Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

logs of PRAGMA virus


  • This topic is locked This topic is locked
22 replies to this topic

#1 PowerChaos

PowerChaos

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 11 June 2010 - 04:33 PM

hi,
as requested before on my other topic (can be found at http://www.bleepingcomputer.com/forums/t/323452/pragma-infection/ )

here are my log files

CODE
DDS (Ver_10-03-17.01) - NTFSx86  
Run by PowerChaos at 18:54:05,80 on vr 11/06/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.32.1043.18.3068.1907 [GMT 2:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\windows\system32\svchost.exe -k dcomlaunch
c:\windows\system32\svchost.exe -k rpcss
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\system32\Ati2evxx.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
c:\windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe
c:\windows\system32\svchost.exe -k gpsvcgroup
C:\Windows\system32\SLsvc.exe
c:\windows\system32\svchost.exe -k localservice
C:\Windows\system32\Hpservice.exe
c:\windows\system32\svchost.exe -k networkservice
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localservicenonetwork
C:\Windows\System32\lpksetup.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\wamp\mysql\bin\mysqld-max-nt.exe
C:\Windows\system32\PnkBstrA.exe
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\PowerChaos\AppData\Local\Google\Update\1.2.183.27\GoogleCrashHandler.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Xfire\Xfire.exe
C:\Users\PowerChaos\AppData\Local\Apps\2.0\ABH9DH0Q.TJ2\O8A9HAEH.ZPG\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Users\PowerChaos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PowerChaos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Program Files\NCH Swift Sound\VRS\vrs.exe
c:\windows\system32\svchost.exe -k wersvcgroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\PowerChaos\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svhosit.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\ctfmon.exe
C:\Users\PowerChaos\Downloads\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2604775
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb
uSearch Page =
uSearch Bar =
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uURLSearchHooks: DemonPower Gaming Toolbar: {dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96} - c:\program files\demonpower_gaming\tbDem0.dll
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
uURLSearchHooks: H - No File
mURLSearchHooks: DemonPower Gaming Toolbar: {dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96} - c:\program files\demonpower_gaming\tbDem0.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch_1.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: DemonPower Gaming Toolbar: {dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96} - c:\program files\demonpower_gaming\tbDem0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: DemonPower Gaming Toolbar: {dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96} - c:\program files\demonpower_gaming\tbDem0.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\powerchaos\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [Flashget] c:\program files\flashget\flashget.exe /min
mRun: [VRS] "c:\program files\nch swift sound\vrs\vrs.exe" -logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
uExplorerRun: [Policies] c:\windows\system32\microsoft_kb73729795\update_dir72938749.exe
mExplorerRun: [rf4qy] c:\users\powerc~1\appdata\local\temp\b8n8nse.exe
StartupFolder: c:\users\powerchaos\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\users\powerc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &AOL-werkbalk Zoeken - c:\programdata\aol\ietoolbar\resources\nl-be\local\search.html
IE: &Ontvang alles met FlashGet - c:\program files\flashget\jc_all.htm
IE: &Ontvang met FlashGet - c:\program files\flashget\jc_link.htm
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware server\vsocklib.dll
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: GootkitSSO - {0E08EE0B-A769-4861-913C-04E9CC2B5CA8} - No File
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R?2 teparting serverl;SheCole Authoratio servert;c:\windows\system32\svhosit.exe [2008-1-21 811896]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\drivers\BdfNdisf6.sys [2009-10-19 72784]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/04/06 04:12:02];c:\program files\hewlett-packard\media\dvd\000.fcl [2008-11-28 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_52c73ccb\AEstSrv.exe [2009-4-6 77824]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2010-1-19 85128]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-2-20 365952]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2008-11-26 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2008-11-26 116096]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-3-26 54960]
R2 VRSService;VRS Recording System;c:\program files\nch swift sound\vrs\vrs.exe [2010-5-19 1024004]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 54784]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-10-23 107360]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S2 StudioPro;StudioPro webcam;c:\windows\system32\drivers\StudioPro.sys [2010-5-19 124416]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-2-3 153448]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-2-20 222512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-6-30 91408]
S4 iReboot;iReboot Background Service;c:\program files\neosmart technologies\ireboot\iRebootd.exe [2008-4-27 9216]
S4 VMwareHostd;VMware Host Agent;c:\program files\vmware\vmware server\vmware-hostd.exe [2009-3-26 322096]
S4 VMwareServerWebAccess;VMware Server Web Access;c:\program files\vmware\vmware server\tomcat\bin\tomcat6.exe [2009-3-27 57344]
S4 vmwriter;VMware VSS Writer;c:\program files\vmware\vmware server\vmVssWriter.exe [2009-3-26 22528]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2010-06-11 16:30:28    176    ----a-w-    c:\users\powerchaos\defogger_reenable
2010-06-11 14:17:34    183    ----a-w-    C:\xvpusers.conf
2010-06-11 09:47:58    0    ----a-w-    c:\windows\system32\wsbl.dat
2010-06-11 09:47:58    0    ----a-w-    c:\windows\system32\phar_unmip.dat
2010-06-11 09:47:58    0    ----a-w-    c:\windows\system32\phar_histprot.dat
2010-06-11 09:47:58    0    ----a-w-    c:\windows\system32\ph_white.dat
2010-06-11 09:47:58    0    ----a-w-    c:\windows\system32\ph_summ.dat
2010-06-11 09:47:58    0    ----a-w-    c:\windows\system32\ph_spoof.sig
2010-06-11 09:47:58    0    ----a-w-    c:\windows\system32\ph_sign.slf
2010-06-11 09:47:58    0    ----a-w-    c:\windows\system32\ph_fuzzy.sig
2010-06-11 09:47:58    0    ----a-w-    c:\windows\system32\ph_black.dat
2010-06-11 09:47:58    0    ----a-w-    c:\windows\system32\pcwords2.dat
2010-06-11 09:37:30    52    ----a-w-    c:\windows\system32\ashttpstats.csv
2010-06-10 21:17:55    0    d-----w-    C:\Binaries
2010-06-10 16:35:10    851    ----a-w-    c:\windows\system32\ProductTweaks.xml
2010-06-10 16:35:10    385    ----a-w-    c:\windows\system32\user_gensett.xml
2010-06-10 15:04:28    72704    ----a-w-    c:\windows\system32\admparse.dll
2010-06-10 05:31:09    12456    ----a-w-    C:\domainname
2010-06-10 02:38:53    0    d-----w-    c:\windows\system32\logs
2010-06-10 02:38:25    0    d-----w-    c:\users\powerc~1\appdata\roaming\BitDefender
2010-06-10 02:38:21    0    d-----w-    c:\program files\common files\MSSoap
2010-06-10 02:37:42    0    d-----w-    c:\programdata\BitDefender
2010-06-10 02:37:42    0    d-----w-    c:\program files\BitDefender
2010-06-10 02:32:57    0    d-----w-    c:\windows\system32\URTTEMP
2010-06-10 02:29:41    0    d-----w-    c:\program files\common files\BitDefender
2010-06-10 01:02:13    411368    ----a-w-    c:\windows\system32\deployJava1.dll
2010-06-10 00:58:58    0    d-----w-    c:\programdata\Sun
2010-06-08 16:28:36    0    ----a-w-    C:\windows1.exe
2010-06-08 16:28:29    0    d--h--w-    c:\program files\NVIDIA
2010-06-08 13:23:35    0    d-----w-    c:\users\powerc~1\appdata\roaming\Unity
2010-06-07 23:00:34    0    d-----w-    c:\programdata\Blizzard Entertainment
2010-06-07 17:38:22    0    ----a-w-    C:\LHT369F.tmp
2010-06-07 17:28:27    0    d-----w-    c:\programdata\WindowsSearch
2010-06-07 17:05:48    0    d-----w-    C:\World of Warcraft Public Test
2010-06-02 13:55:00    0    ----a-w-    c:\users\powerchaos\ping
2010-06-02 04:35:42    40960    ----a-w-    c:\windows\system32\cmdshell.dll
2010-06-01 16:01:12    0    d-----w-    C:\My Documents
2010-05-28 00:09:00    41872    ----a-w-    c:\windows\system32\xfcodec.dll
2010-05-27 01:42:49    264219    ----a-w-    C:\1021.exe
2010-05-25 22:44:56    393    ----a-w-    C:\page.gif
2010-05-25 22:44:36    606    ----a-w-    C:\img_ad.png
2010-05-22 20:10:31    674600    ----a-w-    c:\windows\system32\pbsvc.exe
2010-05-22 17:08:04    5332    ----a-w-    C:\logo.gif
2010-05-22 17:07:48    4163    ----a-w-    C:\logo2.gif
2010-05-19 21:02:47    6072    ----a-w-    C:\webcam.jpg
2010-05-19 21:01:30    4734    ----a-w-    C:\temp.jpg
2010-05-19 20:30:56    0    d-----w-    c:\program files\Livestream Procaster
2010-05-19 19:56:55    0    d-----w-    c:\programdata\NCH Swift Sound
2010-05-19 19:56:55    0    d-----w-    c:\program files\NCH Swift Sound
2010-05-19 19:55:55    0    d-----w-    c:\users\powerc~1\appdata\roaming\NCH Software
2010-05-19 19:55:55    0    d-----w-    c:\program files\NCH Software
2010-05-19 19:31:12    31    ----a-w-    c:\windows\e2eSoft.ini
2010-05-19 19:26:43    0    d-----w-    C:\Aptana Studio 2.0
2010-05-19 15:03:18    196608    ----a-w-    c:\windows\system32\StudioProProp.ax
2010-05-19 15:03:18    124416    ----a-w-    c:\windows\system32\drivers\StudioPro.sys
2010-05-19 15:03:18    0    d-----w-    c:\program files\Broadcaster
2010-05-17 03:57:17    50704    ----a-w-    c:\windows\system32\drivers\npf.sys
2010-05-17 03:57:17    281104    ----a-w-    c:\windows\system32\wpcap.dll
2010-05-17 03:57:17    100880    ----a-w-    c:\windows\system32\Packet.dll
2010-05-17 03:57:01    1    ----a-w-    c:\users\powerchaos\oashdihasidhasuidhiasdhiashdiuasdhasd
2010-05-17 03:56:16    32768    ----a-w-    c:\windows\system32\hgtd.ruy
2010-05-17 03:56:15    65024    ----a-w-    c:\windows\system32\h7t.wt
2010-05-17 03:55:49    85    ----a-w-    c:\users\powerc~1\appdata\roaming\wp4.dat
2010-05-17 03:55:49    36    ----a-w-    c:\users\powerc~1\appdata\roaming\skynet.dat
2010-05-17 03:55:49    2    ----a-w-    c:\users\powerc~1\appdata\roaming\wp3.dat
2010-05-17 03:55:47    0    d-----w-    c:\users\powerc~1\appdata\roaming\AKM Antivirus 2010 Pro
2010-05-17 03:55:27    38    ----a-w-    c:\windows\system32\{c44b7f49-8b38-4a59-a843-2c5d940f5cd5}
2010-05-17 03:54:58    0    d-----w-    c:\users\powerc~1\appdata\roaming\5145F0F88B5304EF0A46663D0F7375A1
2010-05-17 03:49:52    0    d-----w-    c:\program files\SWF Decompiler Magic
2010-05-17 03:35:16    0    d-----w-    c:\program files\common files\SourceTec
2010-05-17 03:35:14    0    d-----w-    c:\program files\SourceTec
2010-05-15 16:59:15    0    d-----w-    c:\program files\CamStudio
2010-05-15 09:38:55    33846    ----a-w-    c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.bmp
2010-05-15 09:38:55    11024    ----a-w-    c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2010-05-15 01:57:41    0    d-----w-    c:\users\powerc~1\appdata\roaming\dream-mp3-to-midi-converter
2010-05-15 01:52:23    0    d-----w-    c:\program files\AmazingMIDI
2010-05-15 01:25:49    0    d-----w-    c:\users\powerc~1\appdata\roaming\Synthesia

==================== Find3M  ====================

2010-06-11 09:37:18    72784    ----a-w-    c:\windows\system32\drivers\BdfNdisf6.sys
2010-06-10 21:21:27    86016    ----a-w-    c:\windows\inf\infstor.dat
2010-06-10 21:21:27    51200    ----a-w-    c:\windows\inf\infpub.dat
2010-06-10 21:21:27    143360    ----a-w-    c:\windows\inf\infstrng.dat
2010-06-10 02:35:23    680138    ----a-w-    c:\windows\system32\perfh013.dat
2010-06-10 02:35:23    671716    ----a-w-    c:\windows\system32\perfh00C.dat
2010-06-10 02:35:23    132984    ----a-w-    c:\windows\system32\perfc013.dat
2010-06-10 02:35:23    129048    ----a-w-    c:\windows\system32\perfc00C.dat
2010-06-02 04:36:30    811896    ------w-    c:\windows\system32\svhosit.exe
2010-05-22 20:27:02    139152    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2010-05-22 20:26:55    111928    ----a-w-    c:\windows\system32\PnkBstrB.exe
2010-05-22 20:10:54    22328    ----a-w-    c:\users\powerc~1\appdata\roaming\PnkBstrK.sys
2010-05-22 20:10:33    66872    ----a-w-    c:\windows\system32\PnkBstrA.exe
2010-05-17 15:09:36    149560    ----a-w-    c:\windows\system32\drivers\adpu320.sys
2010-05-15 09:38:50    3494576    ----a-w-    c:\windows\system32\SpoonUninstall.exe
2010-05-15 09:38:49    15607    ----a-w-    c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-05-12 09:21:16    221568    ------w-    c:\windows\system32\MpSigStub.exe
2010-05-04 05:59:21    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-05-04 05:55:42    71680    ----a-w-    c:\windows\system32\iesetup.dll
2010-05-04 05:55:42    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2010-04-22 13:08:46    72080    ----a-w-    c:\users\powerchaos\g2mdlhlpx.exe
2010-03-26 19:17:50    1736704    ----a-w-    C:\DemonPower_Eo_Beta - BoosterKing - .exe
2010-03-24 14:57:04    713312    ----a-w-    c:\windows\system32\ijjiSetup.exe
2010-03-24 14:56:58    62048    ----a-w-    c:\windows\system32\ijjiProcessRestarter.exe
2010-03-24 14:56:52    57952    ----a-w-    c:\windows\system32\ijjiPlugin2.dll
2010-03-24 14:56:40    86624    ----a-w-    c:\windows\system32\ijjiChannelingPlugin.dll
2010-03-21 00:06:08    2434856    ----a-w-    c:\windows\system32\pbsvc_bc2.exe
2010-03-20 03:18:35    9    ----a-w-    C:\winmap.dll
2010-03-20 03:18:35    9    ----a-w-    c:\program files\install_log.dat
2010-03-19 01:28:01    5632    ----a-w-    c:\windows\system32\BReWErS.dll
2010-03-16 09:59:04    9728    ----a-w-    c:\windows\system32\uc_karos_launching.dll
2010-03-16 09:59:04    75264    ----a-w-    c:\windows\system32\uc_holybeast_launching.dll
2010-03-16 09:59:04    64000    ----a-w-    c:\windows\system32\uc_sfighters_launching.dll
2010-03-16 09:59:04    61440    ----a-w-    c:\windows\system32\uc_atlantica_launching.dll
2010-03-16 09:59:04    53248    ----a-w-    c:\windows\system32\uc_luminary_launching.dll
2010-03-16 09:59:04    427008    ----a-w-    c:\windows\system32\uc_wepic_launching.dll
2010-03-16 09:59:04    208384    ----a-w-    c:\windows\system32\uc_rohan_launching.dll
2010-03-16 09:59:04    147456    ----a-w-    c:\windows\system32\uc_neosteam_launching.dll
2010-03-15 21:05:23    34429    ----a-w-    c:\users\powerc~1\appdata\roaming\SQLite3.dll
2009-02-20 08:22:23    665600    ----a-w-    c:\windows\inf\drvindex.dat
2009-02-20 07:50:51    41976    ----a-w-    c:\windows\inf\perflib\0413\perfd.dat
2009-02-20 07:50:51    41976    ----a-w-    c:\windows\inf\perflib\0413\perfc.dat
2009-02-20 07:50:51    336440    ----a-w-    c:\windows\inf\perflib\0413\perfi.dat
2009-02-20 07:50:51    336440    ----a-w-    c:\windows\inf\perflib\0413\perfh.dat
2009-02-20 07:45:34    37390    ----a-w-    c:\windows\inf\perflib\040c\perfd.dat
2009-02-20 07:45:34    37390    ----a-w-    c:\windows\inf\perflib\040c\perfc.dat
2009-02-20 07:45:34    340236    ----a-w-    c:\windows\inf\perflib\040c\perfi.dat
2009-02-20 07:45:34    340236    ----a-w-    c:\windows\inf\perflib\040c\perfh.dat
2008-01-21 02:43:21    174    --sha-w-    c:\program files\desktop.ini
2006-11-02 09:20:21    287440    ----a-w-    c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21    287440    ----a-w-    c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19    30674    ----a-w-    c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19    30674    ----a-w-    c:\windows\inf\perflib\0000\perfc.dat
2009-02-20 08:11:18    8192    --sha-w-    c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:59:14,18 ===============

CODE
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-11 21:39:28
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\POWERC~1\AppData\Local\Temp\pxlyquog.sys


