Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Viruses removed from computer but still having problems


  • This topic is locked This topic is locked
23 replies to this topic

#1 dsnuckel

dsnuckel

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 04 January 2011 - 09:15 PM

Originally noticed a toolbar that I never installed on my computer so I deleted it right away and scanned for viruses. Used various programs and some of them found and removed viruses/malware.

Some of the viruses were the following.

Adware.Tracking Cooking, Trojan.Agent/Gen-Crypt, Trojan.Agent/Gen-IEFake, Trojan.Agent/Gen-IExplorer[Fake], and Trojan.VXGame-Variant/D removed with SuperAntiSpyware Scanner.

I am still having problems and believe there are more viruses on my computer. Some of my antivirus/spyware software will not update. It says to check the firewall but that is not the problem and usually I can get them to work in safemode.

Here is a HiJackThis Log.
I appreciate the help and let me know if you need any other logs.
Thank you!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:07:52 PM, on 1/4/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [lxebmon.exe] "C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://software.kuaiche.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AEBB7F73-E161-4F01-8CA9-4BAC6E551DFC}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxeb_device - - C:\Windows\system32\lxebcoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe

--
End of file - 7930 bytes

BC AdBot (Login to Remove)

 


#2 dsnuckel

dsnuckel
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 08 January 2011 - 02:34 PM

Viruses galore. Help please

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our MRT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the MRT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 09 January 2011 - 12:09 AM.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:25 AM

Posted 10 January 2011 - 07:15 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 dsnuckel

dsnuckel
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 10 January 2011 - 11:49 AM

Thanks for the response and the help!
The problems first started when I noticed a random toolbar in Firefox. It was called FaceMoods and I have no idea how it was downloaded. After seeing it, I knew I had Malware, a Virus, etc. so I scanned my computer. I performed several scans with Malwarebytes, Spybot Search and Destory, Ad Aware, Dr. Web CureIt, SuperAntiSpyware, and A squared. Each one I did found and removed some different malware and trojans. Now the only problem that I seem to be having is that I cannot update any of my protection software such as the ones mentioned above. I don't know if it is still a virus of some type on my computer or maybe just some settings that were changed from the viruses I removed.

Here are the two logs from OTL:

OTL logfile created on: 1/10/2011 10:38:49 AM - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\David\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.74 Gb Total Space | 7.73 Gb Free Space | 6.92% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/10 10:25:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2010/12/11 12:01:16 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/03 03:05:32 | 001,389,400 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/12/03 03:05:32 | 000,930,032 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/05/05 08:58:24 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
PRC - [2010/05/05 08:58:21 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
PRC - [2010/04/14 15:56:01 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxebcoms.exe
PRC - [2010/03/06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/01/11 12:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/10/06 15:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Wacom_TabletUser.exe
PRC - [2009/10/06 15:53:54 | 004,463,400 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
PRC - [2009/07/13 19:14:46 | 000,334,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/03/18 18:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe


========== Modules (SafeList) ==========

MOD - [2011/01/10 10:25:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
MOD - [2010/11/23 22:54:08 | 000,212,456 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 19:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 19:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 19:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 19:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 19:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 19:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 19:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 19:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 19:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 19:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/17 08:32:52 | 002,850,296 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010/12/03 03:05:32 | 001,389,400 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/04/14 15:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxebcoms.exe -- (lxeb_device)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 13:02:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/01 15:43:12 | 000,117,640 | R--- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/11 12:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009/12/02 23:06:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/10/06 15:53:54 | 004,463,400 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2009/07/13 19:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 19:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 19:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 19:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 19:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 19:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 19:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 19:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 19:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 19:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 19:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 19:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 19:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 19:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 19:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 19:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\David\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/12/16 03:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101228.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/16 03:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101228.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/12/03 03:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/12/03 03:05:33 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/11/08 18:50:30 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101228.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/19 07:57:36 | 000,072,808 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010/09/05 11:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2010/06/06 02:01:12 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/06 02:01:12 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/05 08:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2010/04/04 20:26:31 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/04/04 20:26:30 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/03/10 08:16:12 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/03/01 15:43:37 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/01 15:43:17 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/03/01 15:43:17 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/03/01 15:43:17 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2010/03/01 15:43:17 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2010/03/01 15:43:16 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/03/01 15:43:16 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/03/01 15:43:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/01 15:43:15 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/03/01 15:43:15 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/20 23:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/01/20 23:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010/01/20 23:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/12/11 01:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/30 16:55:31 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/26 19:01:06 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcVComV32.sys -- (HtcVCom32)
DRV - [2009/10/26 19:01:06 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcUsbMdmV32.sys -- (HtcUsbMdmV32)
DRV - [2009/10/07 07:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Deluxe(UVC)
DRV - [2009/10/07 07:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 07:46:14 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/28 08:33:50 | 000,228,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/08/27 17:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/08/09 15:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/07/13 19:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 19:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 19:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 19:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 19:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 19:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 19:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 19:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 19:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 19:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 19:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 19:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 19:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 19:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 19:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 19:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 19:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 19:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 19:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 19:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 19:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 19:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 19:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 19:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 19:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 19:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 19:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 19:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 19:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 19:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 19:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 19:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 19:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 19:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 19:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 19:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 19:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 19:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 19:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 18:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 18:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 18:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 18:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 17:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 17:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 17:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 17:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 17:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 17:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 17:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 17:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 17:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 17:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 17:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 17:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 17:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 17:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 17:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 16:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 16:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 16:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 16:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 16:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 16:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 16:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/13 16:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 16:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/07/13 16:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 16:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/20 13:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/04/21 20:11:52 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/04/21 20:11:52 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/04/21 20:11:52 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/03/06 10:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/11/05 13:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/10/11 05:56:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/07/29 05:41:36 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/16 13:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2005/12/01 16:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 16:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 16:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4125948152-3067564095-1165897204-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4125948152-3067564095-1165897204-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4125948152-3067564095-1165897204-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: glasser@sixxgate.com:3.5.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.2.20101112061242
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://urlseek.vmn.net/search.php?type=dns&tbn=vidtomp3dn&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/15 01:19:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/28 19:25:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 12:01:20 | 000,000,000 | ---D | M]

[2010/03/01 14:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2011/01/10 10:31:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\1pq949mm.default\extensions
[2010/04/29 08:52:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\1pq949mm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/28 22:36:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\1pq949mm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/01 14:28:51 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\1pq949mm.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a99}
[2010/10/02 15:52:51 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\1pq949mm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/15 10:21:27 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\1pq949mm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/03/01 14:28:51 | 000,000,000 | ---D | M] (Glasser) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\1pq949mm.default\extensions\glasser@sixxgate.com
[2009/11/30 16:56:48 | 000,002,055 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\1pq949mm.default\searchplugins\daemon-search.xml
[2011/01/10 10:31:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/20 21:45:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/22 11:52:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/05 11:17:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/21 14:59:30 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2010/04/15 01:19:50 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/12/13 06:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchddr.xml

