 5488 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\WINDOWS\system32\DRIVERS\ATITool.sys
2011/06/19 00:48:52.0437 5488 atitray (6e51838f65c4f5264af489773a53d678) C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys
2011/06/19 00:48:52.0453 5488 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/19 00:48:52.0468 5488 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/19 00:48:52.0500 5488 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/19 00:48:52.0531 5488 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/19 00:48:52.0578 5488 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/19 00:48:52.0593 5488 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/19 00:48:52.0593 5488 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/19 00:48:52.0640 5488 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys
2011/06/19 00:48:52.0671 5488 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\WINDOWS\system32\drivers\cpuz134_x32.sys
2011/06/19 00:48:52.0703 5488 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/19 00:48:52.0734 5488 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/19 00:48:52.0750 5488 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/19 00:48:52.0750 5488 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/19 00:48:52.0781 5488 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/19 00:48:52.0812 5488 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/19 00:48:52.0828 5488 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/19 00:48:52.0843 5488 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/19 00:48:52.0843 5488 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/19 00:48:52.0859 5488 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/19 00:48:52.0875 5488 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/19 00:48:52.0890 5488 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/19 00:48:52.0906 5488 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/19 00:48:52.0906 5488 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/06/19 00:48:52.0937 5488 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/06/19 00:48:52.0937 5488 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/19 00:48:52.0953 5488 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/19 00:48:52.0968 5488 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/19 00:48:53.0000 5488 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/19 00:48:53.0031 5488 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/06/19 00:48:53.0046 5488 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/19 00:48:53.0171 5488 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/19 00:48:53.0218 5488 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/19 00:48:53.0234 5488 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/19 00:48:53.0265 5488 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/19 00:48:53.0281 5488 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/19 00:48:53.0296 5488 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/19 00:48:53.0312 5488 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/19 00:48:53.0328 5488 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/19 00:48:53.0343 5488 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/19 00:48:53.0359 5488 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/19 00:48:53.0375 5488 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/19 00:48:53.0390 5488 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/19 00:48:53.0390 5488 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/19 00:48:53.0421 5488 LBeepKE (ca63fe81705ad660e482bef210bf2c73) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/06/19 00:48:53.0453 5488 LGBusEnum (170e7093a77ad586f3a012a3db651d94) C:\WINDOWS\system32\drivers\LGBusEnum.sys
2011/06/19 00:48:53.0468 5488 LGVirHid (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\WINDOWS\system32\drivers\LGVirHid.sys
2011/06/19 00:48:53.0500 5488 LHidFilt (b68309f25c5787385da842eb5b496958) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/06/19 00:48:53.0515 5488 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/06/19 00:48:53.0546 5488 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/06/19 00:48:53.0578 5488 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/06/19 00:48:53.0578 5488 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/19 00:48:53.0609 5488 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/19 00:48:53.0640 5488 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/06/19 00:48:53.0671 5488 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/19 00:48:53.0687 5488 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/19 00:48:53.0687 5488 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/19 00:48:53.0718 5488 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/06/19 00:48:53.0781 5488 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/19 00:48:53.0812 5488 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/19 00:48:53.0828 5488 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/19 00:48:53.0843 5488 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/19 00:48:53.0859 5488 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/19 00:48:53.0875 5488 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/19 00:48:53.0890 5488 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/19 00:48:53.0890 5488 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/19 00:48:53.0906 5488 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/19 00:48:53.0921 5488 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/19 00:48:53.0937 5488 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/19 00:48:53.0937 5488 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/19 00:48:53.0953 5488 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/19 00:48:53.0968 5488 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/19 00:48:53.0968 5488 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/19 00:48:54.0000 5488 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/19 00:48:54.0000 5488 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/19 00:48:54.0015 5488 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/19 00:48:54.0031 5488 