---- System - GMER 1.0.15 ----

Code            8A93B0C8                                                                                                            ZwEnumerateKey
Code            87D64220                                                                                                            ZwFlushInstructionCache
Code            8A92B5B5                                                                                                            IofCallDriver
Code            8A7D04D6                                                                                                            IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!IofCompleteRequest                                                                                     82E54FFA 5 Bytes  JMP 8A7D04DB
.text           ntkrnlpa.exe!IofCallDriver                                                                                          82ED6FEF 5 Bytes  JMP 8A92B5BA
PAGE            ntkrnlpa.exe!ZwFlushInstructionCache                                                                                82FCE46B 5 Bytes  JMP 87D64224
PAGE            ntkrnlpa.exe!ZwEnumerateKey                                                                                         83023D16 5 Bytes  JMP 8A93B0CC
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x90C02000, 0x2311A4, 0xE8000020]
.text           C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl                                                                  section is writeable [0xA0134000, 0x2892, 0xE8000020]
.vmp2           C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl                                                                  entry point in ".vmp2" section [0xA0157050]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe[12] ntdll.dll!LdrLoadDll + 1          77D67934 2 Bytes  [13, 04]
.text           C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe[12] ntdll.dll!LdrLoadDll + 4          77D67937 4 Bytes  [4C, C3, CC, 90] {DEC ESP; RET; INT 3; NOP }
.text           C:\Windows\System32\smss.exe[628] ntdll.dll!LdrLoadDll + 1                                                          77D67934 2 Bytes  [13, 04]
.text           C:\Windows\System32\smss.exe[628] ntdll.dll!LdrLoadDll + 4                                                          77D67937 4 Bytes  [4C, C3, CC, 90] {DEC ESP; RET; INT 3; NOP }
.text           C:\Windows\System32\svchost.exe[692] ntdll.dll!LdrLoadDll + 1                                                       77D67934 2 Bytes  [13, 04]
.text           ...                                                                                                                
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!RtlCreateProcessParametersEx      77D74D11 5 Bytes  JMP 60031F6A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtClose + 5                       77D97F4D 5 Bytes  JMP 60031E20 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtCreateEvent + 5                 77D97FED 5 Bytes  JMP 60031F4C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtCreateFile + 5                  77D9800D 5 Bytes  JMP 60031E52 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtCreateKey + 5                   77D9804D 5 Bytes  JMP 6003206E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtCreateMutant + 5                77D9807D 5 Bytes  JMP 60031F56 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtCreateProcess + 5               77D980CD 5 Bytes  JMP 6003205A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtCreateProcessEx + 5             77D980DD 5 Bytes  JMP 60031E7A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtCreateSection + 5               77D980FD 5 Bytes  JMP 60031E2A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtCreateThread + 5                77D9812D 5 Bytes  JMP 6003201E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtDeleteKey + 5                   77D983FD 5 Bytes  JMP 6003200A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtDeleteValueKey + 5              77D9842D 5 Bytes  JMP 60032000 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtDuplicateObject + 5             77D9845D 5 Bytes  JMP 60031FBA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtLoadDriver + 5                  77D9869D 5 Bytes  JMP 60031F42 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtMapViewOfSection + 5            77D9875D 5 Bytes  JMP 60031E3E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtOpenFile + 5                    77D987ED 5 Bytes  JMP 60032014 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtOpenKey + 5                     77D9881D 5 Bytes  JMP 60032078 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtOpenProcess + 5                 77D9886D 5 Bytes  JMP 60032050 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtOpenSection + 5                 77D9889D 5 Bytes  JMP 60031E34 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtQueueApcThread + 5              77D98C3D 5 Bytes  JMP 60032064 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtSetInformationFile + 5          77D98F1D 5 Bytes  JMP 60031FF6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtSetValueKey + 5                 77D9908D 5 Bytes  JMP 60031E84 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtTerminateProcess + 5            77D9912D 5 Bytes  JMP 60031FEC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtUnmapViewOfSection + 5          77D9920D 5 Bytes  JMP 60031E48 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtWriteFile + 5                   77D9927D 5 Bytes  JMP 60031FB0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtWriteVirtualMemory + 5          77D992AD 5 Bytes  JMP 6003203C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!NtCreateThreadEx + 5              77D9942D 5 Bytes  JMP 60032028 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ntdll.dll!RtlCreateProcessParameters        77DD6D0C 5 Bytes  JMP 60031ED4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!GetSystemTimeAsFileTime        76F718C0 5 Bytes  JMP 60031EAC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!GetStartupInfoW                76F71929 5 Bytes  JMP 60031ECA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!GetStartupInfoA                76F719C9 5 Bytes  JMP 60031EC0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!CreateProcessA                 76F71C36 5 Bytes  JMP 60031F2E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!Sleep                          76F71C6B 5 Bytes  JMP 60031EF2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!WriteProcessMemory             76F71CC6 5 Bytes  JMP 60032082 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!CheckRemoteDebuggerPresent     76F7517F 5 Bytes  JMP 60031F60 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!CopyFileExW                    76F7BFA1 5 Bytes  JMP 60031E66 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!SetFileAttributesW             76F81CA9 5 Bytes  JMP 60031F9C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!DeleteFileW                    76F8C5C8 5 Bytes  JMP 60031FCE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!MoveFileWithProgressW          76F9104C 5 Bytes  JMP 60031E70 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!LoadLibraryExW                 76F930C3 5 Bytes  JMP 60031FA6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!ExitProcess                    76F93B54 5 Bytes  JMP 60031EE8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!LoadLibraryA                   76F99491 5 Bytes  JMP 60031F06 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!CreateProcessInternalW         76F998DD 5 Bytes  JMP 60031FC4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!FreeLibrary                    76FB08F8 5 Bytes  JMP 60032096 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!CreateThread                   76FB46C8 5 Bytes  JMP 6003208C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!CreateRemoteThread             76FB46EF 5 Bytes  JMP 60032032 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!CreateDirectoryW               76FB8DA1 5 Bytes  JMP 60031FD8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!GetProcAddress                 76FBB8B6 5 Bytes  JMP 60031EFC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!GetModuleHandleW               76FBB91E 5 Bytes  JMP 60031EA2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!GetModuleHandleA               76FBBB4D 5 Bytes  JMP 60031E98 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!SleepEx                        76FBC2FE 5 Bytes  JMP 60031EDE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!QueryPerformanceCounter        76FBC5AF 5 Bytes  JMP 60031EB6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!CloseHandle                    76FBCC05 5 Bytes  JMP 60031E5C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!CreateFileW                    76FBCC4E 5 Bytes  JMP 60031F38 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!CreateFileA                    76FBCF71 5 Bytes  JMP 60031F1A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!CreateToolhelp32Snapshot       76FC6427 5 Bytes  JMP 60031F10 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!PulseEvent                     76FC7272 5 Bytes  JMP 600320A0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!CreateDirectoryExW             76FF9683 5 Bytes  JMP 60031FE2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!WinExec                        770054FF 5 Bytes  JMP 60031F24 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!SetThreadContext               77007087 5 Bytes  JMP 60032046 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!ReadConsoleA                   77016D8D 5 Bytes  JMP 60031F88 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!ReadConsoleW                   77016DE3 5 Bytes  JMP 60031F92 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!ReadConsoleInputA              77018033 5 Bytes  JMP 60031F74 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] KERNEL32.dll!ReadConsoleInputW              77018056 5 Bytes  JMP 60031F7E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ADVAPI32.dll!OpenServiceA                   767AA383 5 Bytes  JMP 600320D2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ADVAPI32.dll!OpenServiceW                   767AFFC3 5 Bytes  JMP 600320C8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ADVAPI32.dll!ConvertStringSidToSidW + 1EC   767C88CF 5 Bytes  JMP 600320AA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ADVAPI32.dll!CreateServiceW                 767D38FF 5 Bytes  JMP 600320BE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ADVAPI32.dll!ControlService                 767D3B2D 5 Bytes  JMP 600320FA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ADVAPI32.dll!DeleteService                  767D3BEE 5 Bytes  JMP 600320DC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ADVAPI32.dll!ControlServiceExA              768160FE 5 Bytes  JMP 600320E6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ADVAPI32.dll!ControlServiceExW              76816211 5 Bytes  JMP 600320F0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ADVAPI32.dll!ChangeServiceConfigA           768167A9 5 Bytes  JMP 6003210E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ADVAPI32.dll!ChangeServiceConfigW           76816951 5 Bytes  JMP 60032104 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] ADVAPI32.dll!CreateServiceA                 76816C71 5 Bytes  JMP 600320B4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] USER32.dll!SetWindowsHookExW                77197B69 5 Bytes  JMP 60032154 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] USER32.dll!PeekMessageA                     771A53FA 5 Bytes  JMP 60032140 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] USER32.dll!GetMessageA                      771A59A5 5 Bytes  JMP 6003212C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] USER32.dll!UserClientDllInitialize          771A642D 5 Bytes  JMP 60032118 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] USER32.dll!GetMessageW                      771AF83F 5 Bytes  JMP 60032136 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] USER32.dll!PeekMessageW                     771AFD9F 5 Bytes  JMP 6003214A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] USER32.dll!SetWindowsHookExA                771BBB0E 5 Bytes  JMP 6003215E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] msvcrt.dll!_lock + 29                       76C5A396 5 Bytes  JMP 60032122 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] msvcrt.dll!__p__fmode                       76C607E4 5 Bytes  JMP 60032172 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] msvcrt.dll!__p__environ                     76C6ECD0 5 Bytes  JMP 60032168 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] shell32.dll!Shell_NotifyIconW               7728C808 5 Bytes  JMP 60032186 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[4664] shell32.dll!SHCreateItemFromIDList + 350C   772C767D 5 Bytes  JMP 6003217C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Windows\system32\conime.exe[4696] ntdll.dll!LdrLoadDll + 1                                                       77D67934 2 Bytes  [13, 04]
.text           C:\Windows\system32\conime.exe[4696] ntdll.dll!LdrLoadDll + 4                                                       77D67937 4 Bytes  [4C, C3, CC, 90] {DEC ESP; RET; INT 3; NOP }
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!RtlCreateProcessParametersEx                           77D74D11 5 Bytes  JMP 60031F60 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtClose + 5                                            77D97F4D 5 Bytes  JMP 60031E20 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtCreateEvent + 5                                      77D97FED 5 Bytes  JMP 60031F42 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtCreateFile + 5                                       77D9800D 5 Bytes  JMP 60031E52 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtCreateKey + 5                                        77D9804D 5 Bytes  JMP 60032064 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtCreateMutant + 5                                     77D9807D 5 Bytes  JMP 60031F4C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtCreateProcess + 5                                    77D980CD 5 Bytes  JMP 60032050 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtCreateProcessEx + 5                                  77D980DD 5 Bytes  JMP 60031E7A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtCreateSection + 5                                    77D980FD 5 Bytes  JMP 60031E2A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtCreateThread + 5                                     77D9812D 5 Bytes  JMP 60032014 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtDeleteKey + 5                                        77D983FD 5 Bytes  JMP 60032000 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtDeleteValueKey + 5                                   77D9842D 5 Bytes  JMP 60031FF6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtDuplicateObject + 5                                  77D9845D 5 Bytes  JMP 60031FB0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtLoadDriver + 5                                       77D9869D 5 Bytes  JMP 60031F38 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtMapViewOfSection + 5                                 77D9875D 5 Bytes  JMP 60031E3E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtOpenFile + 5                                         77D987ED 5 Bytes  JMP 6003200A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtOpenKey + 5                                          77D9881D 5 Bytes  JMP 6003206E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtOpenProcess + 5                                      77D9886D 5 Bytes  JMP 60032046 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtOpenSection + 5                                      77D9889D 5 Bytes  JMP 60031E34 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtQueueApcThread + 5                                   77D98C3D 5 Bytes  JMP 6003205A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtSetInformationFile + 5                               77D98F1D 5 Bytes  JMP 60031FEC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtSetValueKey + 5                                      77D9908D 5 Bytes  JMP 60031E84 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtTerminateProcess + 5                                 77D9912D 5 Bytes  JMP 60031FE2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtUnmapViewOfSection + 5                               77D9920D 5 Bytes  JMP 60031E48 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtWriteFile + 5                                        77D9927D 5 Bytes  JMP 60031FA6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtWriteVirtualMemory + 5                               77D992AD 5 Bytes  JMP 60032032 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!NtCreateThreadEx + 5                                   77D9942D 5 Bytes  JMP 6003201E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ntdll.dll!RtlCreateProcessParameters                             77DD6D0C 5 Bytes  JMP 60031ECA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!GetSystemTimeAsFileTime                             76F718C0 5 Bytes  JMP 60031EA2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!GetStartupInfoW                                     76F71929 5 Bytes  JMP 60031EC0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!GetStartupInfoA                                     76F719C9 5 Bytes  JMP 60031EB6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!CreateProcessA                                      76F71C36 5 Bytes  JMP 60031F24 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!Sleep                                               76F71C6B 5 Bytes  JMP 60031EE8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!WriteProcessMemory                                  76F71CC6 5 Bytes  JMP 60032078 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!CheckRemoteDebuggerPresent                          76F7517F 5 Bytes  JMP 60031F56 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!CopyFileExW                                         76F7BFA1 5 Bytes  JMP 60031E66 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!SetFileAttributesW                                  76F81CA9 5 Bytes  JMP 60031F92 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!DeleteFileW                                         76F8C5C8 5 Bytes  JMP 60031FC4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!MoveFileWithProgressW                               76F9104C 5 Bytes  JMP 60031E70 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!LoadLibraryExW                                      76F930C3 5 Bytes  JMP 60031F9C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!ExitProcess                                         76F93B54 5 Bytes  JMP 60031EDE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!LoadLibraryA                                        76F99491 5 Bytes  JMP 60031EFC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!CreateProcessInternalW                              76F998DD 5 Bytes  JMP 60031FBA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!FreeLibrary                                         76FB08F8 5 Bytes  JMP 6003208C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!CreateThread                                        76FB46C8 5 Bytes  JMP 60032082 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!CreateRemoteThread                                  76FB46EF 5 Bytes  JMP 60032028 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!CreateDirectoryW                                    76FB8DA1 5 Bytes  JMP 60031FCE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!GetProcAddress                                      76FBB8B6 5 Bytes  JMP 60031EF2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!GetModuleHandleW                                    76FBB91E 5 Bytes  JMP 60031E98 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!GetModuleHandleA                                    76FBBB4D 5 Bytes  JMP 60031E8E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!SleepEx                                             76FBC2FE 5 Bytes  JMP 60031ED4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!QueryPerformanceCounter                             76FBC5AF 5 Bytes  JMP 60031EAC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!CloseHandle                                         76FBCC05 5 Bytes  JMP 60031E5C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!CreateFileW                                         76FBCC4E 5 Bytes  JMP 60031F2E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!CreateFileA                                         76FBCF71 5 Bytes  JMP 60031F10 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!CreateToolhelp32Snapshot                            76FC6427 5 Bytes  JMP 60031F06 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!PulseEvent                                          76FC7272 5 Bytes  JMP 60032096 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!CreateDirectoryExW                                  76FF9683 5 Bytes  JMP 60031FD8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!WinExec                                             770054FF 5 Bytes  JMP 60031F1A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!SetThreadContext                                    77007087 5 Bytes  JMP 6003203C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!ReadConsoleA                                        77016D8D 5 Bytes  JMP 60031F7E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!ReadConsoleW                                        77016DE3 5 Bytes  JMP 60031F88 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!ReadConsoleInputA                                   77018033 5 Bytes  JMP 60031F6A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] kernel32.dll!ReadConsoleInputW                                   77018056 5 Bytes  JMP 60031F74 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ADVAPI32.dll!OpenServiceA                                        767AA383 5 Bytes  JMP 600320D2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ADVAPI32.dll!OpenServiceW                                        767AFFC3 5 Bytes  JMP 600320C8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ADVAPI32.dll!ConvertStringSidToSidW + 1EC                        767C88CF 5 Bytes  JMP 600320A0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ADVAPI32.dll!CreateServiceW                                      767D38FF 5 Bytes  JMP 600320BE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ADVAPI32.dll!ControlService                                      767D3B2D 5 Bytes  JMP 600320FA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ADVAPI32.dll!DeleteService                                       767D3BEE 5 Bytes  JMP 600320DC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ADVAPI32.dll!ControlServiceExA                                   768160FE 5 Bytes  JMP 600320E6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ADVAPI32.dll!ControlServiceExW                                   76816211 5 Bytes  JMP 600320F0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ADVAPI32.dll!ChangeServiceConfigA                                768167A9 5 Bytes  JMP 6003210E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ADVAPI32.dll!ChangeServiceConfigW                                76816951 5 Bytes  JMP 60032104 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] ADVAPI32.dll!CreateServiceA                                      76816C71 5 Bytes  JMP 600320B4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] USER32.dll!SetWindowsHookExW                                     77197B69 5 Bytes  JMP 6003215E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] USER32.dll!PeekMessageA                                          771A53FA 5 Bytes  JMP 6003214A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] USER32.dll!GetMessageA                                           771A59A5 5 Bytes  JMP 60032136 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] USER32.dll!UserClientDllInitialize                               771A642D 5 Bytes  JMP 600320AA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] USER32.dll!GetMessageW                                           771AF83F 5 Bytes  JMP 60032140 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] USER32.dll!PeekMessageW                                          771AFD9F 5 Bytes  JMP 60032154 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] USER32.dll!SetWindowsHookExA                                     771BBB0E 5 Bytes  JMP 60032168 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] msvcrt.dll!_lock + 29                                            76C5A396 5 Bytes  JMP 60032118 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] msvcrt.dll!__p__fmode                                            76C607E4 5 Bytes  JMP 6003212C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] msvcrt.dll!__p__environ                                          76C6ECD0 5 Bytes  JMP 60032122 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] SHELL32.dll!Shell_NotifyIconW                                    7728C808 5 Bytes  JMP 60032190 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] SHELL32.dll!SHCreateItemFromIDList + 350C                        772C767D 5 Bytes  JMP 60032172 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] WININET.dll!InternetConfirmZoneCrossing + FFF66B4A               763F1748 5 Bytes  JMP 6003217C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] WININET.dll!HttpOpenRequestA                                     7640D508 5 Bytes  JMP 600321C2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] WININET.dll!InternetConnectA                                     7640DEAE 5 Bytes  JMP 600321B8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text           C:\Users\PowerChaos\Desktop\desktop\gmer.exe[5496] WININET.dll!InternetOpenA                                        7641D690 5 Bytes  JMP 600321AE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                             Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                             Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                             bdftdif.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                                             bdftdif.sys