O1 HOSTS File: ([2011/01/04 23:07:33 | 000,428,463 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 14749 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-4125948152-3067564095-1165897204-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-4125948152-3067564095-1165897204-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe ()
O4 - HKLM..\Run: [lxebmon.exe] C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-4125948152-3067564095-1165897204-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-4125948152-3067564095-1165897204-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10i_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4125948152-3067564095-1165897204-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4125948152-3067564095-1165897204-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-4125948152-3067564095-1165897204-1000\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\PROGRA~1\AVG\AVG10\avgrsx.exe File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe - (Stardock Corporation)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Audiogalaxy - hkey= - key= - C:\Users\David\AppData\Local\Audiogalaxy\Audiogalaxy.exe (AG Entertainment Inc)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: ContentTransferWMDetector.exe - hkey= - key= - C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: SymEFA.sys - C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {207FACB9-B9A4-37D1-76DA-69EC653D2908} - Microsoft Windows Media Player 12.0
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/10 10:25:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2011/01/06 07:05:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/01/06 07:03:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/06 06:48:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/06 06:48:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/06 06:48:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/06 06:47:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/06 06:47:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/05 22:06:24 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2011/01/05 22:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/01/05 06:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2011/01/05 06:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/01/05 06:11:41 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Anti-Malware
[2011/01/04 23:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/01/04 23:13:20 | 086,402,920 | ---- | C] (Emsi Software GmbH ) -- C:\Users\David\Desktop\a2FreeSetup.exe
[2011/01/04 23:11:59 | 004,622,344 | ---- | C] (AVG Technologies) -- C:\Users\David\Desktop\avg_free_stb_all_2011_1191_cnet(3).exe
[2011/01/03 22:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Ezprint
[2011/01/03 18:29:49 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\SUPERAntiSpyware.com
[2011/01/03 18:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/01/03 18:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/01/03 18:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/03 17:35:14 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/01/03 17:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/03 16:59:26 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxebcoin.dll
[2011/01/03 16:58:55 | 000,372,736 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\LXEBwupd.dll
[2011/01/03 16:58:55 | 000,213,672 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\LXEBwupd.exe
[2011/01/03 16:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark
[2011/01/03 16:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2011/01/03 16:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark
[2011/01/03 16:57:58 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxebcomm.dll
[2011/01/03 16:56:42 | 000,000,000 | ---D | C] -- C:\Lexmark
[2011/01/03 16:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\lx_Cats
[2011/01/03 16:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Pro200-S500 Series
[2011/01/03 16:54:07 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxebhcp.dll
[2011/01/03 16:54:07 | 000,086,183 | ---- | C] (Lexmark International) -- C:\Windows\System32\lxebcfg.dll
[2011/01/03 09:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/01/03 09:49:26 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/01/03 08:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/01/02 15:27:53 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/01/02 10:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\mediainfoplus
[2010/12/30 08:45:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/29 07:30:48 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/12/29 07:30:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/12/29 07:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2010/12/29 07:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/12/29 07:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/12/29 07:06:21 | 000,000,000 | ---D | C] -- C:\Users\David\DoctorWeb
[2010/12/28 19:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/12/28 19:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/26 11:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader
[2010/12/26 11:02:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\FlashGet
[2010/12/26 11:02:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\BITS
[2010/12/26 11:01:01 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\FlashGetBHO
[2010/12/26 11:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\FlashGet Network
[2010/12/26 08:09:14 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\WTablet
[2010/12/26 08:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2010/12/26 08:08:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
[2010/12/26 08:08:38 | 007,892,776 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\WacomTablet.cpl
[2010/12/26 08:08:28 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacommousefilter.sys
[2010/12/26 08:08:09 | 000,013,736 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvhid.sys
[2010/12/26 08:08:05 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacmoumonitor.sys
[2010/12/26 08:08:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\WTablet
[2010/12/26 08:08:00 | 000,411,432 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.dll
[2010/12/26 08:08:00 | 000,285,184 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dll
[2010/12/26 08:07:57 | 004,463,400 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
[2010/12/26 08:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2010/12/21 20:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2010/12/14 18:41:00 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/14 18:40:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/14 18:40:39 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/14 18:40:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/14 18:40:37 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/14 18:40:37 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/14 18:40:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/14 18:40:37 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/14 18:40:36 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/14 18:40:36 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/14 18:40:36 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/14 18:40:36 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/14 18:40:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/14 18:40:23 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/14 18:40:23 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/14 18:40:23 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/14 18:40:23 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2010/12/14 18:40:18 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/14 18:40:18 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/14 18:40:16 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2010/12/14 18:40:15 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/14 18:27:54 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\SD Backup
[2010/12/14 18:26:14 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Internal Phone Backup
[2010/12/11 15:15:57 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\WBFSManager
[2010/12/11 15:13:00 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\WBFS Manager Covers
[2010/12/11 15:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS
[2009/12/09 13:47:48 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxebpmui.dll
[2009/12/09 13:43:13 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxebserv.dll
[2009/12/09 13:41:21 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxebhbn3.dll
[2009/12/09 13:40:11 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxebusb1.dll
[2009/12/09 13:36:31 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeblmpm.dll
[2009/12/09 13:35:48 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxebiesc.dll
[2009/12/09 13:35:43 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxebcomc.dll
[2009/12/09 13:35:30 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxebinpa.dll
[1 C:\Users\David\Documents\*.tmp files -> C:\Users\David\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/10 10:25:58 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/10 10:25:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2011/01/10 10:20:50 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/10 10:20:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/06 18:13:29 | 000,020,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/06 18:13:28 | 000,020,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/06 18:11:22 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/01/06 18:04:35 | 1609,383,936 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/06 06:46:09 | 004,149,871 | R--- | M] () -- C:\Users\David\Desktop\C-F.exe
[2011/01/04 23:17:11 | 086,402,920 | ---- | M] (Emsi Software GmbH ) -- C:\Users\David\Desktop\a2FreeSetup.exe
[2011/01/04 23:12:14 | 004,622,344 | ---- | M] (AVG Technologies) -- C:\Users\David\Desktop\avg_free_stb_all_2011_1191_cnet(3).exe
[2011/01/04 23:07:33 | 000,428,463 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/04 23:06:26 | 000,428,463 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110104-230733.backup
[2011/01/03 22:16:42 | 000,000,378 | ---- | M] () -- C:\Windows\System32\Wacom_Tablet.dat
[2011/01/03 18:29:45 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/03 18:25:36 | 000,637,950 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/03 18:25:36 | 000,112,392 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/03 17:35:14 | 000,002,963 | ---- | M] () -- C:\Users\David\Desktop\HiJackThis.lnk
[2011/01/03 17:01:16 | 000,210,099 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2011/01/03 09:54:13 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/01/03 09:14:04 | 000,428,463 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110104-230626.backup
[2011/01/03 08:16:13 | 000,780,283 | ---- | M] () -- C:\Users\David\Desktop\rkill.exe
[2011/01/02 15:27:53 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/12/29 07:30:01 | 000,001,124 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/29 07:30:01 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/12/28 19:57:43 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/12/26 11:48:40 | 000,000,292 | ---- | M] () -- C:\Windows\System32\secustat.dat
[2010/12/26 11:08:34 | 000,000,025 | ---- | M] () -- C:\Windows\libem.INI
[2010/12/26 09:48:54 | 000,428,403 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110103-091404.backup
[2010/12/21 10:07:44 | 053,594,584 | ---- | M] () -- C:\Users\David\Desktop\aex7z6gz.exe
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/16 06:45:49 | 003,784,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/13 16:14:47 | 405,012,479 | ---- | M] () -- C:\Users\David\Desktop\Super Mario All-Stars.iso
[2010/12/12 12:56:26 | 405,012,479 | ---- | M] () -- C:\Users\David\Desktop\James Bond_ Golden Eye.iso
[2010/12/12 12:52:29 | 405,012,479 | ---- | M] () -- C:\Users\David\Desktop\New SUPER MARIO BROS. Wii.iso
[2010/12/11 16:02:34 | 000,001,608 | ---- | M] () -- C:\Users\David\Desktop\WBFSManager.exe - Shortcut.lnk
[1 C:\Users\David\Documents\*.tmp files -> C:\Users\David\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/06 06:48:53 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/06 06:48:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/06 06:48:53 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/06 06:48:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/06 06:48:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/06 06:45:44 | 004,149,871 | R--- | C] () -- C:\Users\David\Desktop\C-F.exe
[2011/01/04 20:03:15 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/01/03 22:16:48 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2011/01/03 22:16:38 | 000,000,378 | ---- | C] () -- C:\Windows\System32\Wacom_Tablet.dat
[2011/01/03 18:29:45 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/03 17:35:14 | 000,002,963 | ---- | C] () -- C:\Users\David\Desktop\HiJackThis.lnk
[2011/01/03 16:59:18 | 000,029,536 | ---- | C] () -- C:\ProgramData\lxebscan.log
[2011/01/03 16:58:03 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXEBinst.dll
[2011/01/03 16:57:50 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2011/01/03 16:56:11 | 000,001,130 | ---- | C] () -- C:\ProgramData\lxebJSW.log
[2011/01/03 16:55:40 | 000,210,099 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2011/01/03 16:54:25 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lxebsmr.dll
[2011/01/03 16:54:21 | 000,008,694 | ---- | C] () -- C:\Windows\System32\lxebcommuilogo_rtl.bmp
[2011/01/03 16:54:21 | 000,008,694 | ---- | C] () -- C:\Windows\System32\lxebcommuilogo.bmp
[2011/01/03 16:54:20 | 000,065,106 | ---- | C] () -- C:\Windows\System32\lxebprpr.chm
[2011/01/03 16:54:15 | 000,299,008 | ---- | C] () -- C:\Windows\System32\lxebsm.dll
[2011/01/03 16:53:58 | 000,002,110 | ---- | C] () -- C:\Windows\System32\lxeb.loc
[2011/01/03 09:42:38 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/01/03 08:16:11 | 000,780,283 | ---- | C] () -- C:\Users\David\Desktop\rkill.exe
[2011/01/02 18:55:55 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/12/29 07:30:01 | 000,001,124 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/12/29 07:30:01 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/12/29 07:05:20 | 053,594,584 | ---- | C] () -- C:\Users\David\Desktop\aex7z6gz.exe
[2010/12/26 11:43:13 | 405,012,479 | ---- | C] () -- C:\Users\David\Desktop\Wii Sports.iso
[2010/12/26 11:15:34 | 000,000,292 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2010/12/26 11:08:34 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/12/26 10:58:58 | 405,012,479 | ---- | C] () -- C:\Users\David\Desktop\Super Mario All-Stars.iso
[2010/12/26 08:08:43 | 001,653,980 | ---- | C] () -- C:\Windows\System32\WacomTablet.znc
[2010/12/26 08:07:50 | 000,000,112 | ---- | C] () -- C:\Windows\System32\WacomTabletUserDefaults.xml
[2010/12/21 20:54:05 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/21 20:54:02 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/12 12:53:01 | 405,012,479 | ---- | C] () -- C:\Users\David\Desktop\James Bond_ Golden Eye.iso
[2010/12/12 12:47:58 | 405,012,479 | ---- | C] () -- C:\Users\David\Desktop\New SUPER MARIO BROS. Wii.iso
[2010/12/11 16:30:42 | 405,012,479 | ---- | C] () -- C:\Users\David\Desktop\Donkey Kong Country Returns.iso
[2010/12/11 16:02:34 | 000,001,608 | ---- | C] () -- C:\Users\David\Desktop\WBFSManager.exe - Shortcut.lnk
[2010/08/02 17:25:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/08 22:34:44 | 000,000,174 | ---- | C] () -- C:\Windows\wininit.ini
[2009/11/09 02:06:50 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxebinsr.dll
[2009/11/09 02:06:48 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxebcur.dll
[2009/11/09 02:06:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxebjswr.dll
[2009/11/09 02:06:24 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxebinsb.dll
[2009/11/09 02:06:21 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxebcub.dll
[2009/11/09 02:06:12 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxebgrd.dll
[2009/11/09 02:06:05 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxebcu.dll
[2009/11/09 02:05:53 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxebins.dll
[2009/11/09 01:59:57 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxebgcfg.dll
[2009/11/02 19:54:46 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2009/10/21 04:06:20 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxebcuir.dll
[2009/10/21 04:06:18 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxebcui.dll
[2009/10/07 07:24:22 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/09/30 15:11:42 | 006,257,664 | ---- | C] () -- C:\Windows\System32\tlisimplify20.dll
[2009/09/30 15:09:14 | 012,914,688 | ---- | C] () -- C:\Windows\System32\tlidenoise30.dll
[2009/09/30 15:07:42 | 008,467,456 | ---- | C] () -- C:\Windows\System32\tlidejpeg30.dll
[2009/09/30 13:20:52 | 006,025,216 | ---- | C] () -- C:\Windows\System32\tliclean21.dll
[2009/08/03 13:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/07 05:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2009/05/26 17:51:45 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/03/11 13:32:28 | 006,772,736 | ---- | C] () -- C:\Windows\System32\tliadjust30.dll
[2009/02/14 14:33:58 | 000,027,335 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.001
[2009/02/14 14:33:50 | 000,027,335 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.dat
[2008/03/04 20:55:35 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxebvs.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 23:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< End of report >

