Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox redirecting


  • This topic is locked This topic is locked
28 replies to this topic

#1 Mr Darkwater

Mr Darkwater

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 17 February 2012 - 07:03 AM

Hi all,


I have a firefox redirecting issue that has become a major threat. Narenxp (bless this man!) has been helping me fix the problem till we ran into a snag where He doesnt have the tools to rid the malware.



Here's the link to forum before:


http://www.bleepingcomputer.com/forums/topic442353.html/page__p__2594408__fromsearch__1#entry2594408



If anyone can be of help, I would be forever greatful.





Thank you in advance,


Darkwater

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:44 AM

Posted 19 February 2012 - 09:15 AM

Hello Mr Darkwater and welcome to BC.

Please read the preparation guide: http://www.bleepingcomputer.com/forums/topic34773.html
Post the required logs when ready and we will begin from there. Thank you.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 Mr Darkwater

Mr Darkwater
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 19 February 2012 - 10:49 PM

Hey Sempai,


Thanks for replying. :)


For whatever reason I wasnt able to make a DDS log. The program would load...then quit. All by itself.

Here is the GMER report:



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-19 17:49:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000080 Hitachi_HDP725032GLA360 rev.GM3OA52A
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pfaiqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAAD59FC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAADE6510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAAD7D6A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAAD5C456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAAD5C4AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAAD5C5C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAAD7D05D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAAD5C3AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAAD5C4FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAAD5C400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAAD5C572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAAD59FE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAAD7DD6F]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAAD7E025]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAAD5C848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAAD7DBDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAAD7DA45]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAADE65C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAAD59DB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAAD5A00C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAAD5C9BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAAD5AAA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAAD5C486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAAD5C4D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAAD5C5EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAAD7D3B9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAAD5C3D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAAD5C680]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAAD5C53E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAAD5C42E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAAD5C764]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAAD5C59C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAADE6658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAAD7D8C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAAD5A96A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAAD7D712]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAADEE9E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAAD7C6D0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAAD5A030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAAD5A054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAAD59E0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAAD59F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAAD7DE76]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAAD59F24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAAD59F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAAD5A078]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAADFA7A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CD8 80504574 4 Bytes CALL D0FB1B18
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 4 Bytes JMP E214F263
.text ntkrnlpa.exe!ZwCallbackReturn + 2F31 805047CD 7 Bytes [A0, D5, AA, 54, A0, D5, AA] {MOV AL, [0xa054aad5]; AAD 0xaa}
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL AAD5B00F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP AADF769C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP AADF915C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP AADFA7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB7C82000, 0x187662, 0xE8000020]
init C:\WINDOWS\system32\drivers\p17xfilt.sys entry point in "init" section [0xB7944EB0]
.text win32k.sys!EngSetLastError + 79A8 BF8242D4 5 Bytes JMP AAD5CB9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85198B 5 Bytes JMP AAD5CAD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E514 5 Bytes JMP AAD5CDE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E59F 5 Bytes JMP AAD5CFBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F812 5 Bytes JMP AAD5CABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873F30 5 Bytes JMP AAD5CF76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89DBA0 5 Bytes JMP AAD5CC0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9F7 BF8C2130 5 Bytes JMP AAD5CCA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA592 5 Bytes JMP AAD5CD14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA812 5 Bytes JMP AAD5CD4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC297 5 Bytes JMP AAD5C9F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF91348A 5 Bytes JMP AAD5CB56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF91405E 5 Bytes JMP AAD5CC6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF9169D7 5 Bytes JMP AAD5D0D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[184] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[184] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[184] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[184] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[184] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[184] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[184] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[184] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[184] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[184] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[184] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[184] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[184] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[184] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[184] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[184] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[248] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[248] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[248] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[248] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[248] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[248] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[248] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[248] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[248] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[248] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[248] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[248] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[248] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[248] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[256] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[256] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[256] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[256] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[256] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[256] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[256] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[256] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[256] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[256] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE[256] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[336] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\svchost.exe[336] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[336] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[336] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\svchost.exe[336] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\svchost.exe[336] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[336] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[336] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[336] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\svchost.exe[336] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\svchost.exe[336] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\svchost.exe[336] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\svchost.exe[336] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[492] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[492] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[504] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[504] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[504] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[504] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[504] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[504] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[504] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[504] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[504] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[504] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[504] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[504] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[504] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[504] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[628] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[628] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[628] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[628] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[628] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[628] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[628] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[628] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[628] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[628] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[628] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Logitech\SetPoint\LBTWiz.exe[628] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\Explorer.EXE[876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[876] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[876] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[876] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[876] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[876] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[876] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[876] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[876] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[876] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[876] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[876] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[876] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[876] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[876] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[876] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012D5B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 02EF1014
.text C:\Program Files\Mozilla Firefox\firefox.exe[976] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 02EF0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[976] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 02EF0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[976] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 02EF0C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[976] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 02EF0E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[976] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 02EF01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[976] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 02EF03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[976] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 02EF0600
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[1004] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[1004] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[1004] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[1004] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[1004] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[1004] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[1004] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[1004] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[1004] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[1004] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe[1004] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1016] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1016] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1016] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1016] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1016] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1016] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1016] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1016] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1016] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1016] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1016] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1016] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1016] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1016] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1016] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[1016] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Rundll32.exe[1140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\Rundll32.exe[1140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Rundll32.exe[1140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\Rundll32.exe[1140] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Rundll32.exe[1140] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\Rundll32.exe[1140] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\Rundll32.exe[1140] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\Rundll32.exe[1140] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\Rundll32.exe[1140] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\Rundll32.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\Rundll32.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\Rundll32.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\Rundll32.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\Rundll32.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\Rundll32.exe[1140] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\Rundll32.exe[1140] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\Rundll32.exe[1140] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1148] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1148] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1148] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1148] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1148] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1148] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1148] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1148] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1148] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1148] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00431014