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    hcmon.sys
Device          \Driver\usbhub \Device\000000f0                                                                                     hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    hcmon.sys
Device          \Driver\usbehci \Device\USBFDO-2                                                                                    hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                    hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                    hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                    hcmon.sys
Device          \Driver\usbhub \Device\000000e9                                                                                     hcmon.sys
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                    hcmon.sys
Device          \Driver\usbehci \Device\USBFDO-7                                                                                    hcmon.sys

---- Services - GMER 1.0.15 ----

Service         C:\Windows\PRAGMAsiiteyxbvc\PRAGMAd.sys (*** hidden *** )                                                           [SYSTEM] PRAGMAsiiteyxbvc                                                                                                                                                                                                 <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00247e5642d5 (not active ControlSet)                    
Reg             HKLM\SYSTEM\ControlSet001\Services\PRAGMAsiiteyxbvc (not active ControlSet)                                        
Reg             HKLM\SYSTEM\ControlSet001\Services\PRAGMAsiiteyxbvc@start                                                           1
Reg             HKLM\SYSTEM\ControlSet001\Services\PRAGMAsiiteyxbvc@type                                                            1
Reg             HKLM\SYSTEM\ControlSet001\Services\PRAGMAsiiteyxbvc@imagepath                                                       \systemroot\PRAGMAsiiteyxbvc\PRAGMAd.sys
Reg             HKLM\SYSTEM\ControlSet001\Services\PRAGMAsiiteyxbvc\modules (not active ControlSet)                                
Reg             HKLM\SYSTEM\ControlSet001\Services\PRAGMAsiiteyxbvc\modules@PRAGMAd                                                 \systemroot\PRAGMAsiiteyxbvc\PRAGMAd.sys
Reg             HKLM\SYSTEM\ControlSet001\Services\PRAGMAsiiteyxbvc\modules@PRAGMAc                                                 \systemroot\PRAGMAsiiteyxbvc\PRAGMAc.dll
Reg             HKLM\SYSTEM\ControlSet001\Services\PRAGMAsiiteyxbvc\modules@pragmaserf                                              pragmaserf
Reg             HKLM\SYSTEM\ControlSet001\Services\PRAGMAsiiteyxbvc\modules@pragmabbr                                               pragmabbr
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                     C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                     1
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                  0x50 0xC0 0xE0 0x9A ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x45 0x39 0xBB 0xD8 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x1D 0xC8 0x2A 0x93 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xE6 0x1B 0x51 0xB1 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e5642d5                                        
Reg             HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsiiteyxbvc                                                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsiiteyxbvc@start                                                       1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsiiteyxbvc@type                                                        1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsiiteyxbvc@imagepath                                                   \systemroot\PRAGMAsiiteyxbvc\PRAGMAd.sys
Reg             HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsiiteyxbvc\modules                                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsiiteyxbvc\modules@PRAGMAd                                             \systemroot\PRAGMAsiiteyxbvc\PRAGMAd.sys
Reg             HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsiiteyxbvc\modules@PRAGMAc                                             \systemroot\PRAGMAsiiteyxbvc\PRAGMAc.dll
Reg             HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsiiteyxbvc\modules@pragmaserf                                          pragmaserf
Reg             HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAsiiteyxbvc\modules@pragmabbr                                           pragmabbr
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                 1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                              0x50 0xC0 0xE0 0x9A ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x45 0x39 0xBB 0xD8 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x1D 0xC8 0x2A 0x93 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xD8 0x30 0x5E 0xE8 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00247e5642d5 (not active ControlSet)                    
Reg             HKLM\SYSTEM\ControlSet005\Services\PRAGMAsiiteyxbvc (not active ControlSet)                                        
Reg             HKLM\SYSTEM\ControlSet005\Services\PRAGMAsiiteyxbvc@start                                                           1
Reg             HKLM\SYSTEM\ControlSet005\Services\PRAGMAsiiteyxbvc@type                                                            1
Reg             HKLM\SYSTEM\ControlSet005\Services\PRAGMAsiiteyxbvc@imagepath                                                       \systemroot\PRAGMAsiiteyxbvc\PRAGMAd.sys
Reg             HKLM\SYSTEM\ControlSet005\Services\PRAGMAsiiteyxbvc\modules (not active ControlSet)                                
Reg             HKLM\SYSTEM\ControlSet005\Services\PRAGMAsiiteyxbvc\modules@PRAGMAd                                                 \systemroot\PRAGMAsiiteyxbvc\PRAGMAd.sys
Reg             HKLM\SYSTEM\ControlSet005\Services\PRAGMAsiiteyxbvc\modules@PRAGMAc                                                 \systemroot\PRAGMAsiiteyxbvc\PRAGMAc.dll
Reg             HKLM\SYSTEM\ControlSet005\Services\PRAGMAsiiteyxbvc\modules@pragmaserf                                              pragmaserf
Reg             HKLM\SYSTEM\ControlSet005\Services\PRAGMAsiiteyxbvc\modules@pragmabbr                                               pragmabbr
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                     C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                     1
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                  0x50 0xC0 0xE0 0x9A ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x45 0x39 0xBB 0xD8 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x1D 0xC8 0x2A 0x93 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xD8 0x30 0x5E 0xE8 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xE2 0x63 0x26 0xF1 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x71 0x3B 0x04 0x66 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0x25 0xDA 0xEC 0x7E ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x86 0x8C 0x21 0x01 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xCD 0x44 0xCD 0xB9 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0x50 0x93 0xE5 0xAB ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0x31 0x77 0xE1 0xBA ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x01 0x3A 0x48 0xFC ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0x51 0xFA 0x6E 0x91 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x3D 0xCE 0xEA 0x26 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0x2A 0xB7 0xCC 0xB5 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0x6C 0x43 0x2D 0x1E ...

---- Files - GMER 1.0.15 ----

File            C:\ProgramData\pragmamfeklnmal.dll                                                                                  1193 bytes
File            C:\Users\PowerChaos\AppData\Local\Temp\PRAGMA44c8.tmp                                                               680448 bytes executable
File            C:\Users\PowerChaos\AppData\Local\Temp\pragmamainqt.dll                                                             10354 bytes
File            C:\Users\PowerChaos\AppData\Local\Temp\pragmapdconf.ini                                                             35 bytes
File            C:\Windows\Temp\PRAGMA8e0b.tmp                                                                                      99 bytes
File            C:\Windows\Temp\PRAGMAe5cb.tmp                                                                                      151 bytes
File            C:\Windows\PRAGMAsiiteyxbvc                                                                                         0 bytes
File            C:\Windows\PRAGMAsiiteyxbvc\PRAGMAc.dll                                                                             31232 bytes executable
File            C:\Windows\PRAGMAsiiteyxbvc\PRAGMAcfg.ini                                                                           95 bytes
File            C:\Windows\PRAGMAsiiteyxbvc\PRAGMAd.sys                                                                             48640 bytes executable                                                                                                                                                                                                    <-- ROOTKIT !!!
File            C:\Windows\PRAGMAsiiteyxbvc\PRAGMAsrcr.dat                                                                          143 bytes

---- EOF - GMER 1.0.15 ----

and please see the last file as atachment in a zip file (as requested)

i need to say , after i runned GMER then my comp crashed 3 times (blue screen , something of program termination error and gave me a memdump)

Thank you for your support
Greetings From PowerChaos

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 15 June 2010 - 03:46 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  1. Do not run any other tool untill instructed to do so!
  2. Do not Attach logs unless I ask you to.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.
  6. Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 19 June 2010 - 10:41 PM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 PowerChaos

PowerChaos
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 20 June 2010 - 06:30 AM

hi,
i am running combofix now
sorry for late reply , but i only recrived a email from the bump (today at 5 am)

i am curently installing/downloading combofix

i will post a log over a few hours (as it can take a long time to scan my pc)

Thank you
Greetings From PowerChaos

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 20 June 2010 - 03:18 PM

ok I will Be here
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 24 June 2010 - 08:10 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 PowerChaos

PowerChaos
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 24 June 2010 - 10:00 AM

hi
the first time i was running combofix (last time i dit a reply on this forum) then it crashed all the time
it takes ages to start up (giving a few beeps)
it rebooted my computer and start up as only process
probaly bitdefender was blocking stuff as it starts up before anything els starts up :S

so the program crashed basicly (just freeze and dit nothing)

today i dit the same thing again and now it suceeded , it dint reboot but the program runned fine , then it asked to reboot (dint do that before)

but this time i disabled bitdefender completly (firewall , virus scanner , registry blocker and all other things that where running on it )
it still starts up and opens a screen :S


so here are the logs

CODE
ComboFix 10-06-23.05 - PowerChaos 24/06/2010  16:17:15.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.32.1043.18.3068.2101 [GMT 2:00]
Gestart vanuit: c:\users\PowerChaos\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1021.exe
C:\LHT369F.tmp
c:\programdata\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\programdata\pragmamfeklnmal.dll
c:\users\PowerChaos\AppData\Roaming\5145F0F88B5304EF0A46663D0F7375A1
c:\users\PowerChaos\AppData\Roaming\5145F0F88B5304EF0A46663D0F7375A1\enemies-names.txt
c:\users\PowerChaos\AppData\Roaming\inst.exe
c:\users\PowerChaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AKM Antivirus 2010 Pro
c:\users\PowerChaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\PowerChaos\AppData\Roaming\skynet.dat
c:\users\PowerChaos\AppData\Roaming\SQLite3.dll
c:\users\PowerChaos\AppData\Roaming\wp3.dat
c:\users\PowerChaos\AppData\Roaming\wp4.dat
c:\users\PowerChaos\g2mdlhlpx.exe
c:\users\PowerChaos\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\null
c:\windows\PRAGMAsiiteyxbvc
c:\windows\PRAGMAsiiteyxbvc\PRAGMAc.dll
c:\windows\PRAGMAsiiteyxbvc\PRAGMAcfg.ini
c:\windows\PRAGMAsiiteyxbvc\PRAGMAd.sys
c:\windows\PRAGMAsiiteyxbvc\PRAGMAsrcr.dat
c:\windows\system32\BReWErS.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\h7t.wt
c:\windows\system32\hgtd.ruy
c:\windows\system32\logs
c:\windows\system32\Packet.dll
c:\windows\system32\sys.dll
c:\windows\system32\wpcap.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PRAGMASIITEYXBVC
-------\Service_PRAGMAsiiteyxbvc


((((((((((((((((((((   Bestanden Gemaakt van 2010-05-24 to 2010-06-24  ))))))))))))))))))))))))))))))
.

2010-06-24 14:29 . 2010-06-24 14:40    --------    d-----w-    c:\users\PowerChaos\AppData\Local\temp
2010-06-24 14:29 . 2010-06-24 14:29    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-06-24 01:26 . 2010-06-24 01:26    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\NetSarang
2010-06-24 01:24 . 2010-06-24 01:24    --------    d-----w-    c:\program files\NetSarang
2010-06-24 01:24 . 2010-06-24 01:24    --------    d-----w-    c:\program files\Common Files\NetSarang
2010-06-24 01:24 . 2010-06-24 01:24    --------    d-----w-    c:\programdata\NetSarang
2010-06-24 01:06 . 2010-06-24 01:06    --------    d-----w-    c:\program files\RealVNC
2010-06-24 00:56 . 2010-06-24 00:56    --------    d-----w-    c:\program files\TightVNC
2010-06-23 02:17 . 2010-06-23 02:17    --------    d-----w-    c:\programdata\Isotx
2010-06-23 02:02 . 2010-06-23 02:03    --------    d-----w-    c:\program files\IGWarlord
2010-06-22 01:13 . 2010-06-22 01:13    --------    d-----w-    c:\program files\Visual MP3 Splitter & Joiner
2010-06-21 18:38 . 2010-06-21 18:38    --------    d-----w-    c:\users\PowerChaos\AppData\Local\TeamSpeak 3 Client
2010-06-21 16:05 . 2010-06-21 16:05    --------    d-----w-    C:\VirtualDJPortable
2010-06-19 02:31 . 2010-06-22 20:33    --------    d-----w-    c:\program files\Crazy Tao
2010-06-19 00:11 . 2010-06-19 00:11    --------    d-----w-    C:\syslog
2010-06-18 16:03 . 2010-06-18 16:15    --------    d-----w-    c:\program files\ProxyFirewall
2010-06-18 02:20 . 2010-06-18 02:20    --------    d-----w-    c:\program files\MIDITracker
2010-06-18 01:44 . 2010-06-18 02:05    --------    d-----w-    c:\program files\HooTech WAV MP3 Converter
2010-06-18 01:30 . 2010-06-18 01:30    985    ----a-w-    c:\windows\system32\SpoonUninstall-dBpowerAMP WSP Codec.dat
2010-06-17 21:47 . 2010-06-17 21:47    --------    d-----w-    c:\program files\Viva Media
2010-06-17 20:13 . 2010-06-17 20:13    --------    d-----w-    c:\programdata\ATI
2010-06-17 19:49 . 2010-06-17 19:49    --------    d-----w-    C:\ATI
2010-06-17 19:48 . 2010-06-17 19:48    --------    d-----w-    C:\AMD
2010-06-17 17:14 . 2010-06-17 23:17    278728    ----a-w-    c:\windows\system32\drivers\atksgt.sys
2010-06-17 17:12 . 2010-06-17 17:12    18048    ----a-w-    c:\windows\system32\drivers\lirsgt.sys
2010-06-17 05:06 . 2010-06-17 05:06    --------    d-----w-    c:\program files\WinUHA
2010-06-17 03:04 . 2010-06-17 03:05    --------    d-----w-    c:\users\PowerChaos\AppData\Local\LAG
2010-06-17 03:04 . 2010-06-17 03:04    --------    d-----w-    c:\programdata\LAG
2010-06-17 03:04 . 2010-06-17 03:04    --------    d-----w-    c:\windows\system32\AGEIA
2010-06-16 04:51 . 2010-06-16 04:51    --------    d-----w-    c:\program files\Microsoft Silverlight
2010-06-16 04:50 . 2010-02-12 10:48    293376    ----a-w-    c:\windows\system32\browserchoice.exe
2010-06-16 04:36 . 2010-06-16 04:36    --------    d-----w-    c:\users\PowerChaos\AppData\Local\ApplicationHistory
2010-06-16 04:36 . 2010-06-16 04:36    98    ----a-w-    c:\users\PowerChaos\AppData\Local\fusioncache.dat
2010-06-16 04:32 . 2010-02-20 23:39    24064    ----a-w-    c:\windows\system32\nshhttp.dll
2010-06-16 04:32 . 2010-02-20 23:37    31232    ----a-w-    c:\windows\system32\httpapi.dll
2010-06-16 04:32 . 2010-02-20 21:18    411136    ----a-w-    c:\windows\system32\drivers\http.sys
2010-06-16 04:24 . 2010-01-25 08:35    523776    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2010-06-16 04:23 . 2010-04-23 13:55    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-06-16 04:22 . 2009-08-10 11:01    1399296    ----a-w-    c:\windows\system32\msxml6.dll
2010-06-16 04:21 . 2009-08-10 13:05    351232    ----a-w-    c:\windows\system32\WSDApi.dll
2010-06-16 03:30 . 2009-09-10 15:21    310784    ----a-w-    c:\windows\system32\unregmp2.exe
2010-06-16 03:30 . 2009-09-10 15:21    8147456    ----a-w-    c:\windows\system32\wmploc.DLL
2010-06-16 03:16 . 2010-06-16 03:16    --------    d-----w-    c:\program files\Remote Desktop
2010-06-15 22:21 . 2010-06-15 22:21    --------    d-----w-    c:\programdata\{11D4F6A6-F42B-4D07-984C-B2E62CE04766}
2010-06-15 22:20 . 2010-06-15 22:21    --------    d-----w-    c:\program files\LiveZilla BETA
2010-06-15 19:28 . 2010-06-15 19:28    --------    d-----w-    c:\program files\SmartPCTools
2010-06-15 18:25 . 2010-06-16 20:11    --------    d-----w-    C:\xRumer500
2010-06-15 15:44 . 2010-06-15 15:44    --------    d-----w-    c:\programdata\TomTom
2010-06-15 15:38 . 2010-06-15 15:38    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\TomTom
2010-06-15 15:38 . 2010-06-15 15:38    --------    d-----w-    c:\users\PowerChaos\AppData\Local\TomTom
2010-06-15 15:38 . 2010-06-15 15:38    --------    d-----w-    c:\program files\TomTom International B.V
2010-06-15 15:37 . 2010-06-15 15:37    --------    d-----w-    c:\program files\TomTom HOME 2
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\wsbl.dat
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\phar_unmip.dat
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\phar_histprot.dat
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\ph_white.dat
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\ph_summ.dat
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\ph_black.dat
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\pcwords2.dat
2010-06-10 21:17 . 2010-06-10 21:17    --------    d-----w-    C:\Binaries
2010-06-10 15:04 . 2009-03-08 11:32    72704    ----a-w-    c:\windows\system32\admparse.dll
2010-06-10 02:38 . 2010-06-10 02:38    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\BitDefender
2010-06-10 02:37 . 2010-06-10 21:17    --------    d-----w-    c:\programdata\BitDefender
2010-06-10 02:37 . 2010-06-10 21:17    --------    d-----w-    c:\program files\BitDefender
2010-06-10 02:32 . 2010-06-10 02:32    --------    d-----w-    c:\windows\system32\URTTEMP
2010-06-10 02:29 . 2010-06-10 21:17    --------    d-----w-    c:\program files\Common Files\BitDefender
2010-06-10 01:02 . 2010-06-10 01:02    411368    ----a-w-    c:\windows\system32\deployJava1.dll
2010-06-08 16:28 . 2010-06-08 16:28    0    ----a-w-    C:\windows1.exe
2010-06-08 16:28 . 2010-06-08 16:28    --------    d--h--w-    c:\program files\NVIDIA
2010-06-08 13:23 . 2010-06-08 13:23    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Unity
2010-06-07 23:00 . 2010-06-07 23:00    --------    d-----w-    c:\programdata\Blizzard Entertainment
2010-06-07 17:28 . 2010-06-07 17:28    --------    d-----w-    c:\programdata\WindowsSearch
2010-06-02 04:35 . 2010-06-02 04:35    40960    ----a-w-    c:\windows\system32\cmdshell.dll
2010-06-01 16:01 . 2010-06-01 16:01    --------    d-----w-    C:\My Documents
2010-05-30 19:35 . 2010-05-30 19:44    517348    ----a-w-    c:\windows\null.exe
2010-05-28 00:09 . 2010-05-28 00:09    41872    ----a-w-    c:\windows\system32\xfcodec.dll
2010-05-27 17:02 . 2010-05-27 17:02    143360    ----a-w-    c:\windows\system32\atiapfxx.exe
2010-05-27 17:02 . 2010-05-27 17:02    511488    ----a-w-    c:\windows\system32\aticfx32.dll
2010-05-27 16:59 . 2010-05-27 16:59    376832    ----a-w-    c:\windows\system32\atieclxx.exe
2010-05-27 16:59 . 2010-05-27 16:59    176128    ----a-w-    c:\windows\system32\atiesrxx.exe
2010-05-27 16:58 . 2010-05-27 16:58    11776    ----a-w-    c:\windows\system32\atimuixx.dll
2010-05-27 16:41 . 2010-05-27 16:41    53248    ----a-w-    c:\windows\system32\aticalrt.dll
2010-05-27 16:41 . 2010-05-27 16:41    53248    ----a-w-    c:\windows\system32\aticalcl.dll
2010-05-27 16:39 . 2010-05-27 16:39    4096000    ----a-w-    c:\windows\system32\aticaldd.dll
2010-05-27 16:35 . 2010-05-27 16:35    50176    ----a-w-    c:\windows\system32\coinst.dll
2010-05-27 16:25 . 2010-05-27 16:25    12800    ----a-w-    c:\windows\system32\atiglpxx.dll
2010-05-27 16:25 . 2010-05-27 16:25    16896    ----a-w-    c:\windows\system32\atigktxx.dll
2010-05-27 16:25 . 2010-05-27 16:25    209920    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2010-05-27 16:24 . 2010-05-27 16:24    30208    ----a-w-    c:\windows\system32\atiuxpag.dll
2010-05-27 16:24 . 2010-05-27 16:24    22528    ----a-w-    c:\windows\system32\atiu9pag.dll
2010-05-27 16:24 . 2010-05-27 16:24    23040    ----a-w-    c:\windows\system32\atitmpxx.dll
2010-05-27 16:20 . 2010-05-27 16:20    52736    ----a-w-    c:\windows\system32\atimpc32.dll