------------------------------------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 1/10/2011 10:26:20 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\David\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.74 Gb Total Space | 7.67 Gb Free Space | 6.86% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4125948152-3067564095-1165897204-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP100_series" = Canon iP100 series
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 22
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{390B7821-3CDE-4579-B940-B0A06B86136A}" = Topaz Denoise 3
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D4B5330-CEA9-4D58-8355-74729AE527CD}" = Topaz Clean 2
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5E684419-44E3-46EE-A43C-A60082CBF4EC}" = Topaz Adjust 3
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81CB77FF-9789-4337-A46E-185F7876AC40}" = Adobe Photoshop Lightroom 2.6
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}" = Adobe Creative Suite 5 Design Premium
"{A1FB07C6-0A63-4384-B1AC-B62546F2E6D8}" = iPodRip
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A88239C1-1BFB-404C-8CAD-21939011A7C4}" = Topaz DeJpeg 3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBE5EAEC-2319-41BD-B82D-A8B3AB64E1AB}" = Topaz Simplify 2
"{BCFFAF65-50B7-4419-AFCA-A7BA797E2C3D}" = Topaz ReMask 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0242583-22AF-4E41-9B87-9C9110F8A190}" = Topaz Detail 2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"aTube Catcher" = aTube Catcher
"Canon iP100 series User Registration" = Canon iP100 series User Registration
"Canon Setup Utility 2.4" = Canon Setup Utility 2.4
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Dock" = Dell Dock
"doPDF 7 printer_is1" = doPDF 7.1 printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HandBrake" = HandBrake 0.9.3
"HTC_WModemDriver" = WModem Driver Installer
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Lexmark Pro200-S500 Series" = Lexmark Pro200-S500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"N360" = Norton Security Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"PhotomatixPro3Betax32_is1" = Photomatix Pro version 3.2
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.2
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WM Capture" = WM Capture
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4125948152-3067564095-1165897204-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Audiogalaxy" = Audiogalaxy
"f031ef6ac137efc5" = Dell Driver Download Manager
"Facebook Plug-In" = Facebook Plug-In
"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/6/2011 4:12:32 AM | Computer Name = David-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\windows
live\messenger\device manager\dpinst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/6/2011 4:13:45 AM | Computer Name = David-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "c:\program files\Adobe\adobe
media encoder cs5\PhotoshopServer.exe".Error in manifest or policy file "c:\program
files\Adobe\adobe media encoder cs5\PhotoshopServer.exe" on line 2. Multiple requestedPrivileges
elements are not allowed in manifest.