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/19 00:48:54.0062 5488 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/19 00:48:54.0062 5488 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/19 00:48:54.0078 5488 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/19 00:48:54.0093 5488 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/19 00:48:54.0093 5488 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/19 00:48:54.0125 5488 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/19 00:48:54.0125 5488 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/19 00:48:54.0140 5488 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/19 00:48:54.0156 5488 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/19 00:48:54.0218 5488 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/19 00:48:54.0234 5488 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/19 00:48:54.0250 5488 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/19 00:48:54.0265 5488 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/19 00:48:54.0281 5488 pwdrvio (99cf0190f1f346cb0a0bbd1873683425) C:\WINDOWS\system32\pwdrvio.sys
2011/06/19 00:48:54.0281 5488 pwdspio (57febcc5f8c577faad55b0ff2d617826) C:\WINDOWS\system32\pwdspio.sys
2011/06/19 00:48:54.0312 5488 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/19 00:48:54.0359 5488 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/19 00:48:54.0359 5488 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/19 00:48:54.0375 5488 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/19 00:48:54.0375 5488 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/19 00:48:54.0390 5488 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/19 00:48:54.0390 5488 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/19 00:48:54.0406 5488 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/19 00:48:54.0421 5488 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/19 00:48:54.0453 5488 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/19 00:48:54.0546 5488 RTHDMIAzAudService (3a5d16604e1744964e08432354c489a3) C:\WINDOWS\system32\drivers\RtKHDMI.sys
2011/06/19 00:48:54.0578 5488 rtl8029 (493b54a894a6e70dd02961a68db8863f) C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
2011/06/19 00:48:54.0609 5488 RzSynapse (2e2f0d988f6d46e5e5e84d9fcad39081) C:\WINDOWS\system32\DRIVERS\RzSynapse.sys
2011/06/19 00:48:54.0625 5488 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/19 00:48:54.0640 5488 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/19 00:48:54.0656 5488 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/19 00:48:54.0687 5488 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/19 00:48:54.0718 5488 slicedisk.sys (4e88cd24d5ddfca74f64a4fec2ed7197) C:\WINDOWS\system32\slicedisk.sys
2011/06/19 00:48:54.0781 5488 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/19 00:48:54.0812 5488 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\system32\Drivers\sptd.sys
2011/06/19 00:48:54.0812 5488 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
2011/06/19 00:48:54.0812 5488 sptd - detected LockedFile.Multi.Generic (1)
2011/06/19 00:48:54.0828 5488 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/19 00:48:54.0843 5488 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/19 00:48:54.0859 5488 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/19 00:48:54.0875 5488 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/19 00:48:54.0906 5488 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/19 00:48:54.0937 5488 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/19 00:48:54.0953 5488 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/19 00:48:54.0953 5488 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/19 00:48:54.0968 5488 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/19 00:48:55.0000 5488 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/19 00:48:55.0015 5488 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/19 00:48:55.0031 5488 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/19 00:48:55.0046 5488 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/19 00:48:55.0078 5488 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/19 00:48:55.0078 5488 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/19 00:48:55.0109 5488 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/19 00:48:55.0140 5488 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/19 00:48:55.0140 5488 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/19 00:48:55.0156 5488 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/19 00:48:55.0171 5488 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/19 00:48:55.0203 5488 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/06/19 00:48:55.0218 5488 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/19 00:48:55.0265 5488 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/06/19 00:48:55.0281 5488 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/19 00:48:55.0312 5488 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/19 00:48:55.0343 5488 MBR (0x1B8) (33acd7f96c8c543021d4b4a4c6afbe8a) \Device\Harddisk0\DR0
2011/06/19 00:48:55.0343 5488 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
2011/06/19 00:48:55.0343 5488 ================================================================================
2011/06/19 00:48:55.0343 5488 Scan finished
2011/06/19 00:48:55.0343 5488 ================================================================================
2011/06/19 00:48:55.0359 2376 Detected object count: 2
2011/06/19 00:48:55.0359 2376 Actual detected object count: 2
2011/06/19 00:49:11.0218 2376 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/19 00:49:11.0234 2376 \Device\Harddisk0\DR0 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot
2011/06/19 00:49:11.0234 2376 \Device\Harddisk0\DR0 - ok
2011/06/19 00:49:11.0234 2376 Backdoor.Win32.Sinowal.knf(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/19 00:49:33.0421 1056 Deinitialize success
 
Status
Not open for further replies.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
R
Solved Data Hijacking, Help Please
2
Replies
37
Views
5K
Broni
Broni
U
Solved Explorer.exe buffer overflow
2
Replies
25
Views
6K
Broni
Broni

Latest posts

Back