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 14:31 . 2009-04-06 01:28    1076    ----a-w-    c:\windows\bthservsdp.dat
2010-06-24 14:08 . 2009-06-12 16:03    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\FileZilla
2010-06-24 11:47 . 2009-07-13 23:30    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Vso
2010-06-24 01:37 . 2009-07-02 02:10    --------    d-----w-    c:\program files\VMware
2010-06-24 01:37 . 2009-02-20 07:51    677454    ----a-w-    c:\windows\system32\perfh013.dat
2010-06-24 01:37 . 2009-02-20 07:51    131774    ----a-w-    c:\windows\system32\perfc013.dat
2010-06-24 01:37 . 2009-02-20 07:46    669032    ----a-w-    c:\windows\system32\perfh00C.dat
2010-06-24 01:37 . 2009-02-20 07:46    127838    ----a-w-    c:\windows\system32\perfc00C.dat
2010-06-24 01:32 . 2009-06-19 17:28    --------    d-----w-    c:\programdata\VMware
2010-06-24 01:26 . 2009-02-19 23:56    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-06-23 21:52 . 2009-10-03 18:10    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\uTorrent
2010-06-23 21:52 . 2009-06-12 17:33    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Xfire
2010-06-21 16:25 . 2009-06-12 09:28    76224    ----a-w-    c:\users\PowerChaos\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-19 16:13 . 2009-11-24 01:29    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Apple Computer
2010-06-18 23:53 . 2009-06-12 17:33    --------    d-----w-    c:\programdata\Xfire
2010-06-18 01:30 . 2010-02-12 16:15    164864    ----a-w-    c:\windows\system32\SpoonUninstall.exe
2010-06-18 00:42 . 2010-04-16 15:53    --------    d-----w-    c:\program files\Common Files\Blizzard Entertainment
2010-06-17 20:13 . 2009-04-06 01:32    --------    d-----w-    c:\program files\ATI Technologies
2010-06-17 14:43 . 2009-07-02 04:18    --------    d-----w-    c:\program files\Atari
2010-06-17 05:30 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2010-06-17 03:04 . 2010-02-21 00:31    --------    d-----w-    c:\program files\AGEIA Technologies
2010-06-17 03:03 . 2009-10-04 17:23    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2010-06-17 02:27 . 2010-03-16 00:12    --------    d-----w-    c:\program files\Ubisoft
2010-06-16 04:56 . 2009-06-12 09:20    --------    d-----w-    c:\programdata\Microsoft Help
2010-06-14 23:59 . 2009-06-14 17:34    --------    d--h--w-    c:\users\PowerChaos\AppData\Roaming\ijjigame
2010-06-11 09:37 . 2009-10-19 15:04    72784    ----a-w-    c:\windows\system32\drivers\BdfNdisf6.sys
2010-06-10 21:12 . 2010-05-19 19:55    --------    d-----w-    c:\program files\NCH Software
2010-06-10 17:22 . 2010-05-19 19:56    --------    d-----w-    c:\program files\NCH Swift Sound
2010-06-10 17:17 . 2009-08-08 16:02    --------    d-----w-    c:\program files\Picture Resize Genius
2010-06-10 17:00 . 2010-03-15 22:09    --------    d-----w-    c:\program files\NTFS Undelete
2010-06-10 17:00 . 2009-06-20 16:45    --------    d-----w-    c:\program files\MediaRing
2010-06-10 16:45 . 2010-03-01 22:06    --------    d-----w-    c:\programdata\Alwil Software
2010-06-10 16:37 . 2009-06-12 17:33    --------    d-----w-    c:\program files\Xfire
2010-06-10 01:00 . 2009-02-20 01:22    --------    d-----w-    c:\program files\Java
2010-06-10 00:58 . 2009-02-20 01:22    --------    d-----w-    c:\program files\Common Files\Java
2010-06-07 21:17 . 2009-06-29 23:44    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Microsoft Games
2010-06-07 21:17 . 2009-06-29 23:39    --------    d-----w-    c:\programdata\Microsoft Games
2010-06-02 04:36 . 2008-01-21 02:24    811896    ------w-    c:\windows\system32\svhosit.exe
2010-05-26 16:16 . 2010-06-16 04:24    34304    ----a-w-    c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-16 04:24    289792    ----a-w-    c:\windows\system32\atmfd.dll
2010-05-25 02:25 . 2009-06-12 15:43    --------    d-----w-    c:\program files\FlashGet
2010-05-22 20:27 . 2010-03-21 00:06    139152    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2010-05-22 20:26 . 2010-03-21 00:06    111928    ----a-w-    c:\windows\system32\PnkBstrB.exe
2010-05-22 20:10 . 2010-03-21 00:06    22328    ----a-w-    c:\users\PowerChaos\AppData\Roaming\PnkBstrK.sys
2010-05-22 20:10 . 2010-03-21 00:06    66872    ----a-w-    c:\windows\system32\PnkBstrA.exe
2010-05-22 20:10 . 2010-05-22 20:10    674600    ----a-w-    c:\windows\system32\pbsvc.exe
2010-05-22 20:06 . 2009-07-02 14:15    --------    d-----w-    c:\program files\GameSpy Arcade
2010-05-22 19:37 . 2009-06-13 16:01    530    ----a-w-    c:\windows\eReg.dat
2010-05-19 20:30 . 2010-05-19 20:30    --------    d-----w-    c:\program files\Livestream Procaster
2010-05-19 19:59 . 2010-05-19 19:56    --------    d-----w-    c:\programdata\NCH Swift Sound
2010-05-19 19:55 . 2010-05-19 19:55    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\NCH Software
2010-05-19 15:03 . 2010-05-19 15:03    --------    d-----w-    c:\program files\Broadcaster
2010-05-19 14:55 . 2009-06-15 01:27    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Skype
2010-05-19 14:03 . 2009-06-15 01:32    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\skypePM
2010-05-17 15:50 . 2009-06-16 13:28    --------    d-----w-    c:\program files\TallStick
2010-05-17 15:09 . 2006-11-02 07:36    149560    ----a-w-    c:\windows\system32\drivers\adpu320.sys
2010-05-17 13:12 . 2010-05-17 03:55    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\AKM Antivirus 2010 Pro
2010-05-17 03:53 . 2009-07-14 22:44    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\DNA
2010-05-17 03:49 . 2010-05-17 03:49    --------    d-----w-    c:\program files\SWF Decompiler Magic
2010-05-17 03:35 . 2010-05-17 03:35    --------    d-----w-    c:\program files\Common Files\SourceTec
2010-05-17 03:35 . 2010-05-17 03:35    --------    d-----w-    c:\program files\SourceTec
2010-05-17 03:07 . 2010-05-15 16:59    --------    d-----w-    c:\program files\CamStudio
2010-05-15 23:58 . 2010-02-12 14:41    --------    d-----w-    c:\program files\Domus
2010-05-15 17:32 . 2010-05-15 01:52    --------    d-----w-    c:\program files\AmazingMIDI
2010-05-15 17:32 . 2010-02-10 21:54    --------    d-----w-    c:\programdata\BVRP Software
2010-05-15 17:32 . 2010-05-15 17:32    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\InstallShield
2010-05-15 17:17 . 2010-05-15 01:57    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\dream-mp3-to-midi-converter
2010-05-15 17:16 . 2009-06-16 13:46    --------    d-----w-    c:\program files\VstPlugins
2010-05-15 17:16 . 2009-06-16 13:44    --------    d-----w-    c:\program files\Image-Line
2010-05-15 09:38 . 2010-05-15 09:38    11024    ----a-w-    c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2010-05-15 09:38 . 2010-02-12 16:15    15607    ----a-w-    c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-05-15 01:47 . 2010-05-15 01:25    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Synthesia
2010-05-13 18:19 . 2009-08-14 18:39    6836    ----a-w-    c:\users\PowerChaos\AppData\Local\d3d9caps.dat
2010-05-13 18:17 . 2009-07-14 22:44    --------    d-----w-    c:\program files\DNA
2010-05-12 16:49 . 2010-05-12 16:49    --------    d-----w-    c:\program files\Rockstar Games
2010-05-12 09:21 . 2010-03-05 14:43    221568    ------w-    c:\windows\system32\MpSigStub.exe
2010-05-12 01:43 . 2010-05-12 01:43    --------    d-----w-    c:\programdata\DivX
2010-05-07 00:20 . 2010-05-07 00:20    --------    d-----w-    c:\program files\ijji
2010-05-05 20:40 . 2009-10-08 21:04    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\.purple
2010-05-05 10:12 . 2009-10-03 18:13    --------    d-----w-    c:\program files\Ask.com
2010-05-05 09:08 . 2010-05-02 16:17    --------    d-----w-    c:\program files\Zynga
2010-05-05 09:01 . 2010-02-11 00:47    --------    d-----w-    c:\program files\AoA DVD Ripper
2010-05-05 08:59 . 2010-04-01 10:30    --------    d-----w-    c:\program files\ElcomSoft
2010-05-05 08:57 . 2010-02-20 14:01    --------    d-----w-    c:\program files\GameHi_USA
2010-05-04 20:54 . 2010-05-04 20:54    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\PeerNetworking
2010-05-04 20:27 . 2009-08-18 19:29    --------    d-----w-    c:\programdata\PMB Files
2010-05-04 12:36 . 2010-05-04 12:36    --------    d-----w-    c:\programdata\PopCap
2010-05-04 05:59 . 2010-06-10 15:06    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 15:06    71680    ----a-w-    c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 15:06    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 15:06    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-16 04:22    2036224    ----a-w-    c:\windows\system32\win32k.sys
2010-04-29 15:37 . 2010-04-29 15:37    2137    ----a-w-    c:\windows\system32\atipblag.dat
2010-04-21 22:29 . 2009-10-08 20:21    59    ----a-w-    c:\windows\wpd99.drv
2010-04-16 16:10 . 2010-06-16 04:23    1314816    ----a-w-    c:\windows\system32\quartz.dll
2010-04-05 16:07 . 2010-06-16 04:23    67072    ----a-w-    c:\windows\system32\asycfilt.dll
2010-03-26 19:17 . 2010-03-26 19:17    1736704    ----a-w-    C:\DemonPower_Eo_Beta - BoosterKing - .exe
2010-03-20 03:18 . 2009-06-13 16:40    9    ----a-w-    c:\program files\install_log.dat
2009-02-20 08:11 . 2009-02-20 07:53    8192    --sha-w-    c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96}"= "c:\program files\DemonPower_Gaming\tbDem0.dll" [2010-04-15 2515552]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96}]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-02-22 10:05    2353176    ----a-w-    c:\program files\Zynga\tbZyn0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96}]
2010-04-15 10:33    2515552    ----a-w-    c:\program files\DemonPower_Gaming\tbDem0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96}"= "c:\program files\DemonPower_Gaming\tbDem0.dll" [2010-04-15 2515552]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96}]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DBB3A0A6-6A4C-4F70-A042-4CE9F1746A96}"= "c:\program files\DemonPower_Gaming\tbDem0.dll" [2010-04-15 2515552]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96}]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-01-20 3883856]
"Google Update"="c:\users\PowerChaos\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-20 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-20 289072]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-05-07 247144]
"Registry Repair Wizard Scheduler"="c:\program files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" [2008-11-24 1052928]
"Steam"="d:\windows.old.001\program files\steam\steam.exe" [2010-06-17 1238352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2010-01-20 691656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2010-01-20 2007088]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2010-01-20 144784]
"WindowsNull"="c:\windows\null.exe" [2010-05-30 517348]
"LiveZilla"="c:\program files\LiveZilla BETA\LiveZilla.exe" [2010-06-10 2776920]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]

c:\users\PowerChaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-4-17 0]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-5-28 3493264]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0aswBoot.exe /M:120882429b92

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iReboot 1.1.0.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\iReboot 1.1.0.lnk
backup=c:\windows\pss\iReboot 1.1.0.lnkCommon Startup

[HKLM\~\startupfolder\C:^Users^PowerChaos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\users\PowerChaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Users^PowerChaos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MediaRing Talk.lnk]
path=c:\users\PowerChaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MediaRing Talk.lnk
backup=c:\windows\pss\MediaRing Talk.lnkStartup

[HKLM\~\startupfolder\C:^Users^PowerChaos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]
path=c:\users\PowerChaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-01-20 10:33    34672    ----a-w-    c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
2010-03-18 14:25    1123360    ----a-w-    c:\program files\BitDefender\BitDefender 2010\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
2009-10-19 15:05    71152    ----a-w-    c:\program files\BitDefender\BitDefender 2010\ieshow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-01-20 10:33    323392    ----a-w-    c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-01-20 10:33    691656    ----a-w-    c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
2010-01-20 10:33    2007088    ----a-w-    c:\progra~1\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-01-20 10:33    54576    ----a-w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-20 10:33    141600    ----a-w-    c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveZilla]
2010-01-20 10:33    2793768    ----a-w-    c:\program files\LiveZilla\LiveZilla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-06 00:27    26102056    ----a-r-    c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2010-01-20 10:33    210216    ----a-w-    c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2010-01-20 10:33    210216    ----a-w-    c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2010-01-20 10:33    210216    ----a-w-    c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2010-01-20 10:33    210216    ----a-w-    c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-01-20 10:34    289072    ----a-w-    c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VRS]
2010-05-23 02:45    1024004    ----a-w-    c:\program files\NCH Swift Sound\VRS\vrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23    1008184    ----a-w-    c:\program files\Windows Defender\MSASCui.exe