Error - 1/6/2011 4:13:59 AM | Computer Name = David-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 1/6/2011 8:49:07 AM | Computer Name = David-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary DrWeb Protection. System Error: The system cannot find the file specified.
.

Error - 1/6/2011 9:01:26 AM | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Faulting application name: REGT.cfxxe, version: 6.1.7600.16385, time
stamp: 0x4a5bc072 Faulting module name: a2hooks32.dll, version: 5.0.0.85, time stamp:
0x4cec3784 Exception code: 0xc0000005 Fault offset: 0x00002a47 Faulting process id:
0x3d0 Faulting application start time: 0x01cbada1d33fea13 Faulting application path:
C:\C-F\REGT.cfxxe Faulting module path: C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll
Report
Id: 11bdee0b-1995-11e0-a948-0015c51edd08

Error - 1/6/2011 9:01:39 AM | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Faulting application name: REGT.cfxxe, version: 6.1.7600.16385, time
stamp: 0x4a5bc072 Faulting module name: a2hooks32.dll, version: 5.0.0.85, time stamp:
0x4cec3784 Exception code: 0xc0000005 Fault offset: 0x00002a47 Faulting process id:
0x1408 Faulting application start time: 0x01cbada1da8ee3aa Faulting application path:
C:\C-F\REGT.cfxxe Faulting module path: C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll
Report
Id: 18e4703e-1995-11e0-a948-0015c51edd08

Error - 1/6/2011 9:05:24 AM | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Faulting application name: regedit.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc072 Faulting module name: a2hooks32.dll, version: 5.0.0.85, time stamp:
0x4cec3784 Exception code: 0xc0000005 Fault offset: 0x00002a47 Faulting process id:
0x9cc Faulting application start time: 0x01cbada260790dd4 Faulting application path:
C:\Windows\regedit.exe Faulting module path: C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll
Report
Id: 9f290eb2-1995-11e0-a948-0015c51edd08

Error - 1/6/2011 8:05:49 PM | Computer Name = David-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/6/2011 8:10:56 PM | Computer Name = David-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7600.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 388 Start
Time: 01cbadfe83d3a0d1 Termination Time: 0 Application Path: C:\Windows\Explorer.EXE

Report
Id: 83761c1d-19f2-11e0-99b1-001641909fa1

Error - 1/10/2011 12:20:42 PM | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Faulting application name: a2service.exe, version: 5.1.0.5, time stamp:
0x4d0b0340 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x00028c92 Faulting process id:
0x7d4 Faulting application start time: 0x01cbadfe855a027e Faulting application path:
C:\Program Files\Emsisoft Anti-Malware\a2service.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 9198ea77-1cd5-11e0-99b1-001641909fa1

[ System Events ]
Error - 1/6/2011 8:14:55 PM | Computer Name = David-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 1/6/2011 8:14:55 PM | Computer Name = David-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 1/6/2011 8:14:59 PM | Computer Name = David-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.95.3310.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 1/10/2011 12:20:42 PM | Computer Name = David-PC | Source = PNRPSvc | ID = 102
Description =

Error - 1/10/2011 12:20:42 PM | Computer Name = David-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 1/10/2011 12:20:42 PM | Computer Name = David-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 1/10/2011 12:20:44 PM | Computer Name = David-PC | Source = Service Control Manager | ID = 7034
Description = The Emsisoft Anti-Malware 5.0 - Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/10/2011 12:21:49 PM | Computer Name = David-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.95.3310.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 1/10/2011 12:21:49 PM | Computer Name = David-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.95.3310.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 1/10/2011 12:21:49 PM | Computer Name = David-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.95.3310.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.


< End of report >


Thanks a lot!

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:25 AM

Posted 10 January 2011 - 02:51 PM

Hi,

can you please run a scan with rootkit Unhookers next:

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

Please also upload the following file to MRC:
Please go to C:\Program Files\Mozilla Firefox\searchplugins and locate the file fcmdSrchddr.xml, where date and time are the date and time when you ran ComboFix.Afterwards please visit this site and follow the instructions for uploading the file.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 dsnuckel

dsnuckel
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 10 January 2011 - 03:36 PM

Ok, I downloaded and unzipped to desktop but when I run it, it goes to a blue screen everytime. The blue screen says "NORMANDY.SYS" and "PAGE_FAULT_IN_NONPAGED_AREA."
I am running Windows 7 Ultimate 32 bit and the OS version is 6.1.7600.2.0.0.256.1

I went ahead and uploaded the file you asked me to upload to the MRC.

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:25 AM

Posted 10 January 2011 - 04:08 PM

Hi,

that file seems to be related to FaceMoods. Could you please delete it and let me know if that helps.

Then please try to run gmer instead of rootkit unhooker:
Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 dsnuckel

dsnuckel
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 10 January 2011 - 04:25 PM

You provided the install instructions for RKUninstaller instead of GMER.
I found a download link to GMER and downloaded it but what should I have checked/ticked when I run the GMER scan?

thanks

#9 dsnuckel

dsnuckel
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 10 January 2011 - 04:51 PM

I just went ahead and ran GMER with everything checked. Here is the log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-10 15:50:16
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHY2120BH rev.0085000B
Running: zzcdtyhh.exe; Driver: C:\Users\David\AppData\Local\Temp\pglcapod.sys


---- System - GMER 1.0.15 ----

SSDT 85FEC558 ZwAlertResumeThread
SSDT 85FEC638 ZwAlertThread
SSDT 85FEB480 ZwAllocateVirtualMemory
SSDT 85F53ED8 ZwAlpcConnectPort
SSDT 85FE74E8 ZwAssignProcessToJobObject
SSDT 85FE7A90 ZwCreateMutant
SSDT 85FEBC20 ZwCreateSymbolicLinkObject
SSDT 86010B70 ZwCreateThread
SSDT 85FEBD10 ZwCreateThreadEx
SSDT 85FE75C8 ZwDebugActiveProcess
SSDT 85FEB650 ZwDuplicateObject
SSDT 85FEB2A0 ZwFreeVirtualMemory
SSDT 85FEC398 ZwImpersonateAnonymousToken
SSDT 85FEC478 ZwImpersonateThread
SSDT 85F68288 ZwLoadDriver
SSDT 85FEB1A0 ZwMapViewOfSection
SSDT 85FE79B0 ZwOpenEvent
SSDT 85FE8670 ZwOpenProcess
SSDT 85FEB570 ZwOpenProcessToken
SSDT 85FE77F0 ZwOpenSection
SSDT 85FE8580 ZwOpenThread
SSDT 85FEBE10 ZwProtectVirtualMemory
SSDT 85FFD788 ZwResumeThread
SSDT 85FEC8D8 ZwSetContextThread
SSDT 85FEC9B8 ZwSetInformationProcess
SSDT 85FE76A8 ZwSetSystemInformation
SSDT 85FE78D0 ZwSuspendProcess
SSDT 85FEC718 ZwSuspendThread
SSDT 85FE87A8 ZwTerminateProcess
SSDT 85FEC7F8 ZwTerminateThread
SSDT 85FEB0C0 ZwUnmapViewOfSection
SSDT 85FEB390 ZwWriteVirtualMemory