R0 iyaqolqu;iyaqolqu; [x]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R2 RemotMot;Remote Access Auto Connection;c:\windows\system32\svchos..exe [x]
R2 StudioPro;StudioPro webcam;c:\windows\system32\DRIVERS\StudioPro.sys [2006-12-03 124416]
R2 teparting serverl;SheCole Authoratio servert;c:\windows\system32\svhosit.exe [2010-06-02 811896]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-20 222512]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-11-12 3403420]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-06-30 91408]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VMMDriver;VMM Driver;c:\users\POWERC~1\AppData\Local\Temp\Rar$EX10.386\Portable Microsoft Virtual Pc 2007\Appdata\bin\VMM\VMM.sys [x]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
R4 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
R4 iReboot;iReboot Background Service;c:\program files\NeoSmart Technologies\iReboot\iRebootd.exe [2008-04-27 9216]
R4 VMwareServerWebAccess;VMware Server Web Access;c:\program files\VMware\VMware Server\tomcat\bin\Tomcat6.exe [2010-01-20 57344]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-29 721904]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2010-06-11 72784]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/04/06 04:12];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 16:04 87536]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 176128]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-01-19 85128]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-01-20 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2010-01-20 365952]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-05-07 92008]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2010-01-20 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2010-01-20 116096]
S2 VRSService;VRS Recording System;c:\program files\NCH Swift Sound\VRS\vrs.exe [2010-05-23 1024004]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-12-31 4172288]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 209920]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-03 153448]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
bdx    REG_MULTI_SZ       scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-20 10:33    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019093574-2568049517-3597755828-1000Core.job
- c:\users\PowerChaos\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-12 10:34]

2010-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019093574-2568049517-3597755828-1000UA.job
- c:\users\PowerChaos\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-12 10:34]

2010-06-23 c:\windows\Tasks\HPCeeScheduleForPowerChaos.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-19 10:34]

2010-06-23 c:\windows\Tasks\User_Feed_Synchronization-{C1C22144-85F4-4E61-B522-E2B8CFE35474}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2604775
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: &AOL-werkbalk Zoeken - c:\programdata\AOL\ieToolbar\resources\nl-BE\local\search.html
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
.
- - - - ORPHANS VERWIJDERD - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
ShellIconOverlayIdentifiers-{02696AD5-FF96-454b-9E00-81DA8B79B678} - (no file)
SSODL-GootkitSSO-{0E08EE0B-A769-4861-913C-04E9CC2B5CA8} - (no file)
MSConfigStartUp-11051 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-11212 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-11223 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-11227 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-11321 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-11777 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-12363 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-1244 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-13405 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-14070 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-15188 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-15289 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-15499 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-15953 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-16715 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-16868 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-17597 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-17598 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-17639 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-18079 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-18496 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-19086 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-20777 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-21998 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-2342 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-23690 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-2541 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-27587 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-3008 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-30501 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-31370 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-31832 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-32029 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-32186 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-3719 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-4262 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-4852 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-5268 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-5890 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-5991 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-6640 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-6907 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-7712 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-8083 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-9605 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-9785 - c:\users\POWERC~1\AppData\Local\Temp\khvcol.exe
MSConfigStartUp-igkcomka - c:\windows\System32\igkcomka.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-{08C5815C-2C6E-44f8-8748-0E61BC9AFB0c} - c:\aeriagames\Latale\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 16:42
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys >>UNKNOWN [0x86E231F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x83f0d322
\Driver\ACPI -> acpi.sys @ 0x807add4c
\Driver\atapi -> 0x86e231f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK
PE file found in sector at 0x02542D042 !
PE file found in sector at 0x02542D099 !
PE file found in sector at 0x02542D0AD !
PE file found in sector at 0x02542D113 !

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MySql]
"ImagePath"="C:/wamp/mysql/bin/mysqld-max-nt.exe"
--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MySql]
"ImagePath"="C:/wamp/mysql/bin/mysqld-max-nt.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1019093574-2568049517-3597755828-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ABC35AF4-C577-9EE7-068C-A42F970275E5}*]
"hacipmmbdhdcbimb"=hex:6b,61,65,64,6d,6b,6c,61,67,61,6f,68,68,67,6f,69,6e,68,
   6c,66,6e,64,00,00
"gajjlllekpfmda"=hex:61,63,64,64,62,6f,6c,69,68,64,6e,67,69,70,6e,6e,62,6f,62,
   6d,6d,66,6b,70,67,62,65,64,64,61,6b,6b,6c,61,66,67,64,70,67,66,6b,6b,63,69,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(3832)
c:\program files\FlashGet\fgmgr.dll
c:\program files\Xfire\xfire_toucan_42784.dll
c:\windows\system32\btmmhook.dll
c:\program files\K-Lite Codec Pack\Filters\vsfilter.dll
c:\program files\K-Lite Codec Pack\Filters\mmmpcdmx.ax
c:\program files\K-Lite Codec Pack\Filters\WavPackDSSplitter.ax
c:\program files\K-Lite Codec Pack\Filters\mmamr.ax
c:\program files\K-Lite Codec Pack\Filters\Haali\splitter.ax
c:\program files\K-Lite Codec Pack\Filters\Haali\mkzlib.dll
c:\program files\K-Lite Codec Pack\Filters\Haali\mkunicode.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2010\vsserv.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\wamp\mysql\bin\mysqld-max-nt.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\BitDefender\BitDefender 2010\seccenter.exe
c:\windows\system32\conime.exe
c:\users\PowerChaos\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\users\PowerChaos\AppData\Local\Apps\2.0\MNA13DO6.7KZ\C5YC8GWC.T64\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe
.
**************************************************************************
.
Voltooingstijd: 2010-06-24  16:52:17 - machine werd herstart
ComboFix-quarantined-files.txt  2010-06-24 14:52

Pre-Run: 3.263.696.896 bytes beschikbaar
Post-Run: 4.718.641.152 bytes beschikbaar

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4,5
- - End Of File - - DFEE92AB61A5CC7715AA1BBA3CC33CFD


sorry for late reply's and thank you for your support
Greetings From PowerChaos

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 24 June 2010 - 10:30 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
File::
C:\windows1.exe
c:\windows\system32\svchos..exe
c:\windows\system32\svhosit.exe
c:\windows\vtany.sys
c:\windows\xhunter1.sys

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>

Driver::
iyaqolqu
RemotMot
teparting serverl
VMMDriver
vtany
xhunter1


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?
Gringo

Edited by gringo_pr, 24 June 2010 - 10:31 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 PowerChaos

PowerChaos
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 24 June 2010 - 12:15 PM

hi,
from the moment i dit the scan then all internet conection was lost , it rebooted the pc and then it finished

after reboot was the internet back

here is the log

CODE
ComboFix 10-06-23.05 - PowerChaos 24/06/2010  18:13:25.2.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.32.1043.18.3068.1794 [GMT 2:00]
Gestart vanuit: c:\users\PowerChaos\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\PowerChaos\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\svchos..exe"
"c:\windows\system32\svhosit.exe"
"c:\windows\vtany.sys"
"c:\windows\xhunter1.sys"
"C:\windows1.exe"
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\system volume information\_restore{d5fffa500b1b}
c:\windows\null
c:\windows\system32\svhosit.exe
C:\windows1.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IYAQOLQU
-------\Legacy_VMMDRIVER
-------\Legacy_VTANY
-------\Legacy_XHUNTER1
-------\Service_iyaqolqu
-------\Service_RemotMot
-------\Service_teparting serverl
-------\Service_VMMDriver
-------\Service_vtany
-------\Service_xhunter1


((((((((((((((((((((   Bestanden Gemaakt van 2010-05-24 to 2010-06-24  ))))))))))))))))))))))))))))))
.

2010-06-24 16:25 . 2010-06-24 16:25    --------    d-----w-    c:\users\Public\AppData\Local\temp
2010-06-24 16:25 . 2010-06-24 16:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-06-24 14:29 . 2010-06-24 16:47    --------    d-----w-    c:\users\PowerChaos\AppData\Local\temp
2010-06-24 01:26 . 2010-06-24 01:26    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\NetSarang
2010-06-24 01:24 . 2010-06-24 01:24    --------    d-----w-    c:\program files\NetSarang
2010-06-24 01:24 . 2010-06-24 01:24    --------    d-----w-    c:\program files\Common Files\NetSarang
2010-06-24 01:24 . 2010-06-24 01:24    --------    d-----w-    c:\programdata\NetSarang
2010-06-24 01:06 . 2010-06-24 01:06    --------    d-----w-    c:\program files\RealVNC
2010-06-24 00:56 . 2010-06-24 00:56    --------    d-----w-    c:\program files\TightVNC
2010-06-23 02:17 . 2010-06-23 02:17    --------    d-----w-    c:\programdata\Isotx
2010-06-23 02:02 . 2010-06-23 02:03    --------    d-----w-    c:\program files\IGWarlord
2010-06-22 01:13 . 2010-06-22 01:13    --------    d-----w-    c:\program files\Visual MP3 Splitter & Joiner
2010-06-21 18:38 . 2010-06-21 18:38    --------    d-----w-    c:\users\PowerChaos\AppData\Local\TeamSpeak 3 Client
2010-06-21 16:05 . 2010-06-21 16:05    --------    d-----w-    C:\VirtualDJPortable
2010-06-19 02:31 . 2010-06-22 20:33    --------    d-----w-    c:\program files\Crazy Tao
2010-06-19 00:11 . 2010-06-19 00:11    --------    d-----w-    C:\syslog
2010-06-18 16:03 . 2010-06-18 16:15    --------    d-----w-    c:\program files\ProxyFirewall
2010-06-18 02:20 . 2010-06-18 02:20    --------    d-----w-    c:\program files\MIDITracker
2010-06-18 01:44 . 2010-06-18 02:05    --------    d-----w-    c:\program files\HooTech WAV MP3 Converter
2010-06-18 01:30 . 2010-06-18 01:30    985    ----a-w-    c:\windows\system32\SpoonUninstall-dBpowerAMP WSP Codec.dat
2010-06-17 21:47 . 2010-06-17 21:47    --------    d-----w-    c:\program files\Viva Media
2010-06-17 20:13 . 2010-06-17 20:13    --------    d-----w-    c:\programdata\ATI
2010-06-17 19:49 . 2010-06-17 19:49    --------    d-----w-    C:\ATI
2010-06-17 19:48 . 2010-06-17 19:48    --------    d-----w-    C:\AMD
2010-06-17 17:14 . 2010-06-17 23:17    278728    ----a-w-    c:\windows\system32\drivers\atksgt.sys
2010-06-17 17:12 . 2010-06-17 17:12    18048    ----a-w-    c:\windows\system32\drivers\lirsgt.sys
2010-06-17 05:06 . 2010-06-17 05:06    --------    d-----w-    c:\program files\WinUHA
2010-06-17 03:04 . 2010-06-17 03:05    --------    d-----w-    c:\users\PowerChaos\AppData\Local\LAG
2010-06-17 03:04 . 2010-06-17 03:04    --------    d-----w-    c:\programdata\LAG
2010-06-17 03:04 . 2010-06-17 03:04    --------    d-----w-    c:\windows\system32\AGEIA
2010-06-16 04:51 . 2010-06-16 04:51    --------    d-----w-    c:\program files\Microsoft Silverlight
2010-06-16 04:50 . 2010-02-12 10:48    293376    ----a-w-    c:\windows\system32\browserchoice.exe
2010-06-16 04:36 . 2010-06-16 04:36    --------    d-----w-    c:\users\PowerChaos\AppData\Local\ApplicationHistory
2010-06-16 04:36 . 2010-06-16 04:36    98    ----a-w-    c:\users\PowerChaos\AppData\Local\fusioncache.dat
2010-06-16 04:32 . 2010-02-20 23:39    24064    ----a-w-    c:\windows\system32\nshhttp.dll
2010-06-16 04:32 . 2010-02-20 23:37    31232    ----a-w-    c:\windows\system32\httpapi.dll
2010-06-16 04:32 . 2010-02-20 21:18    411136    ----a-w-    c:\windows\system32\drivers\http.sys
2010-06-16 04:24 . 2010-01-25 08:35    523776    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2010-06-16 04:23 . 2010-04-23 13:55    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-06-16 04:22 . 2009-08-10 11:01    1399296    ----a-w-    c:\windows\system32\msxml6.dll
2010-06-16 04:21 . 2009-08-10 13:05    351232    ----a-w-    c:\windows\system32\WSDApi.dll
2010-06-16 03:30 . 2009-09-10 15:21    310784    ----a-w-    c:\windows\system32\unregmp2.exe
2010-06-16 03:30 . 2009-09-10 15:21    8147456    ----a-w-    c:\windows\system32\wmploc.DLL
2010-06-16 03:16 . 2010-06-16 03:16    --------    d-----w-    c:\program files\Remote Desktop
2010-06-15 22:21 . 2010-06-15 22:21    --------    d-----w-    c:\programdata\{11D4F6A6-F42B-4D07-984C-B2E62CE04766}
2010-06-15 22:20 . 2010-06-15 22:21    --------    d-----w-    c:\program files\LiveZilla BETA
2010-06-15 19:28 . 2010-06-15 19:28    --------    d-----w-    c:\program files\SmartPCTools
2010-06-15 18:25 . 2010-06-16 20:11    --------    d-----w-    C:\xRumer500
2010-06-15 15:44 . 2010-06-15 15:44    --------    d-----w-    c:\programdata\TomTom
2010-06-15 15:38 . 2010-06-15 15:38    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\TomTom
2010-06-15 15:38 . 2010-06-15 15:38    --------    d-----w-    c:\users\PowerChaos\AppData\Local\TomTom
2010-06-15 15:38 . 2010-06-15 15:38    --------    d-----w-    c:\program files\TomTom International B.V
2010-06-15 15:37 . 2010-06-15 15:37    --------    d-----w-    c:\program files\TomTom HOME 2
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\wsbl.dat
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\phar_unmip.dat
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\phar_histprot.dat
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\ph_white.dat
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\ph_summ.dat
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\ph_black.dat
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\pcwords2.dat
2010-06-10 21:17 . 2010-06-10 21:17    --------    d-----w-    C:\Binaries
2010-06-10 15:04 . 2009-03-08 11:32    72704    ----a-w-    c:\windows\system32\admparse.dll
2010-06-10 02:38 . 2010-06-10 02:38    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\BitDefender
2010-06-10 02:37 . 2010-06-10 21:17    --------    d-----w-    c:\programdata\BitDefender
2010-06-10 02:37 . 2010-06-10 21:17    --------    d-----w-    c:\program files\BitDefender
2010-06-10 02:32 . 2010-06-10 02:32    --------    d-----w-    c:\windows\system32\URTTEMP
2010-06-10 02:29 . 2010-06-10 21:17    --------    d-----w-    c:\program files\Common Files\BitDefender
2010-06-10 01:02 . 2010-06-10 01:02    411368    ----a-w-    c:\windows\system32\deployJava1.dll
2010-06-08 16:28 . 2010-06-08 16:28    --------    d--h--w-    c:\program files\NVIDIA
2010-06-08 13:23 . 2010-06-08 13:23    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Unity
2010-06-07 23:00 . 2010-06-07 23:00    --------    d-----w-    c:\programdata\Blizzard Entertainment
2010-06-07 17:28 . 2010-06-07 17:28    --------    d-----w-    c:\programdata\WindowsSearch
2010-06-02 04:35 . 2010-06-02 04:35    40960    ----a-w-    c:\windows\system32\cmdshell.dll
2010-06-01 16:01 . 2010-06-01 16:01    --------    d-----w-    C:\My Documents
2010-05-30 19:35 . 2010-05-30 19:44    517348    ----a-w-    c:\windows\null.exe
2010-05-28 00:09 . 2010-05-28 00:09    41872    ----a-w-    c:\windows\system32\xfcodec.dll
2010-05-27 17:02 . 2010-05-27 17:02    143360    ----a-w-    c:\windows\system32\atiapfxx.exe
2010-05-27 17:02 . 2010-05-27 17:02    511488    ----a-w-    c:\windows\system32\aticfx32.dll
2010-05-27 16:59 . 2010-05-27 16:59    376832    ----a-w-    c:\windows\system32\atieclxx.exe
2010-05-27 16:59 . 2010-05-27 16:59    176128    ----a-w-    c:\windows\system32\atiesrxx.exe
2010-05-27 16:58 . 2010-05-27 16:58    11776    ----a-w-    c:\windows\system32\atimuixx.dll
2010-05-27 16:41 . 2010-05-27 16:41    53248    ----a-w-    c:\windows\system32\aticalrt.dll
2010-05-27 16:41 . 2010-05-27 16:41    53248    ----a-w-    c:\windows\system32\aticalcl.dll
2010-05-27 16:39 . 2010-05-27 16:39    4096000    ----a-w-    c:\windows\system32\aticaldd.dll
2010-05-27 16:35 . 2010-05-27 16:35    50176    ----a-w-    c:\windows\system32\coinst.dll
2010-05-27 16:25 . 2010-05-27 16:25    12800    ----a-w-    c:\windows\system32\atiglpxx.dll
2010-05-27 16:25 . 2010-05-27 16:25    16896    ----a-w-    c:\windows\system32\atigktxx.dll
2010-05-27 16:25 . 2010-05-27 16:25    209920    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2010-05-27 16:24 . 2010-05-27 16:24    30208    ----a-w-    c:\windows\system32\atiuxpag.dll
2010-05-27 16:24 . 2010-05-27 16:24    22528    ----a-w-    c:\windows\system32\atiu9pag.dll
2010-05-27 16:24 . 2010-05-27 16:24    23040    ----a-w-    c:\windows\system32\atitmpxx.dll
2010-05-27 16:20 . 2010-05-27 16:20    52736    ----a-w-    c:\windows\system32\atimpc32.dll