Code \SystemRoot\System32\Drivers\Normandy.SYS ExAllocatePool
Code \SystemRoot\System32\Drivers\Normandy.SYS ExAllocatePoolWithTag
Code \SystemRoot\System32\Drivers\Normandy.SYS KeDelayExecutionThread

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ExAllocatePool 82E29600 5 Bytes JMP A754F525 \SystemRoot\System32\Drivers\Normandy.SYS
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E5C599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E80F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeDelayExecutionThread 82E85E57 5 Bytes JMP A754F584 \SystemRoot\System32\Drivers\Normandy.SYS
.text ntkrnlpa.exe!RtlSidHashLookup + 224 82E88734 8 Bytes [58, C5, FE, 85, 38, C6, FE, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82E8874C 4 Bytes [80, B4, FE, 85]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82E88758 4 Bytes [D8, 3E, F5, 85]
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 82E887AC 4 Bytes CALL A36E8625
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82E88828 4 Bytes [90, 7A, FE, 85]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x90418340, 0x3EE217, 0xE8000020]
? System32\Drivers\Normandy.SYS The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [87, 71]
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [8D, 71]
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [84, 71]
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [8A, 71]
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [90, 71]
.text C:\Windows\system32\taskhost.exe[376] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\taskhost.exe[376] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\taskhost.exe[376] USER32.dll!PostMessageW 76836225 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\taskhost.exe[376] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\taskhost.exe[376] USER32.dll!mouse_event 76848146 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\taskhost.exe[376] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[376] USER32.dll!SendInput + 4 76857059 2 Bytes [A5, 71]
.text C:\Windows\system32\taskhost.exe[376] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\taskhost.exe[376] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 71940F5A
.text C:\Windows\system32\taskhost.exe[376] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71970F5A
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [87, 71]
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [8D, 71]
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [84, 71]
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [8A, 71]
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [90, 71]
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 71A30F5A
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 719D0F5A
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] USER32.dll!PostMessageW 76836225 6 Bytes JMP 719A0F5A
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 71A00F5A
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] USER32.dll!mouse_event 76848146 6 Bytes JMP 71AC0F5A
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] USER32.dll!SendInput + 4 76857059 2 Bytes [A5, 71]
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71A90F5A
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 71940F5A
.text C:\Windows\SYSTEM32\WISPTIS.EXE[480] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71970F5A
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [87, 71]
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [8D, 71]
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [84, 71]
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [8A, 71]
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [90, 71]
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 71A30F5A
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 719D0F5A
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] USER32.dll!PostMessageW 76836225 6 Bytes JMP 719A0F5A
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 71A00F5A
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] USER32.dll!mouse_event 76848146 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] USER32.dll!SendInput + 4 76857059 2 Bytes [A5, 71]
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71A90F5A
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 71940F5A
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[608] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71970F5A
.text C:\Windows\system32\Dwm.exe[744] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[744] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [87, 71]
.text C:\Windows\system32\Dwm.exe[744] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[744] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [8D, 71]
.text C:\Windows\system32\Dwm.exe[744] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[744] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [84, 71]
.text C:\Windows\system32\Dwm.exe[744] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[744] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [8A, 71]
.text C:\Windows\system32\Dwm.exe[744] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[744] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [90, 71]
.text C:\Windows\system32\Dwm.exe[744] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\Dwm.exe[744] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\Dwm.exe[744] USER32.dll!PostMessageW 76836225 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\Dwm.exe[744] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\Dwm.exe[744] USER32.dll!mouse_event 76848146 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\Dwm.exe[744] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[744] USER32.dll!SendInput + 4 76857059 2 Bytes [A5, 71]
.text C:\Windows\system32\Dwm.exe[744] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\Dwm.exe[744] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 71940F5A
.text C:\Windows\system32\Dwm.exe[744] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71970F5A
.text C:\Windows\Explorer.EXE[1448] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1448] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [87, 71]
.text C:\Windows\Explorer.EXE[1448] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1448] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [8D, 71]
.text C:\Windows\Explorer.EXE[1448] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1448] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [84, 71]
.text C:\Windows\Explorer.EXE[1448] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1448] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [8A, 71]
.text C:\Windows\Explorer.EXE[1448] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1448] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [90, 71]
.text C:\Windows\Explorer.EXE[1448] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 71940F5A
.text C:\Windows\Explorer.EXE[1448] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71970F5A
.text C:\Windows\Explorer.EXE[1448] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 71A30F5A
.text C:\Windows\Explorer.EXE[1448] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 719D0F5A
.text C:\Windows\Explorer.EXE[1448] USER32.dll!PostMessageW 76836225 6 Bytes JMP 719A0F5A
.text C:\Windows\Explorer.EXE[1448] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 71A00F5A
.text C:\Windows\Explorer.EXE[1448] USER32.dll!mouse_event 76848146 6 Bytes JMP 71AC0F5A
.text C:\Windows\Explorer.EXE[1448] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1448] USER32.dll!SendInput + 4 76857059 2 Bytes [A5, 71]
.text C:\Windows\Explorer.EXE[1448] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71A90F5A
.text C:\Windows\Explorer.EXE[1448] ws2_32.dll!connect 769948BE 6 Bytes JMP 71820F5A
.text C:\Windows\Explorer.EXE[1448] ws2_32.dll!WSALookupServiceNextW 76994C59 6 Bytes JMP 71790F5A
.text C:\Windows\Explorer.EXE[1448] ws2_32.dll!WSALookupServiceEnd 76995198 6 Bytes JMP 71760F5A
.text C:\Windows\Explorer.EXE[1448] ws2_32.dll!WSALookupServiceBeginW 7699561A 6 Bytes JMP 717C0F5A
.text C:\Windows\Explorer.EXE[1448] ws2_32.dll!listen 7699A6EA 6 Bytes JMP 717F0F5A
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [87, 71]
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [8D, 71]
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [84, 71]
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [8A, 71]
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [90, 71]
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] kernel32.dll!LoadLibraryExW 7668B6BF 5 Bytes JMP 0044649C C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] kernel32.dll!CreateRemoteThread 766CF4DB 5 Bytes JMP 004464E0 C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 71A2001E
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 719C001E
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] USER32.dll!PostMessageW 76836225 6 Bytes JMP 7199001E
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 719F001E
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] USER32.dll!mouse_event 76848146 6 Bytes JMP 71AB001E
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] USER32.dll!SendInput + 4 76857059 2 Bytes [A5, 71]
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71A8001E
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 7193001E
.text C:\Users\David\Desktop\ROOOOtKIITTTUnnnnninstallllller\l2btk.exe[1480] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 7196001E
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [81, 71]
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [87, 71]
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [84, 71]
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [8A, 71]
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 719D0F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 71970F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] USER32.dll!PostMessageW 76836225 6 Bytes JMP 71940F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 719A0F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] USER32.dll!mouse_event 76848146 6 Bytes JMP 71A60F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] USER32.dll!SendInput + 4 76857059 2 Bytes [9F, 71]
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71A30F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 718E0F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71910F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] WS2_32.dll!connect 769948BE 6 Bytes JMP 71730F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] WS2_32.dll!WSALookupServiceNextW 76994C59 6 Bytes JMP 71790F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] WS2_32.dll!WSALookupServiceEnd 76995198 6 Bytes JMP 71760F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] WS2_32.dll!WSALookupServiceBeginW 7699561A 6 Bytes JMP 717C0F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe[1904] WS2_32.dll!listen 7699A6EA 6 Bytes JMP 71700F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [87, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [8D, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [84, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [8A, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [90, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 71940F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71970F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 71A30F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 719D0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] USER32.dll!PostMessageW 76836225 6 Bytes JMP 719A0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 71A00F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] USER32.dll!mouse_event 76848146 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] USER32.dll!SendInput + 4 76857059 2 Bytes [A5, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2184] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71A90F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [78, 71] {JS 0x73}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [75, 71] {JNZ 0x73}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [7B, 71] {JNP 0x73}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [81, 71]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 71940F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 718E0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] USER32.dll!PostMessageW 76836225 6 Bytes JMP 718B0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 71910F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] USER32.dll!mouse_event 76848146 6 Bytes JMP 719D0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] USER32.dll!SendInput + 4 76857059 2 Bytes [96, 71]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 719A0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 71850F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71880F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] WS2_32.dll!connect 769948BE 6 Bytes JMP 71AC0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] WS2_32.dll!WSALookupServiceNextW 76994C59 6 Bytes JMP 71A30F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] WS2_32.dll!WSALookupServiceEnd 76995198 6 Bytes JMP 71A00F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] WS2_32.dll!WSALookupServiceBeginW 7699561A 6 Bytes JMP 71A60F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2456] WS2_32.dll!listen 7699A6EA 6 Bytes JMP 71A90F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [81, 71]
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [87, 71]
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [84, 71]
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [8A, 71]
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 719D0F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 71970F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] USER32.dll!PostMessageW 76836225 6 Bytes JMP 71940F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 719A0F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] USER32.dll!mouse_event 76848146 6 Bytes JMP 71A60F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] USER32.dll!SendInput + 4 76857059 2 Bytes [9F, 71]
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71A30F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 718E0F5A
.text C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe[2492] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71910F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [72, 71] {JB 0x73}
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [78, 71] {JS 0x73}
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [6F, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [75, 71] {JNZ 0x73}
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [7B, 71] {JNP 0x73}
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] ntdll.dll!LdrLoadDll 76FAF625 5 Bytes JMP 013513F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 717F0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71820F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] WS2_32.dll!connect 769948BE 6 Bytes JMP 064D2850 C:\Program Files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabKernel.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] WS2_32.dll!WSALookupServiceNextW 76994C59 6 Bytes JMP 719D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] WS2_32.dll!WSALookupServiceEnd 76995198 6 Bytes JMP 719A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] WS2_32.dll!WSALookupServiceBeginW 7699561A 6 Bytes JMP 71A00F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] WS2_32.dll!WSASend 769968A7 5 Bytes JMP 064D3CD0 C:\Program Files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabKernel.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] WS2_32.dll!listen 7699A6EA 6 Bytes JMP 71A30F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] WS2_32.dll!WSAConnect 7699BB9B 5 Bytes JMP 064D2A50 C:\Program Files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabKernel.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] WS2_32.dll!WSARecv 7699C29F 5 Bytes JMP 064D41B0 C:\Program Files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabKernel.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 718E0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 71880F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] USER32.dll!PostMessageW 76836225 6 Bytes JMP 71850F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 718B0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] USER32.dll!mouse_event 76848146 6 Bytes JMP 71970F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] USER32.dll!SendInput + 4 76857059 2 Bytes [90, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2600] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71940F5A
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [72, 71] {JB 0x73}
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [78, 71] {JS 0x73}
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [6F, 71]
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [75, 71] {JNZ 0x73}
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [7B, 71] {JNP 0x73}
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 717F0F5A
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71820F5A
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 718E0F5A
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 71880F5A
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] USER32.dll!PostMessageW 76836225 6 Bytes JMP 71850F5A
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 718B0F5A
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] USER32.dll!mouse_event 76848146 6 Bytes JMP 71970F5A
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] USER32.dll!SendInput + 4 76857059 2 Bytes [90, 71]
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71940F5A
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] WS2_32.dll!connect 769948BE 6 Bytes JMP 71A60F5A
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] WS2_32.dll!WSALookupServiceNextW 76994C59 6 Bytes JMP 719D0F5A
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] WS2_32.dll!WSALookupServiceEnd 76995198 6 Bytes JMP 719A0F5A
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] WS2_32.dll!WSALookupServiceBeginW 7699561A 6 Bytes JMP 71A00F5A
.text C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe[2764] WS2_32.dll!listen 7699A6EA 6 Bytes JMP 71A30F5A
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [87, 71]
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [8D, 71]
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [84, 71]
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [8A, 71]
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [90, 71]
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 71A30F5A
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 719D0F5A
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] USER32.dll!PostMessageW 76836225 6 Bytes JMP 719A0F5A
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 71A00F5A
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] USER32.dll!mouse_event 76848146 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] USER32.dll!SendInput + 4 76857059 2 Bytes [A5, 71]
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71A90F5A
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 71940F5A
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[2768] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71970F5A
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [87, 71]
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [8D, 71]
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [84, 71]
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [8A, 71]
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [90, 71]
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] USER32.dll!PostMessageW 76836225 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] USER32.dll!mouse_event 76848146 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] USER32.dll!SendInput + 4 76857059 2 Bytes [A5, 71]
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 71940F5A
.text C:\Windows\system32\WTablet\Wacom_TabletUser.exe[2872] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71970F5A
.text C:\Windows\System32\rundll32.exe[3572] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3572] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [81, 71]
.text C:\Windows\System32\rundll32.exe[3572] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3572] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [87, 71]
.text C:\Windows\System32\rundll32.exe[3572] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3572] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\System32\rundll32.exe[3572] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3572] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [84, 71]
.text C:\Windows\System32\rundll32.exe[3572] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3572] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [8A, 71]
.text C:\Windows\System32\rundll32.exe[3572] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 719D0F5A
.text C:\Windows\System32\rundll32.exe[3572] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 71970F5A
.text C:\Windows\System32\rundll32.exe[3572] USER32.dll!PostMessageW 76836225 6 Bytes JMP 71940F5A
.text C:\Windows\System32\rundll32.exe[3572] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 719A0F5A
.text C:\Windows\System32\rundll32.exe[3572] USER32.dll!mouse_event 76848146 6 Bytes JMP 71A60F5A
.text C:\Windows\System32\rundll32.exe[3572] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3572] USER32.dll!SendInput + 4 76857059 2 Bytes [9F, 71]
.text C:\Windows\System32\rundll32.exe[3572] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71A30F5A
.text C:\Windows\System32\rundll32.exe[3572] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 718E0F5A
.text C:\Windows\System32\rundll32.exe[3572] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71910F5A
.text C:\Windows\System32\rundll32.exe[3592] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3592] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [81, 71]
.text C:\Windows\System32\rundll32.exe[3592] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3592] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [87, 71]
.text C:\Windows\System32\rundll32.exe[3592] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3592] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\System32\rundll32.exe[3592] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3592] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [84, 71]
.text C:\Windows\System32\rundll32.exe[3592] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3592] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [8A, 71]
.text C:\Windows\System32\rundll32.exe[3592] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 719D0F5A
.text C:\Windows\System32\rundll32.exe[3592] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 71970F5A
.text C:\Windows\System32\rundll32.exe[3592] USER32.dll!PostMessageW 76836225 6 Bytes JMP 71940F5A
.text C:\Windows\System32\rundll32.exe[3592] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 719A0F5A
.text C:\Windows\System32\rundll32.exe[3592] USER32.dll!mouse_event 76848146 6 Bytes JMP 71A60F5A
.text C:\Windows\System32\rundll32.exe[3592] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3592] USER32.dll!SendInput + 4 76857059 2 Bytes [9F, 71]
.text C:\Windows\System32\rundll32.exe[3592] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71A30F5A
.text C:\Windows\System32\rundll32.exe[3592] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 718E0F5A