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 16:26 . 2009-04-06 01:28    1076    ----a-w-    c:\windows\bthservsdp.dat
2010-06-24 16:26 . 2009-10-03 18:10    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\uTorrent
2010-06-24 16:02 . 2009-02-20 07:51    677454    ----a-w-    c:\windows\system32\perfh013.dat
2010-06-24 16:02 . 2009-02-20 07:51    131774    ----a-w-    c:\windows\system32\perfc013.dat
2010-06-24 16:02 . 2009-02-20 07:46    669032    ----a-w-    c:\windows\system32\perfh00C.dat
2010-06-24 16:02 . 2009-02-20 07:46    127838    ----a-w-    c:\windows\system32\perfc00C.dat
2010-06-24 15:01 . 2009-06-12 17:33    --------    d-----w-    c:\programdata\Xfire
2010-06-24 14:08 . 2009-06-12 16:03    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\FileZilla
2010-06-24 11:47 . 2009-07-13 23:30    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Vso
2010-06-24 01:37 . 2009-07-02 02:10    --------    d-----w-    c:\program files\VMware
2010-06-24 01:32 . 2009-06-19 17:28    --------    d-----w-    c:\programdata\VMware
2010-06-24 01:26 . 2009-02-19 23:56    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-06-23 21:52 . 2009-06-12 17:33    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Xfire
2010-06-21 16:25 . 2009-06-12 09:28    76224    ----a-w-    c:\users\PowerChaos\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-19 16:13 . 2009-11-24 01:29    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Apple Computer
2010-06-18 01:30 . 2010-02-12 16:15    164864    ----a-w-    c:\windows\system32\SpoonUninstall.exe
2010-06-18 00:42 . 2010-04-16 15:53    --------    d-----w-    c:\program files\Common Files\Blizzard Entertainment
2010-06-17 20:13 . 2009-04-06 01:32    --------    d-----w-    c:\program files\ATI Technologies
2010-06-17 14:43 . 2009-07-02 04:18    --------    d-----w-    c:\program files\Atari
2010-06-17 05:30 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2010-06-17 03:04 . 2010-02-21 00:31    --------    d-----w-    c:\program files\AGEIA Technologies
2010-06-17 03:03 . 2009-10-04 17:23    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2010-06-17 02:27 . 2010-03-16 00:12    --------    d-----w-    c:\program files\Ubisoft
2010-06-16 04:56 . 2009-06-12 09:20    --------    d-----w-    c:\programdata\Microsoft Help
2010-06-14 23:59 . 2009-06-14 17:34    --------    d--h--w-    c:\users\PowerChaos\AppData\Roaming\ijjigame
2010-06-11 09:37 . 2009-10-19 15:04    72784    ----a-w-    c:\windows\system32\drivers\BdfNdisf6.sys
2010-06-10 21:12 . 2010-05-19 19:55    --------    d-----w-    c:\program files\NCH Software
2010-06-10 17:22 . 2010-05-19 19:56    --------    d-----w-    c:\program files\NCH Swift Sound
2010-06-10 17:17 . 2009-08-08 16:02    --------    d-----w-    c:\program files\Picture Resize Genius
2010-06-10 17:00 . 2010-03-15 22:09    --------    d-----w-    c:\program files\NTFS Undelete
2010-06-10 17:00 . 2009-06-20 16:45    --------    d-----w-    c:\program files\MediaRing
2010-06-10 16:45 . 2010-03-01 22:06    --------    d-----w-    c:\programdata\Alwil Software
2010-06-10 16:37 . 2009-06-12 17:33    --------    d-----w-    c:\program files\Xfire
2010-06-10 01:00 . 2009-02-20 01:22    --------    d-----w-    c:\program files\Java
2010-06-10 00:58 . 2009-02-20 01:22    --------    d-----w-    c:\program files\Common Files\Java
2010-06-07 21:17 . 2009-06-29 23:44    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Microsoft Games
2010-06-07 21:17 . 2009-06-29 23:39    --------    d-----w-    c:\programdata\Microsoft Games
2010-05-26 16:16 . 2010-06-16 04:24    34304    ----a-w-    c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-16 04:24    289792    ----a-w-    c:\windows\system32\atmfd.dll
2010-05-26 13:24 . 2010-04-27 16:39    18488    ----a-w-    c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2010-05-25 02:25 . 2009-06-12 15:43    --------    d-----w-    c:\program files\FlashGet
2010-05-22 20:27 . 2010-03-21 00:06    139152    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2010-05-22 20:26 . 2010-03-21 00:06    111928    ----a-w-    c:\windows\system32\PnkBstrB.exe
2010-05-22 20:10 . 2010-03-21 00:06    22328    ----a-w-    c:\users\PowerChaos\AppData\Roaming\PnkBstrK.sys
2010-05-22 20:10 . 2010-03-21 00:06    66872    ----a-w-    c:\windows\system32\PnkBstrA.exe
2010-05-22 20:10 . 2010-05-22 20:10    674600    ----a-w-    c:\windows\system32\pbsvc.exe
2010-05-22 20:06 . 2009-07-02 14:15    --------    d-----w-    c:\program files\GameSpy Arcade
2010-05-22 19:37 . 2009-06-13 16:01    530    ----a-w-    c:\windows\eReg.dat
2010-05-19 20:30 . 2010-05-19 20:30    --------    d-----w-    c:\program files\Livestream Procaster
2010-05-19 19:59 . 2010-05-19 19:56    --------    d-----w-    c:\programdata\NCH Swift Sound
2010-05-19 19:55 . 2010-05-19 19:55    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\NCH Software
2010-05-19 15:03 . 2010-05-19 15:03    --------    d-----w-    c:\program files\Broadcaster
2010-05-19 14:55 . 2009-06-15 01:27    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Skype
2010-05-19 14:03 . 2009-06-15 01:32    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\skypePM
2010-05-17 15:50 . 2009-06-16 13:28    --------    d-----w-    c:\program files\TallStick
2010-05-17 15:09 . 2006-11-02 07:36    149560    ----a-w-    c:\windows\system32\drivers\adpu320.sys
2010-05-17 13:12 . 2010-05-17 03:55    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\AKM Antivirus 2010 Pro
2010-05-17 03:53 . 2009-07-14 22:44    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\DNA
2010-05-17 03:49 . 2010-05-17 03:49    --------    d-----w-    c:\program files\SWF Decompiler Magic
2010-05-17 03:35 . 2010-05-17 03:35    --------    d-----w-    c:\program files\Common Files\SourceTec
2010-05-17 03:35 . 2010-05-17 03:35    --------    d-----w-    c:\program files\SourceTec
2010-05-17 03:07 . 2010-05-15 16:59    --------    d-----w-    c:\program files\CamStudio
2010-05-15 23:58 . 2010-02-12 14:41    --------    d-----w-    c:\program files\Domus
2010-05-15 17:32 . 2010-05-15 01:52    --------    d-----w-    c:\program files\AmazingMIDI
2010-05-15 17:32 . 2010-02-10 21:54    --------    d-----w-    c:\programdata\BVRP Software
2010-05-15 17:32 . 2010-05-15 17:32    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\InstallShield
2010-05-15 17:17 . 2010-05-15 01:57    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\dream-mp3-to-midi-converter
2010-05-15 17:16 . 2009-06-16 13:46    --------    d-----w-    c:\program files\VstPlugins
2010-05-15 17:16 . 2009-06-16 13:44    --------    d-----w-    c:\program files\Image-Line
2010-05-15 09:38 . 2010-05-15 09:38    11024    ----a-w-    c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2010-05-15 09:38 . 2010-02-12 16:15    15607    ----a-w-    c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-05-15 01:47 . 2010-05-15 01:25    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Synthesia
2010-05-13 18:19 . 2009-08-14 18:39    6836    ----a-w-    c:\users\PowerChaos\AppData\Local\d3d9caps.dat
2010-05-13 18:17 . 2009-07-14 22:44    --------    d-----w-    c:\program files\DNA
2010-05-12 16:49 . 2010-05-12 16:49    --------    d-----w-    c:\program files\Rockstar Games
2010-05-12 09:21 . 2010-03-05 14:43    221568    ------w-    c:\windows\system32\MpSigStub.exe
2010-05-12 01:43 . 2010-05-12 01:43    --------    d-----w-    c:\programdata\DivX
2010-05-07 00:20 . 2010-05-07 00:20    --------    d-----w-    c:\program files\ijji
2010-05-05 20:40 . 2009-10-08 21:04    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\.purple
2010-05-05 10:12 . 2009-10-03 18:13    --------    d-----w-    c:\program files\Ask.com
2010-05-05 09:08 . 2010-05-02 16:17    --------    d-----w-    c:\program files\Zynga
2010-05-05 09:01 . 2010-02-11 00:47    --------    d-----w-    c:\program files\AoA DVD Ripper
2010-05-05 08:59 . 2010-04-01 10:30    --------    d-----w-    c:\program files\ElcomSoft
2010-05-05 08:57 . 2010-02-20 14:01    --------    d-----w-    c:\program files\GameHi_USA
2010-05-04 20:54 . 2010-05-04 20:54    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\PeerNetworking
2010-05-04 20:27 . 2009-08-18 19:29    --------    d-----w-    c:\programdata\PMB Files
2010-05-04 12:36 . 2010-05-04 12:36    --------    d-----w-    c:\programdata\PopCap
2010-05-04 05:59 . 2010-06-10 15:06    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 15:06    71680    ----a-w-    c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 15:06    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 15:06    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-16 04:22    2036224    ----a-w-    c:\windows\system32\win32k.sys
2010-04-29 15:37 . 2010-04-29 15:37    2137    ----a-w-    c:\windows\system32\atipblag.dat
2010-04-21 22:29 . 2009-10-08 20:21    59    ----a-w-    c:\windows\wpd99.drv
2010-04-16 16:10 . 2010-06-16 04:23    1314816    ----a-w-    c:\windows\system32\quartz.dll
2010-04-15 16:49 . 2010-03-09 17:23    1335048    ----a-w-    c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2010-04-08 14:48 . 2010-03-16 17:47    17160    ----a-w-    c:\windows\Help\OEM\scripts\HPHCDisableObject.exe
2010-04-06 15:52 . 2010-04-27 16:39    18184    ----a-w-    c:\windows\Help\OEM\scripts\HC_Launch.exe
2010-04-05 16:07 . 2010-06-16 04:23    67072    ----a-w-    c:\windows\system32\asycfilt.dll
2010-03-26 19:17 . 2010-03-26 19:17    1736704    ----a-w-    C:\DemonPower_Eo_Beta - BoosterKing - .exe
2009-02-20 08:11 . 2009-02-20 07:53    8192    --sha-w-    c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96}"= "c:\program files\DemonPower_Gaming\tbDem0.dll" [2010-04-15 2515552]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96}]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-02-22 10:05    2353176    ----a-w-    c:\program files\Zynga\tbZyn0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96}]
2010-04-15 10:33    2515552    ----a-w-    c:\program files\DemonPower_Gaming\tbDem0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96}"= "c:\program files\DemonPower_Gaming\tbDem0.dll" [2010-04-15 2515552]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96}]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DBB3A0A6-6A4C-4F70-A042-4CE9F1746A96}"= "c:\program files\DemonPower_Gaming\tbDem0.dll" [2010-04-15 2515552]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96}]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-01-20 3883856]
"Google Update"="c:\users\PowerChaos\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-20 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-20 289072]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-05-07 247144]
"Registry Repair Wizard Scheduler"="c:\program files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" [2008-11-24 1052928]
"Steam"="d:\windows.old.001\program files\steam\steam.exe" [2010-06-17 1238352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2010-01-20 2007088]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2010-01-20 144784]
"WindowsNull"="c:\windows\null.exe" [2010-05-30 517348]
"LiveZilla"="c:\program files\LiveZilla BETA\LiveZilla.exe" [2010-06-10 2776920]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]

c:\users\PowerChaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-4-17 0]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-5-28 3493264]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0aswBoot.exe /M:120882429b92

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iReboot 1.1.0.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\iReboot 1.1.0.lnk
backup=c:\windows\pss\iReboot 1.1.0.lnkCommon Startup

[HKLM\~\startupfolder\C:^Users^PowerChaos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\users\PowerChaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Users^PowerChaos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MediaRing Talk.lnk]
path=c:\users\PowerChaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MediaRing Talk.lnk
backup=c:\windows\pss\MediaRing Talk.lnkStartup

[HKLM\~\startupfolder\C:^Users^PowerChaos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]
path=c:\users\PowerChaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-01-20 10:33    34672    ----a-w-    c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
2010-03-18 14:25    1123360    ----a-w-    c:\program files\BitDefender\BitDefender 2010\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
2009-10-19 15:05    71152    ----a-w-    c:\program files\BitDefender\BitDefender 2010\ieshow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-01-20 10:33    323392    ----a-w-    c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-01-20 10:33    691656    ----a-w-    c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
2010-01-20 10:33    2007088    ----a-w-    c:\progra~1\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-01-20 10:33    54576    ----a-w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-20 10:33    141600    ----a-w-    c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveZilla]
2010-01-20 10:33    2793768    ----a-w-    c:\program files\LiveZilla\LiveZilla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-06 00:27    26102056    ----a-r-    c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2010-01-20 10:33    210216    ----a-w-    c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2010-01-20 10:33    210216    ----a-w-    c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2010-01-20 10:33    210216    ----a-w-    c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2010-01-20 10:33    210216    ----a-w-    c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-01-20 10:34    289072    ----a-w-    c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VRS]
2010-05-23 02:45    1024004    ----a-w-    c:\program files\NCH Swift Sound\VRS\vrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23    1008184    ----a-w-    c:\program files\Windows Defender\MSASCui.exe

R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R2 StudioPro;StudioPro webcam;c:\windows\system32\DRIVERS\StudioPro.sys [2006-12-03 124416]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-20 222512]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-11-12 3403420]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-06-30 91408]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R4 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
R4 iReboot;iReboot Background Service;c:\program files\NeoSmart Technologies\iReboot\iRebootd.exe [2008-04-27 9216]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-29 721904]
R4 VMwareServerWebAccess;VMware Server Web Access;c:\program files\VMware\VMware Server\tomcat\bin\Tomcat6.exe [2010-01-20 57344]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2010-06-11 72784]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/04/06 04:12];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 16:04 87536]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 176128]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-01-19 85128]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-01-20 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2010-01-20 365952]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-05-07 92008]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2010-01-20 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2010-01-20 116096]
S2 VRSService;VRS Recording System;c:\program files\NCH Swift Sound\VRS\vrs.exe [2010-05-23 1024004]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-12-31 4172288]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 209920]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-03 153448]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
bdx    REG_MULTI_SZ       scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-20 10:33    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019093574-2568049517-3597755828-1000Core.job
- c:\users\PowerChaos\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-12 10:34]

2010-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019093574-2568049517-3597755828-1000UA.job
- c:\users\PowerChaos\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-12 10:34]

2010-06-23 c:\windows\Tasks\HPCeeScheduleForPowerChaos.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-19 10:34]

2010-06-23 c:\windows\Tasks\User_Feed_Synchronization-{C1C22144-85F4-4E61-B522-E2B8CFE35474}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2604775
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb
IE: &AOL-werkbalk Zoeken - c:\programdata\AOL\ieToolbar\resources\nl-BE\local\search.html
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 18:47
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MySql]
"ImagePath"="C:/wamp/mysql/bin/mysqld-max-nt.exe"
--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MySql]
"ImagePath"="C:/wamp/mysql/bin/mysqld-max-nt.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1019093574-2568049517-3597755828-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ABC35AF4-C577-9EE7-068C-A42F970275E5}*]
"hacipmmbdhdcbimb"=hex:6b,61,65,64,6d,6b,6c,61,67,61,6f,68,68,67,6f,69,6e,68,
   6c,66,6e,64,00,00
"gajjlllekpfmda"=hex:61,63,64,64,62,6f,6c,69,68,64,6e,67,69,70,6e,6e,62,6f,62,
   6d,6d,66,6b,70,67,62,65,64,64,61,6b,6b,6c,61,66,67,64,70,67,66,6b,6b,63,69,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(3900)
c:\program files\FlashGet\fgmgr.dll
c:\program files\Xfire\xfire_toucan_42784.dll
c:\windows\system32\btmmhook.dll
c:\program files\K-Lite Codec Pack\Filters\vsfilter.dll
c:\program files\K-Lite Codec Pack\Filters\mmmpcdmx.ax
c:\program files\K-Lite Codec Pack\Filters\WavPackDSSplitter.ax
c:\program files\K-Lite Codec Pack\Filters\mmamr.ax
c:\program files\K-Lite Codec Pack\Filters\Haali\splitter.ax
c:\program files\K-Lite Codec Pack\Filters\Haali\mkzlib.dll
c:\program files\K-Lite Codec Pack\Filters\Haali\mkunicode.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2010\vsserv.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\wamp\mysql\bin\mysqld-max-nt.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\conime.exe
c:\program files\BitDefender\BitDefender 2010\seccenter.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\users\PowerChaos\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
.
**************************************************************************
.
Voltooingstijd: 2010-06-24  18:57:49 - machine werd herstart
ComboFix-quarantined-files.txt  2010-06-24 16:57
ComboFix2.txt  2010-06-24 14:52

Pre-Run: 5.389.516.800 bytes beschikbaar
Post-Run: 4.892.139.520 bytes beschikbaar

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4,5
- - End Of File - - ECFBA7ABC7F6627660A9BB34B85DA8CF


Thank you
Greetings From PowerChaos

ps: a bit offtopic question
the logs are in dutch , so i was wondering if we can speak dutch to here ? , or that we need to keep talking english on the forum :D

Thank you
Greetings From PowerChaos

Edited by PowerChaos, 24 June 2010 - 12:17 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 24 June 2010 - 12:36 PM

Greetings

the logs are in dutch , so i was wondering if we can speak dutch to here ? , or that we need to keep talking english on the forum :D I speak no dutch so It would not do us any good to speak dutch

I still see some things that we need to fix

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
RegNull::
[HKEY_USERS\S-1-5-21-1019093574-2568049517-3597755828-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ABC35AF4-C577-9EE7-068C-A42F970275E5}*]


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 PowerChaos

PowerChaos
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 24 June 2010 - 08:41 PM

hi
here is the log of the latest scan
sorry for late reply but after the last message i wasnt home anymore (its 3.40 am at this moment)

here is the log below
CODE
ComboFix 10-06-23.05 - PowerChaos 24/06/2010  20:13:15.3.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.32.1043.18.3068.1623 [GMT 2:00]
Gestart vanuit: c:\users\PowerChaos\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\PowerChaos\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\null

.
((((((((((((((((((((   Bestanden Gemaakt van 2010-05-24 to 2010-06-24  ))))))))))))))))))))))))))))))
.

2010-06-24 18:25 . 2010-06-24 18:25    --------    d-----w-    c:\users\Public\AppData\Local\temp
2010-06-24 18:25 . 2010-06-24 18:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-06-24 14:29 . 2010-06-24 18:25    --------    d-----w-    c:\users\PowerChaos\AppData\Local\temp
2010-06-24 01:26 . 2010-06-24 01:26    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\NetSarang
2010-06-24 01:24 . 2010-06-24 01:24    --------    d-----w-    c:\program files\NetSarang
2010-06-24 01:24 . 2010-06-24 01:24    --------    d-----w-    c:\program files\Common Files\NetSarang
2010-06-24 01:24 . 2010-06-24 01:24    --------    d-----w-    c:\programdata\NetSarang
2010-06-24 01:06 . 2010-06-24 01:06    --------    d-----w-    c:\program files\RealVNC
2010-06-24 00:56 . 2010-06-24 00:56    --------    d-----w-    c:\program files\TightVNC
2010-06-23 02:17 . 2010-06-23 02:17    --------    d-----w-    c:\programdata\Isotx
2010-06-23 02:02 . 2010-06-23 02:03    --------    d-----w-    c:\program files\IGWarlord
2010-06-22 01:13 . 2010-06-22 01:13    --------    d-----w-    c:\program files\Visual MP3 Splitter & Joiner
2010-06-21 18:38 . 2010-06-21 18:38    --------    d-----w-    c:\users\PowerChaos\AppData\Local\TeamSpeak 3 Client
2010-06-21 16:05 . 2010-06-21 16:05    --------    d-----w-    C:\VirtualDJPortable
2010-06-19 02:31 . 2010-06-22 20:33    --------    d-----w-    c:\program files\Crazy Tao
2010-06-19 00:11 . 2010-06-19 00:11    --------    d-----w-    C:\syslog
2010-06-18 16:03 . 2010-06-18 16:15    --------    d-----w-    c:\program files\ProxyFirewall
2010-06-18 02:20 . 2010-06-18 02:20    --------    d-----w-    c:\program files\MIDITracker
2010-06-18 01:44 . 2010-06-18 02:05    --------    d-----w-    c:\program files\HooTech WAV MP3 Converter
2010-06-18 01:30 . 2010-06-18 01:30    985    ----a-w-    c:\windows\system32\SpoonUninstall-dBpowerAMP WSP Codec.dat
2010-06-17 21:47 . 2010-06-17 21:47    --------    d-----w-    c:\program files\Viva Media
2010-06-17 20:13 . 2010-06-17 20:13    --------    d-----w-    c:\programdata\ATI
2010-06-17 19:49 . 2010-06-17 19:49    --------    d-----w-    C:\ATI
2010-06-17 19:48 . 2010-06-17 19:48    --------    d-----w-    C:\AMD
2010-06-17 17:14 . 2010-06-17 23:17    278728    ----a-w-    c:\windows\system32\drivers\atksgt.sys
2010-06-17 17:12 . 2010-06-17 17:12    18048    ----a-w-    c:\windows\system32\drivers\lirsgt.sys
2010-06-17 05:06 . 2010-06-17 05:06    --------    d-----w-    c:\program files\WinUHA
2010-06-17 03:04 . 2010-06-17 03:05    --------    d-----w-    c:\users\PowerChaos\AppData\Local\LAG
2010-06-17 03:04 . 2010-06-17 03:04    --------    d-----w-    c:\programdata\LAG
2010-06-17 03:04 . 2010-06-17 03:04    --------    d-----w-    c:\windows\system32\AGEIA
2010-06-16 04:51 . 2010-06-16 04:51    --------    d-----w-    c:\program files\Microsoft Silverlight
2010-06-16 04:50 . 2010-02-12 10:48    293376    ----a-w-    c:\windows\system32\browserchoice.exe
2010-06-16 04:36 . 2010-06-16 04:36    --------    d-----w-    c:\users\PowerChaos\AppData\Local\ApplicationHistory
2010-06-16 04:36 . 2010-06-16 04:36    98    ----a-w-    c:\users\PowerChaos\AppData\Local\fusioncache.dat
2010-06-16 04:32 . 2010-02-20 23:39    24064    ----a-w-    c:\windows\system32\nshhttp.dll
2010-06-16 04:32 . 2010-02-20 23:37    31232    ----a-w-    c:\windows\system32\httpapi.dll
2010-06-16 04:32 . 2010-02-20 21:18    411136    ----a-w-    c:\windows\system32\drivers\http.sys
2010-06-16 04:24 . 2010-01-25 08:35    523776    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2010-06-16 04:23 . 2010-04-23 13:55    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-06-16 04:22 . 2009-08-10 11:01    1399296    ----a-w-    c:\windows\system32\msxml6.dll
2010-06-16 04:21 . 2009-08-10 13:05    351232    ----a-w-    c:\windows\system32\WSDApi.dll
2010-06-16 03:30 . 2009-09-10 15:21    310784    ----a-w-    c:\windows\system32\unregmp2.exe
2010-06-16 03:30 . 2009-09-10 15:21    8147456    ----a-w-    c:\windows\system32\wmploc.DLL
2010-06-16 03:16 . 2010-06-16 03:16    --------    d-----w-    c:\program files\Remote Desktop
2010-06-15 22:21 . 2010-06-15 22:21    --------    d-----w-    c:\programdata\{11D4F6A6-F42B-4D07-984C-B2E62CE04766}
2010-06-15 22:21 . 2010-06-10 11:34    575060    ----a-w-    c:\programdata\{11D4F6A6-F42B-4D07-984C-B2E62CE04766}\mia.dll
2010-06-15 22:21 . 2010-06-10 11:34    2204537    ----a-w-    c:\programdata\{11D4F6A6-F42B-4D07-984C-B2E62CE04766}\LiveZilla_3.2.0.0_Full.exe
2010-06-15 22:20 . 2010-06-15 22:21    --------    d-----w-    c:\program files\LiveZilla BETA
2010-06-15 19:28 . 2010-06-15 19:28    --------    d-----w-    c:\program files\SmartPCTools
2010-06-15 18:25 . 2010-06-16 20:11    --------    d-----w-    C:\xRumer500
2010-06-15 15:44 . 2010-06-15 15:44    --------    d-----w-    c:\programdata\TomTom
2010-06-15 15:38 . 2010-06-15 15:38    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\TomTom
2010-06-15 15:38 . 2010-06-15 15:38    --------    d-----w-    c:\users\PowerChaos\AppData\Local\TomTom
2010-06-15 15:38 . 2010-06-15 15:38    --------    d-----w-    c:\program files\TomTom International B.V
2010-06-15 15:37 . 2010-06-15 15:37    --------    d-----w-    c:\program files\TomTom HOME 2
2010-06-14 23:54 . 2010-06-14 23:54    509708424    ----a-w-    c:\users\PowerChaos\AppData\Roaming\ijjigame\U_SFInstaller.exe
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\wsbl.dat
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\phar_unmip.dat
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\phar_histprot.dat
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\ph_white.dat
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\ph_summ.dat
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\ph_black.dat
2010-06-11 09:47 . 2010-06-11 09:47    0    ----a-w-    c:\windows\system32\pcwords2.dat
2010-06-10 21:17 . 2010-06-10 21:17    --------    d-----w-    C:\Binaries
2010-06-10 15:04 . 2009-03-08 11:32    72704    ----a-w-    c:\windows\system32\admparse.dll
2010-06-10 02:38 . 2010-06-10 02:38    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\BitDefender
2010-06-10 02:37 . 2010-06-10 21:17    --------    d-----w-    c:\programdata\BitDefender
2010-06-10 02:37 . 2010-06-10 21:17    --------    d-----w-    c:\program files\BitDefender
2010-06-10 02:32 . 2010-06-10 02:32    --------    d-----w-    c:\windows\system32\URTTEMP
2010-06-10 02:29 . 2010-06-10 21:17    --------    d-----w-    c:\program files\Common Files\BitDefender
2010-06-10 01:02 . 2010-06-10 01:02    411368    ----a-w-    c:\windows\system32\deployJava1.dll
2010-06-08 16:28 . 2010-06-08 16:28    --------    d--h--w-    c:\program files\NVIDIA
2010-06-08 13:23 . 2010-06-08 13:23    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Unity
2010-06-07 23:00 . 2010-06-07 23:00    --------    d-----w-    c:\programdata\Blizzard Entertainment
2010-06-07 17:28 . 2010-06-07 17:28    --------    d-----w-    c:\programdata\WindowsSearch
2010-06-02 04:35 . 2010-06-02 04:35    40960    ----a-w-    c:\windows\system32\cmdshell.dll
2010-06-01 16:01 . 2010-06-01 16:01    --------    d-----w-    C:\My Documents
2010-05-30 19:35 . 2010-05-30 19:44    517348    ----a-w-    c:\windows\null.exe
2010-05-28 00:09 . 2010-05-28 00:09    41872    ----a-w-    c:\windows\system32\xfcodec.dll
2010-05-27 17:02 . 2010-05-27 17:02    143360    ----a-w-    c:\windows\system32\atiapfxx.exe
2010-05-27 17:02 . 2010-05-27 17:02    511488    ----a-w-    c:\windows\system32\aticfx32.dll
2010-05-27 16:59 . 2010-05-27 16:59    376832    ----a-w-    c:\windows\system32\atieclxx.exe
2010-05-27 16:59 . 2010-05-27 16:59    176128    ----a-w-    c:\windows\system32\atiesrxx.exe
2010-05-27 16:58 . 2010-05-27 16:58    11776    ----a-w-    c:\windows\system32\atimuixx.dll
2010-05-27 16:41 . 2010-05-27 16:41    53248    ----a-w-    c:\windows\system32\aticalrt.dll
2010-05-27 16:41 . 2010-05-27 16:41    53248    ----a-w-    c:\windows\system32\aticalcl.dll
2010-05-27 16:39 . 2010-05-27 16:39    4096000    ----a-w-    c:\windows\system32\aticaldd.dll
2010-05-27 16:35 . 2010-05-27 16:35    50176    ----a-w-    c:\windows\system32\coinst.dll
2010-05-27 16:25 . 2010-05-27 16:25    12800    ----a-w-    c:\windows\system32\atiglpxx.dll
2010-05-27 16:25 . 2010-05-27 16:25    16896    ----a-w-    c:\windows\system32\atigktxx.dll
2010-05-27 16:25 . 2010-05-27 16:25    209920    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2010-05-27 16:24 . 2010-05-27 16:24    30208    ----a-w-    c:\windows\system32\atiuxpag.dll
2010-05-27 16:24 . 2010-05-27 16:24    22528    ----a-w-    c:\windows\system32\atiu9pag.dll
2010-05-27 16:24 . 2010-05-27 16:24    23040    ----a-w-    c:\windows\system32\atitmpxx.dll
2010-05-27 16:20 . 2010-05-27 16:20    52736    ----a-w-    c:\windows\system32\atimpc32.dll