.text C:\Windows\System32\rundll32.exe[3592] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71910F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [87, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [8D, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [84, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [8A, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [90, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 71A30F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 719D0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] USER32.dll!PostMessageW 76836225 6 Bytes JMP 719A0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 71A00F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] USER32.dll!mouse_event 76848146 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] USER32.dll!SendInput + 4 76857059 2 Bytes [A5, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71A90F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 71940F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3892] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71970F5A
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [87, 71]
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [8D, 71]
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [84, 71]
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [8A, 71]
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [90, 71]
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 71A30F5A
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 719D0F5A
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] USER32.dll!PostMessageW 76836225 6 Bytes JMP 719A0F5A
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 71A00F5A
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] USER32.dll!mouse_event 76848146 6 Bytes JMP 71AC0F5A
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] USER32.dll!SendInput + 4 76857059 2 Bytes [A5, 71]
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71A90F5A
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 71940F5A
.text C:\Users\David\Desktop\zzcdtyhh.exe[5672] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71970F5A
.text C:\Windows\explorer.exe[5768] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[5768] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [87, 71]
.text C:\Windows\explorer.exe[5768] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[5768] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [8D, 71]
.text C:\Windows\explorer.exe[5768] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[5768] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [84, 71]
.text C:\Windows\explorer.exe[5768] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[5768] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [8A, 71]
.text C:\Windows\explorer.exe[5768] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[5768] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [90, 71]
.text C:\Windows\explorer.exe[5768] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 71940F5A
.text C:\Windows\explorer.exe[5768] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71970F5A
.text C:\Windows\explorer.exe[5768] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 71A30F5A
.text C:\Windows\explorer.exe[5768] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 719D0F5A
.text C:\Windows\explorer.exe[5768] USER32.dll!PostMessageW 76836225 6 Bytes JMP 719A0F5A
.text C:\Windows\explorer.exe[5768] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 71A00F5A
.text C:\Windows\explorer.exe[5768] USER32.dll!mouse_event 76848146 6 Bytes JMP 71AC0F5A
.text C:\Windows\explorer.exe[5768] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[5768] USER32.dll!SendInput + 4 76857059 2 Bytes [A5, 71]
.text C:\Windows\explorer.exe[5768] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71A90F5A
.text C:\Windows\explorer.exe[5768] ws2_32.dll!connect 769948BE 6 Bytes JMP 717C0F5A
.text C:\Windows\explorer.exe[5768] ws2_32.dll!WSALookupServiceNextW 76994C59 6 Bytes JMP 71820F5A
.text C:\Windows\explorer.exe[5768] ws2_32.dll!WSALookupServiceEnd 76995198 6 Bytes JMP 717F0F5A
.text C:\Windows\explorer.exe[5768] ws2_32.dll!WSALookupServiceBeginW 7699561A 6 Bytes JMP 71760F5A
.text C:\Windows\explorer.exe[5768] ws2_32.dll!listen 7699A6EA 6 Bytes JMP 71790F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [87, 71]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [8D, 71]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [84, 71]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [8A, 71]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [90, 71]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 71A30F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 719D0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] USER32.dll!PostMessageW 76836225 6 Bytes JMP 719A0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 71A00F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] USER32.dll!mouse_event 76848146 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] USER32.dll!SendInput + 4 76857059 2 Bytes [A5, 71]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71A90F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 71940F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[5856] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71970F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] ntdll.dll!NtCreateFile 76F94A30 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] ntdll.dll!NtCreateFile + 4 76F94A34 2 Bytes [72, 71] {JB 0x73}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] ntdll.dll!NtDeleteValueKey 76F94CB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] ntdll.dll!NtDeleteValueKey + 4 76F94CB4 2 Bytes [78, 71] {JS 0x73}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] ntdll.dll!NtOpenFile 76F95140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] ntdll.dll!NtOpenFile + 4 76F95144 2 Bytes [6F, 71]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] ntdll.dll!NtOpenProcess 76F951F0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] ntdll.dll!NtOpenProcess + 4 76F951F4 2 Bytes [75, 71] {JNZ 0x73}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] ntdll.dll!NtSetValueKey 76F95C70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] ntdll.dll!NtSetValueKey + 4 76F95C74 2 Bytes [7B, 71] {JNP 0x73}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] ADVAPI32.dll!CreateServiceW 7657DBC1 6 Bytes JMP 717F0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] ADVAPI32.dll!CreateServiceA 76592120 6 Bytes JMP 71820F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] WS2_32.dll!connect 769948BE 6 Bytes JMP 71A60F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] WS2_32.dll!WSALookupServiceNextW 76994C59 6 Bytes JMP 719D0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] WS2_32.dll!WSALookupServiceEnd 76995198 6 Bytes JMP 719A0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] WS2_32.dll!WSALookupServiceBeginW 7699561A 6 Bytes JMP 71A00F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] WS2_32.dll!listen 7699A6EA 6 Bytes JMP 71A30F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] USER32.dll!SendMessageA 7682CC28 6 Bytes JMP 718E0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] USER32.dll!PostMessageA 7682D656 6 Bytes JMP 71880F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] USER32.dll!PostMessageW 76836225 6 Bytes JMP 71850F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] USER32.dll!SendMessageW 7683764C 6 Bytes JMP 718B0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] USER32.dll!mouse_event 76848146 6 Bytes JMP 71970F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] USER32.dll!TrackPopupMenu 76854B3B 5 Bytes JMP 6A532342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] USER32.dll!SendInput 76857055 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] USER32.dll!SendInput + 4 76857059 2 Bytes [90, 71]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5896] USER32.dll!keybd_event 7687EC9B 6 Bytes JMP 71940F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[1368] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74FF5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1368] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74FF5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1368] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74FF5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1368] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74FF5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C72494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73C55624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73C556E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C7250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73C68573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73C64D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73C650CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73C651A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73C666D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73C682CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73C68819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73C6907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73C6E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1448] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C64C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3572] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74FF5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3572] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74FF5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3572] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74FF5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3572] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74FF5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3592] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74FF5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3592] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74FF5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3592] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74FF5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3592] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74FF5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73C72494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5768] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73C55624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5768] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73C556E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73C7250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73C68573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73C64D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73C650CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73C651A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73C666D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73C682CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73C68819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73C6907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73C6E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [73C64C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\BTHUSB \Device\0000008f bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\ACPI_HAL \Device\00000063 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\BTHUSB \Device\0000008d bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001641909fa1
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001641909fa1@001fe39e219e 0xE9 0x4F 0xAC 0x0B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001641909fa1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001641909fa1@001fe39e219e 0xE9 0x4F 0xAC 0x0B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)