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 18:17 . 2009-10-03 18:10    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\uTorrent
2010-06-24 16:52 . 2009-02-20 07:51    677454    ----a-w-    c:\windows\system32\perfh013.dat
2010-06-24 16:52 . 2009-02-20 07:51    131774    ----a-w-    c:\windows\system32\perfc013.dat
2010-06-24 16:52 . 2009-02-20 07:46    669032    ----a-w-    c:\windows\system32\perfh00C.dat
2010-06-24 16:52 . 2009-02-20 07:46    127838    ----a-w-    c:\windows\system32\perfc00C.dat
2010-06-24 16:26 . 2009-04-06 01:28    1076    ----a-w-    c:\windows\bthservsdp.dat
2010-06-24 15:01 . 2009-06-12 17:33    --------    d-----w-    c:\programdata\Xfire
2010-06-24 14:08 . 2009-06-12 16:03    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\FileZilla
2010-06-24 11:47 . 2009-07-13 23:30    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Vso
2010-06-24 01:37 . 2009-07-02 02:10    --------    d-----w-    c:\program files\VMware
2010-06-24 01:32 . 2009-06-19 17:28    --------    d-----w-    c:\programdata\VMware
2010-06-24 01:26 . 2009-02-19 23:56    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-06-23 21:52 . 2009-06-12 17:33    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Xfire
2010-06-21 16:25 . 2009-06-12 09:28    76224    ----a-w-    c:\users\PowerChaos\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-19 16:13 . 2009-11-24 01:29    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Apple Computer
2010-06-18 01:30 . 2010-02-12 16:15    164864    ----a-w-    c:\windows\system32\SpoonUninstall.exe
2010-06-18 00:42 . 2010-04-16 15:53    --------    d-----w-    c:\program files\Common Files\Blizzard Entertainment
2010-06-17 20:13 . 2009-04-06 01:32    --------    d-----w-    c:\program files\ATI Technologies
2010-06-17 14:43 . 2009-07-02 04:18    --------    d-----w-    c:\program files\Atari
2010-06-17 05:30 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2010-06-17 03:04 . 2010-02-21 00:31    --------    d-----w-    c:\program files\AGEIA Technologies
2010-06-17 03:03 . 2009-10-04 17:23    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2010-06-17 02:27 . 2010-03-16 00:12    --------    d-----w-    c:\program files\Ubisoft
2010-06-16 04:56 . 2009-06-12 09:20    --------    d-----w-    c:\programdata\Microsoft Help
2010-06-14 23:59 . 2009-06-14 17:34    --------    d--h--w-    c:\users\PowerChaos\AppData\Roaming\ijjigame
2010-06-11 09:37 . 2009-10-19 15:04    72784    ----a-w-    c:\windows\system32\drivers\BdfNdisf6.sys
2010-06-10 21:12 . 2010-05-19 19:55    --------    d-----w-    c:\program files\NCH Software
2010-06-10 17:22 . 2010-05-19 19:56    --------    d-----w-    c:\program files\NCH Swift Sound
2010-06-10 17:17 . 2009-08-08 16:02    --------    d-----w-    c:\program files\Picture Resize Genius
2010-06-10 17:00 . 2010-03-15 22:09    --------    d-----w-    c:\program files\NTFS Undelete
2010-06-10 17:00 . 2009-06-20 16:45    --------    d-----w-    c:\program files\MediaRing
2010-06-10 16:45 . 2010-03-01 22:06    --------    d-----w-    c:\programdata\Alwil Software
2010-06-10 16:37 . 2009-06-12 17:33    --------    d-----w-    c:\program files\Xfire
2010-06-10 01:00 . 2009-02-20 01:22    --------    d-----w-    c:\program files\Java
2010-06-10 00:58 . 2009-02-20 01:22    --------    d-----w-    c:\program files\Common Files\Java
2010-06-07 21:17 . 2009-06-29 23:44    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Microsoft Games
2010-06-07 21:17 . 2009-06-29 23:39    --------    d-----w-    c:\programdata\Microsoft Games
2010-05-26 16:16 . 2010-06-16 04:24    34304    ----a-w-    c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-16 04:24    289792    ----a-w-    c:\windows\system32\atmfd.dll
2010-05-26 13:24 . 2010-04-27 16:39    18488    ----a-w-    c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2010-05-25 02:25 . 2009-06-12 15:43    --------    d-----w-    c:\program files\FlashGet
2010-05-23 02:45 . 2010-05-19 19:56    122880    ----a-w-    c:\programdata\NCH Swift Sound\VRS\mp3el.exe
2010-05-22 20:27 . 2010-03-21 00:06    139152    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2010-05-22 20:26 . 2010-03-21 00:06    111928    ----a-w-    c:\windows\system32\PnkBstrB.exe
2010-05-22 20:10 . 2010-03-21 00:06    22328    ----a-w-    c:\users\PowerChaos\AppData\Roaming\PnkBstrK.sys
2010-05-22 20:10 . 2010-03-21 00:06    22328    ----a-w-    c:\users\PowerChaos\AppData\Roaming\PnkBstrK.sys
2010-05-22 20:10 . 2010-03-21 00:06    66872    ----a-w-    c:\windows\system32\PnkBstrA.exe
2010-05-22 20:10 . 2010-05-22 20:10    674600    ----a-w-    c:\windows\system32\pbsvc.exe
2010-05-22 20:06 . 2009-07-02 14:15    --------    d-----w-    c:\program files\GameSpy Arcade
2010-05-22 19:37 . 2009-06-13 16:01    530    ----a-w-    c:\windows\eReg.dat
2010-05-19 20:30 . 2010-05-19 20:30    --------    d-----w-    c:\program files\Livestream Procaster
2010-05-19 19:59 . 2010-05-19 19:56    --------    d-----w-    c:\programdata\NCH Swift Sound
2010-05-19 19:55 . 2010-05-19 19:55    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\NCH Software
2010-05-19 15:03 . 2010-05-19 15:03    --------    d-----w-    c:\program files\Broadcaster
2010-05-19 14:55 . 2009-06-15 01:27    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Skype
2010-05-19 14:03 . 2009-06-15 01:32    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\skypePM
2010-05-17 15:50 . 2009-06-16 13:28    --------    d-----w-    c:\program files\TallStick
2010-05-17 15:09 . 2006-11-02 07:36    149560    ----a-w-    c:\windows\system32\drivers\adpu320.sys
2010-05-17 13:12 . 2010-05-17 03:55    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\AKM Antivirus 2010 Pro
2010-05-17 03:53 . 2009-07-14 22:44    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\DNA
2010-05-17 03:49 . 2010-05-17 03:49    --------    d-----w-    c:\program files\SWF Decompiler Magic
2010-05-17 03:35 . 2010-05-17 03:35    --------    d-----w-    c:\program files\Common Files\SourceTec
2010-05-17 03:35 . 2010-05-17 03:35    --------    d-----w-    c:\program files\SourceTec
2010-05-17 03:07 . 2010-05-15 16:59    --------    d-----w-    c:\program files\CamStudio
2010-05-15 23:58 . 2010-02-12 14:41    --------    d-----w-    c:\program files\Domus
2010-05-15 17:32 . 2010-05-15 01:52    --------    d-----w-    c:\program files\AmazingMIDI
2010-05-15 17:32 . 2010-02-10 21:54    --------    d-----w-    c:\programdata\BVRP Software
2010-05-15 17:32 . 2010-05-15 17:32    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\InstallShield
2010-05-15 17:17 . 2010-05-15 01:57    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\dream-mp3-to-midi-converter
2010-05-15 17:16 . 2009-06-16 13:46    --------    d-----w-    c:\program files\VstPlugins
2010-05-15 17:16 . 2009-06-16 13:44    --------    d-----w-    c:\program files\Image-Line
2010-05-15 09:38 . 2010-05-15 09:38    11024    ----a-w-    c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2010-05-15 09:38 . 2010-02-12 16:15    15607    ----a-w-    c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-05-15 01:47 . 2010-05-15 01:25    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\Synthesia
2010-05-13 18:19 . 2009-08-14 18:39    6836    ----a-w-    c:\users\PowerChaos\AppData\Local\d3d9caps.dat
2010-05-13 18:17 . 2009-07-14 22:44    --------    d-----w-    c:\program files\DNA
2010-05-12 16:49 . 2010-05-12 16:49    --------    d-----w-    c:\program files\Rockstar Games
2010-05-12 09:21 . 2010-03-05 14:43    221568    ------w-    c:\windows\system32\MpSigStub.exe
2010-05-12 01:43 . 2010-05-12 01:43    --------    d-----w-    c:\programdata\DivX
2010-05-07 00:20 . 2010-05-07 00:20    --------    d-----w-    c:\program files\ijji
2010-05-05 20:40 . 2009-10-08 21:04    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\.purple
2010-05-05 10:12 . 2009-10-03 18:13    --------    d-----w-    c:\program files\Ask.com
2010-05-05 09:08 . 2010-05-02 16:17    --------    d-----w-    c:\program files\Zynga
2010-05-05 09:01 . 2010-02-11 00:47    --------    d-----w-    c:\program files\AoA DVD Ripper
2010-05-05 08:59 . 2010-04-01 10:30    --------    d-----w-    c:\program files\ElcomSoft
2010-05-05 08:57 . 2010-02-20 14:01    --------    d-----w-    c:\program files\GameHi_USA
2010-05-04 20:54 . 2010-05-04 20:54    --------    d-----w-    c:\users\PowerChaos\AppData\Roaming\PeerNetworking
2010-05-04 20:27 . 2009-08-18 19:29    --------    d-----w-    c:\programdata\PMB Files
2010-05-04 12:36 . 2010-05-04 12:36    --------    d-----w-    c:\programdata\PopCap
2010-05-04 05:59 . 2010-06-10 15:06    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 15:06    71680    ----a-w-    c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 15:06    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 15:06    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-16 04:22    2036224    ----a-w-    c:\windows\system32\win32k.sys
2010-04-29 15:37 . 2010-04-29 15:37    2137    ----a-w-    c:\windows\system32\atipblag.dat
2010-04-21 22:29 . 2009-10-08 20:21    59    ----a-w-    c:\windows\wpd99.drv
2010-04-16 16:10 . 2010-06-16 04:23    1314816    ----a-w-    c:\windows\system32\quartz.dll
2010-04-15 16:49 . 2010-03-09 17:23    1335048    ----a-w-    c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2010-04-08 14:48 . 2010-03-16 17:47    17160    ----a-w-    c:\windows\Help\OEM\scripts\HPHCDisableObject.exe
2010-04-06 15:52 . 2010-04-27 16:39    18184    ----a-w-    c:\windows\Help\OEM\scripts\HC_Launch.exe
2009-02-20 08:11 . 2009-02-20 07:53    8192    --sha-w-    c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96}"= "c:\program files\DemonPower_Gaming\tbDem0.dll" [2010-04-15 2515552]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96}]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-02-22 10:05    2353176    ----a-w-    c:\program files\Zynga\tbZyn0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96}]
2010-04-15 10:33    2515552    ----a-w-    c:\program files\DemonPower_Gaming\tbDem0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96}"= "c:\program files\DemonPower_Gaming\tbDem0.dll" [2010-04-15 2515552]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96}]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DBB3A0A6-6A4C-4F70-A042-4CE9F1746A96}"= "c:\program files\DemonPower_Gaming\tbDem0.dll" [2010-04-15 2515552]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{dbb3a0a6-6a4c-4f70-a042-4ce9f1746a96}]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-01-20 3883856]
"Google Update"="c:\users\PowerChaos\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-20 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-20 289072]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-05-07 247144]
"Registry Repair Wizard Scheduler"="c:\program files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" [2008-11-24 1052928]
"Steam"="d:\windows.old.001\program files\steam\steam.exe" [2010-06-17 1238352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2010-01-20 2007088]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2010-01-20 144784]
"WindowsNull"="c:\windows\null.exe" [2010-05-30 517348]
"LiveZilla"="c:\program files\LiveZilla BETA\LiveZilla.exe" [2010-06-10 2776920]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]

c:\users\PowerChaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-4-17 0]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-5-28 3493264]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0aswBoot.exe /M:120882429b92

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iReboot 1.1.0.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\iReboot 1.1.0.lnk
backup=c:\windows\pss\iReboot 1.1.0.lnkCommon Startup

[HKLM\~\startupfolder\C:^Users^PowerChaos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\users\PowerChaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Users^PowerChaos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MediaRing Talk.lnk]
path=c:\users\PowerChaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MediaRing Talk.lnk
backup=c:\windows\pss\MediaRing Talk.lnkStartup

[HKLM\~\startupfolder\C:^Users^PowerChaos^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]
path=c:\users\PowerChaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-01-20 10:33    34672    ----a-w-    c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
2010-03-18 14:25    1123360    ----a-w-    c:\program files\BitDefender\BitDefender 2010\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
2009-10-19 15:05    71152    ----a-w-    c:\program files\BitDefender\BitDefender 2010\ieshow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-01-20 10:33    323392    ----a-w-    c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-01-20 10:33    691656    ----a-w-    c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
2010-01-20 10:33    2007088    ----a-w-    c:\progra~1\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-01-20 10:33    54576    ----a-w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-20 10:33    141600    ----a-w-    c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveZilla]
2010-01-20 10:33    2793768    ----a-w-    c:\program files\LiveZilla\LiveZilla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-06 00:27    26102056    ----a-r-    c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2010-01-20 10:33    210216    ----a-w-    c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2010-01-20 10:33    210216    ----a-w-    c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2010-01-20 10:33    210216    ----a-w-    c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2010-01-20 10:33    210216    ----a-w-    c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-01-20 10:34    289072    ----a-w-    c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VRS]
2010-05-23 02:45    1024004    ----a-w-    c:\program files\NCH Swift Sound\VRS\vrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23    1008184    ----a-w-    c:\program files\Windows Defender\MSASCui.exe

R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R2 StudioPro;StudioPro webcam;c:\windows\system32\DRIVERS\StudioPro.sys [2006-12-03 124416]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-20 222512]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-11-12 3403420]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-06-30 91408]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R4 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
R4 iReboot;iReboot Background Service;c:\program files\NeoSmart Technologies\iReboot\iRebootd.exe [2008-04-27 9216]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-29 721904]
R4 VMwareServerWebAccess;VMware Server Web Access;c:\program files\VMware\VMware Server\tomcat\bin\Tomcat6.exe [2010-01-20 57344]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2010-06-11 72784]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/04/06 04:12];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 16:04 87536]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 176128]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-01-19 85128]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-01-20 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2010-01-20 365952]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-05-07 92008]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2010-01-20 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2010-01-20 116096]
S2 VRSService;VRS Recording System;c:\program files\NCH Swift Sound\VRS\vrs.exe [2010-05-23 1024004]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2008-12-31 4172288]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 209920]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-03 153448]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
bdx    REG_MULTI_SZ       scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-20 10:33    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019093574-2568049517-3597755828-1000Core.job
- c:\users\PowerChaos\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-12 10:34]

2010-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1019093574-2568049517-3597755828-1000UA.job
- c:\users\PowerChaos\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-12 10:34]

2010-06-23 c:\windows\Tasks\HPCeeScheduleForPowerChaos.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-19 10:34]

2010-06-23 c:\windows\Tasks\User_Feed_Synchronization-{C1C22144-85F4-4E61-B522-E2B8CFE35474}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2604775
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=91&bd=Pavilion&pf=cnnb
IE: &AOL-werkbalk Zoeken - c:\programdata\AOL\ieToolbar\resources\nl-BE\local\search.html
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-24 20:25
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MySql]
"ImagePath"="C:/wamp/mysql/bin/mysqld-max-nt.exe"
--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MySql]
"ImagePath"="C:/wamp/mysql/bin/mysqld-max-nt.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2010-06-24  20:29:39
ComboFix-quarantined-files.txt  2010-06-24 18:29
ComboFix2.txt  2010-06-24 16:57
ComboFix3.txt  2010-06-24 14:52

Pre-Run: 5.179.469.824 bytes beschikbaar
Post-Run: 4.908.580.864 bytes beschikbaar

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4,5
- - End Of File - - A4BE7CC456A1F1E0F366EFAE239AA6B5


so far extra problems (wasnt home to watch it) , the computer dit not restart (as my vista is still online)

Greetings From PowerChaos

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 24 June 2010 - 09:58 PM

Hello

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs
    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs

    Java™ 6 Update 7

    and click on remove


Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic


"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. Log From ESET Online Scanner
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 PowerChaos

PowerChaos
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 25 June 2010 - 11:44 AM

hi,
i got a small question about the online scanner

i got a traffic limit of 100GB per month
so i do not like to use a online scanner to scan all my files ( are 250GB+ on files :S)

exept if i got the wrong idea of the online scanner , doesnt a online scanner upload all your files to scan online ?? , so it use a lot of traffic ??

if it doesnt , then i going do the online scanner , if it does then i like to ask if there is a other solution for that step ??

Thank you
Greetings From PowerChaos

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:57 PM

Posted 25 June 2010 - 01:57 PM

no it don't upload your files - this downloads a portable antivirus to your computer and scans your computer


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 PowerChaos

PowerChaos
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 26 June 2010 - 06:07 AM

hi,
here are the 2 logs

after 8 hours dit the scan still not finished
and i putted my computer in sleep mode :s (it was 7 am :s )

the scan was at 99% so i manual aborted the scan

here are the logfiles

CODE
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b785c3fb000bd1499519f33ecc7bc924
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-25 10:12:39
# local_time=2010-06-26 12:12:39 (+0100, Romance (zomertijd))
# country="Belgium"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776574 100 100 710842 115034390 0 0
# compatibility_mode=8192 67108863 100 0 179 179 0 0
# scanned=35097
# found=1
# cleaned=1
# scan_time=2298
C:\alaplaya\AvalonHeroesEU\AvaClient.exe    probably a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
esets_scanner_update returned -1 esets_gle=53251
-------
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b785c3fb000bd1499519f33ecc7bc924
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-26 11:00:26
# local_time=2010-06-26 01:00:26 (+0100, Romance (zomertijd))
# country="Belgium"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776574 100 100 713187 115036735 0 0
# compatibility_mode=8192 67108863 100 0 2524 2524 0 0
# scanned=317316
# found=12
# cleaned=0
# scan_time=46019
C:\download\DemonPower zero.exe    Win32/Parite.B virus    00000000000000000000000000000000    I
C:\Downloads\Fruity Loops Stu 8.0 RC3 XXL Producer Edition (Key Incl.) NO VIRUS\FLSTUD~1.EXE    probably a variant of Win32/Delf trojan    00000000000000000000000000000000    I
C:\GameCreate\gamecreate.exe    probably unknown NewHeur_PE virus    00000000000000000000000000000000    I
C:\Program Files\Image-Line\FL Studio 8\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll    probably a variant of Win32/Delf trojan    00000000000000000000000000000000    I
C:\Program Files\NVIDIA\TGntEx.OLE    a variant of Win32/Farfli.AK trojan    00000000000000000000000000000000    I
C:\Program Files\NVIDIA\ZGntEx.OLE    a variant of Win32/Farfli.AK trojan    00000000000000000000000000000000    I
C:\ProgramData\BitDefender\Desktop\Quarantine\temp\DemonPower.7z    Win32/Parite.B virus    00000000000000000000000000000000    I
C:\Qoobox\Quarantine\C\Windows\PRAGMAsiiteyxbvc\PRAGMAd.sys.vir    a variant of Win32/Rootkit.Kryptik.AZ trojan    00000000000000000000000000000000    I
C:\test\Easy Website.exe    Win32/Parite.B virus    00000000000000000000000000000000    I
C:\Users\All Users\BitDefender\Desktop\Quarantine\temp\DemonPower.7z    Win32/Parite.B virus    00000000000000000000000000000000    I
C:\Users\PowerChaos\Desktop\FoNeKat.Net.Tot.Sec.Key.rar    probably a variant of Win32/Agent trojan    00000000000000000000000000000000    I
C:\Users\PowerChaos\Documents\website\diskw\www\DemonPowereo.exe    Win32/Parite.B virus    00000000000000000000000000000000    I
]
i first forget to uncheck to remove infected files, i unchecked it later and i restarted the scan

here is the second log
CODE
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databaseversie: 4241

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

25/06/2010 23:15:45
mbam-log-2010-06-25 (23-15-45).txt

Scantype: Snelle scan
Objecten gescand: 132736
Verstreken tijd: 7 minuut/minuten, 34 seconde(n)

Geheugenprocessen geďnfecteerd: 0
Geheugenmodulen geďnfecteerd: 0
Registersleutels geďnfecteerd: 2
Registerwaarden geďnfecteerd: 1
Registerdata geďnfecteerd: 0
Mappen geďnfecteerd: 1
Bestanden geďnfecteerd: 4

Geheugenprocessen geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geďnfecteerd:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registerwaarden geďnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{110b50f0-4954-4300-b71d-d4de33922b3a} (Rogue.SpywareCleaner2009) -> Quarantined and deleted successfully.

Registerdata geďnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geďnfecteerd:
C:\Spyware Cleaner 2009 V3.04 (Rogue.SpywareCleaner2009) -> Quarantined and deleted successfully.

Bestanden geďnfecteerd:
C:\Users\PowerChaos\Documents\downloads\rnsetup.exe (Rogue.SpywareCleaner2009) -> Quarantined and deleted successfully.
C:\Users\PowerChaos\downloads\WebfettiSetup2.3.67.1.ZKman000 (1).exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\PowerChaos\downloads\WebfettiSetup2.3.67.1.ZKman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Spyware Cleaner 2009 V3.04\RnMenu.dll (Rogue.SpywareCleaner2009) -> Quarantined and deleted successfully.


Thank you
Greetings From PowerChaos




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users