---- EOF - GMER 1.0.15 ----

#10 dsnuckel

dsnuckel
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 10 January 2011 - 04:57 PM

The RKUninstaller log worked after deleting that file. Here is that log

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x90418000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7548928 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 179.67 )
0x91031000 C:\Windows\system32\DRIVERS\netw5v32.sys 4272128 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x82E19000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82E19000 PnpManager 4259840 bytes
0x82E19000 RAW 4259840 bytes
0x82E19000 WMIxWDM 4259840 bytes
0x94610000 Win32k 2404352 bytes
0x94610000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8941A000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x89029000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x92C1F000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1011712 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8F6C0000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x89204000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x92D16000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 745472 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x88AFB000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xA0407000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9B87D000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8FB38000 C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys 503808 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0x88A28000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x88C34000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x89594000 C:\Windows\system32\DRIVERS\timntr.sys 438272 bytes (Acronis, Acronis True Image Backup Archive Explorer)
0xA741F000 C:\Windows\System32\Drivers\bthport.sys 409600 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x8FABC000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8FA35000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x89196000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8EB9B000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101228.001\IDSvix86.sys 372736 bytes (Symantec Corporation, IDS Core Driver)
0x8EA5A000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x91524000 C:\Windows\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0xA0525000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x8FE94000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0xA04D6000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88DA6000 C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS 323584 bytes (Symantec Corporation, Symantec Extended File Attributes)
0x948C0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9144F000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x88F48000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x88CB3000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9B814000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8FE2C000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8F63C000 C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys 270336 bytes (Symantec Corporation, BASH Driver)
0x88AB9000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8EB46000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8931E000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x892BB000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9B95A000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8FF2C000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 237568 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x90B4B000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x83229000 ACPI_HAL 225280 bytes
0x83229000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x9158E000 C:\Windows\system32\DRIVERS\SynTP.sys 225280 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x88D52000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8F798000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x88BA6000 C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS 212992 bytes (Symantec Corporation, Network Dispatch Driver)
0x8939A000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8EA28000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x89563000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0xA05C3000 C:\Windows\System32\Drivers\RDPWD.SYS 200704 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x8FEE4000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8935D000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x914BA000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x89158000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x88D17000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x88E28000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x88EFF000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x88C00000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x892F9000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0xA0587000 C:\Windows\System32\drivers\rdpdr.sys 151552 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x88BDA000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xA7483000 C:\Windows\system32\DRIVERS\rfcomm.sys 147456 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0x88FCD000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9B937000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x90BC6000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8EB1E000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xA04A8000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8F680000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x88E69000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x88E09000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x90B84000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8EABB000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x948A0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8FA93000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xA74B4000 C:\Windows\system32\DRIVERS\bthpan.sys 110592 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x8FF71000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9B995000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8FF96000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9B902000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8FF13000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x914E6000 C:\Windows\system32\drivers\sdbus.sys 102400 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8FB20000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x91576000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0xA7558000 C:\Users\David\AppData\Local\Temp\pglcapod.sys 98304 bytes
0x90BA3000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x90BE8000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x90400000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F777000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x88EC8000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x88FA8000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x88A00000 C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS 86016 bytes (Symantec Corporation, Firewall Filter Driver)
0x91510000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x91000000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x89183000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9B86A000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8EAF1000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9101A000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x9B9DC000 C:\Windows\System32\Drivers\BTHUSB.sys 73728 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x8F6A1000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x9B91B000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x914A9000 C:\Windows\system32\DRIVERS\bcm4sbxp.sys 69632 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0x893CC000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x92C09000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x88D86000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8FE83000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x88D41000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x88AA0000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x914FF000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD/MMC Driver)
0x9B9CC000 C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys 65536 bytes (Emsi Software GmbH, Emsisoft Anti-Malware File Guard)
0x8FFB0000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8938A000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x9B85A000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8EB04000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x88F38000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x88D97000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x9149A000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8FBB3000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8EAE3000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x88EBA000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88F9A000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x89000000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x88EEA000 C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS 57344 bytes (Symantec Corporation, NDIS Filter Driver)
0x8F7CC000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x88CA5000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xA74A7000 C:\Windows\system32\DRIVERS\BthEnum.sys 53248 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x915E7000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x92DE3000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x915D4000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x92DCC000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x915C7000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xA04C9000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xA05B6000 C:\Windows\System32\DRIVERS\tssecsrv.sys 53248 bytes (Microsoft Corporation, TS Security Filter Driver)
0x88E8A000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8FAB0000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0xA057B000 C:\Windows\system32\DRIVERS\NisDrvWFP.sys 49152 bytes (Microsoft Corporation, Microsoft Network Inspection System Driver)
0x88E5D000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x88F2D000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x92DF0000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8FF66000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8FE70000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x88EAF000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x90BBB000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x88EDF000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x91444000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x88D0C000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x92DD9000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x9B92D000 C:\Windows\system32\DRIVERS\MpNWMon.sys 40960 bytes (Microsoft Corporation, Network monitor driver)
0x8EB91000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8EB87000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8F78E000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xA049E000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8EB14000 C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xA05AC000 C:\Windows\system32\drivers\tdtcp.sys 40960 bytes (Microsoft Corporation, TCP Transport Driver)
0x8FF8C000 C:\Windows\system32\DRIVERS\tifsfilt.sys 40960 bytes (Acronis, Acronis True Image File System Filter)
0xA74CF000 C:\Windows\system32\DRIVERS\WSDPrint.sys 40960 bytes (Microsoft Corporation, Web Services Print Device Driver)
0x891F3000 C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys 36864 bytes (Emsi Software GmbH, Emsisoft Anti-Malware Behavior Blocker)
0x88FF0000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xA7543000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x88FC4000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x92C00000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x8900E000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA754F000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x88E00000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8EADA000 C:\Windows\system32\DRIVERS\SymIMv.sys 36864 bytes (Symantec Corporation, NDIS 6.0 Filter Driver for Windows Vista)
0x94870000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x89400000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8F6B3000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x88CFB000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x88AB1000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x88F25000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x89411000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BB7000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x88D04000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x88E97000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88E9F000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x88EA7000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x89409000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8FE7B000 C:\Windows\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
0x88E56000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x91013000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x88F93000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x88E4F000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8EAB4000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x915E1000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x88FBE000 C:\Windows\system32\drivers\pavboot.sys 24576 bytes (Panda Security, S.L., Panda Boot Driver)
0x8EB40000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xA0576000 C:\Windows\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0x8F6BC000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9B9C8000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xA754C000 C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 12288 bytes
0x915F4000 C:\Windows\system32\DRIVERS\wacomvhid.sys 12288 bytes (Wacom Technology, Virtual Hid Device)
0x8F67E000 C:\Program Files\Emsisoft Anti-Malware\a2util32.sys 8192 bytes (Emsi Software GmbH, a-squared Malware-IDS utility driver)
0x9102C000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x915C5000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0xA7503F2E Unknown thread object [ ETHREAD 0xA0D4BD48 ] , 600 bytes

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:25 AM

Posted 10 January 2011 - 05:30 PM

Well sorry about that. :whistle: Did you delete the file? Did it help in any way?

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:
    ipconfig /all
  • Let me know if you can then update your tools
If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 dsnuckel

dsnuckel
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 10 January 2011 - 05:44 PM

I did delete that file. RKUninstaller worked after I deleted that file.
I did 'ipconfig /all' like you said but I am still unable to update.

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:25 AM

Posted 10 January 2011 - 05:58 PM

Oh, I thought you meant Rootkit Unhooker started working after deleting normandy.sys, not C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchddr.xml.

Could you please temporarily disable your firewall and let me know if your software can then reach outside. Sometimes during malware infects the security utilities get corrupted and start acting crazy.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 dsnuckel

dsnuckel
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 10 January 2011 - 06:05 PM

I haven't touched the Normandy.sys file yet.

Disabled firewall but still not letting me update.

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:25 AM

Posted 10 January 2011 - 06:08 PM

Hi,

would you be willing to completely uninstall and reinstall Norton? Being unable to access the internet is a common problem with them and I would like to rule that out.

If you haven't touched the normandy.sys file, there's no need to. It's a legit file, even though not crucial to your system, it would probably just be recreated when it's next needed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users