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1148] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00430804
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1148] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00430A08
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1148] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00430C0C
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1148] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00430E10
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1148] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004301F8
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1148] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004303FC
.text C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe[1148] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00430600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1156] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1156] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1156] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1156] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1156] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1156] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1156] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1156] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1156] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1156] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1156] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1156] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1156] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1156] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1156] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1156] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1168] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[1212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[1212] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1212] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[1212] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[1212] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[1212] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[1212] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[1212] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[1212] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[1212] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[1212] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[1212] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[1212] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[1212] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[1212] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Yandex\Updater\praetorian.exe[1236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Yandex\Updater\praetorian.exe[1236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Yandex\Updater\praetorian.exe[1236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Yandex\Updater\praetorian.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Yandex\Updater\praetorian.exe[1236] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Yandex\Updater\praetorian.exe[1236] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Yandex\Updater\praetorian.exe[1236] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Yandex\Updater\praetorian.exe[1236] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Yandex\Updater\praetorian.exe[1236] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Yandex\Updater\praetorian.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Yandex\Updater\praetorian.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Yandex\Updater\praetorian.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Yandex\Updater\praetorian.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Yandex\Updater\praetorian.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Yandex\Updater\praetorian.exe[1236] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Yandex\Updater\praetorian.exe[1236] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Documents and Settings\Administrator\Local Settings\Application Data\Yandex\Updater\praetorian.exe[1236] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\System32\smss.exe[1244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\csrss.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1324] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1356] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1356] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[1356] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[1356] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[1356] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[1356] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[1356] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[1356] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[1356] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[1356] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[1356] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[1356] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[1356] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[1356] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[1400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1400] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1400] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1400] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1400] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[1400] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[1400] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[1400] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[1400] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[1400] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[1400] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[1400] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[1400] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[1400] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[1400] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[1400] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[1400] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[1412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1412] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1412] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1412] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1412] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[1412] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1412] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1412] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[1412] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[1412] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1412] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1412] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[1412] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[1412] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[1412] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[1412] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1592] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1612] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1612] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1612] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1612] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1612] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 007D1014
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 007D0804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 007D0A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 007D0C0C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 007D0E10
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007D01F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007D03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 007D0600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 007E0804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106C01A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106C0135 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 10450924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 007E0A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 007E0600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007E01F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007E03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1656] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10450ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1796] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1796] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1796] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1796] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1796] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1796] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1796] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1796] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1796] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1796] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1796] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1796] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1796] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004D0804
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1796] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004D0A08
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1796] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004D0600
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1796] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004D01F8
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1796] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004D03FC
.text C:\Program Files\War-ftpd\WarTrayIcon.exe[1864] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\War-ftpd\WarTrayIcon.exe[1864] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\War-ftpd\WarTrayIcon.exe[1864] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\War-ftpd\WarTrayIcon.exe[1864] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\War-ftpd\WarTrayIcon.exe[1864] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\War-ftpd\WarTrayIcon.exe[1864] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\War-ftpd\WarTrayIcon.exe[1864] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\War-ftpd\WarTrayIcon.exe[1864] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\War-ftpd\WarTrayIcon.exe[1864] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\War-ftpd\WarTrayIcon.exe[1864] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\War-ftpd\WarTrayIcon.exe[1864] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\War-ftpd\WarTrayIcon.exe[1864] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\War-ftpd\WarTrayIcon.exe[1864] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\War-ftpd\WarTrayIcon.exe[1864] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\War-ftpd\WarTrayIcon.exe[1864] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\War-ftpd\WarTrayIcon.exe[1864] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\War-ftpd\WarTrayIcon.exe[1864] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\svchost.exe[1880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1880] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1880] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1880] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1880] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1880] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1880] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1880] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1880] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1880] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1880] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1880] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1880] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1880] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1880] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1880] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1880] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe[1912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe[1912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe[1912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe[1912] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe[1912] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe[1912] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe[1912] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe[1912] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe[1912] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe[1912] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe[1912] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe[1912] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe[1912] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe[1912] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe[1912] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe[1912] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe[1912] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\spoolsv.exe[2640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[2640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[2640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[2640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[2640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[2640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[2640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[2640] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[2640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[2640] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[2640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[2640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[2640] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[2640] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[2640] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[2780] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2780] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2780] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2780] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2780] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2780] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2780] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2780] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2780] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2840] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\CTsvcCDA.exe[3040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\CTsvcCDA.exe[3040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\CTsvcCDA.exe[3040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\CTsvcCDA.exe[3040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\CTsvcCDA.exe[3040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\CTsvcCDA.exe[3040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\CTsvcCDA.exe[3040] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\CTsvcCDA.exe[3040] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\CTsvcCDA.exe[3040] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\CTsvcCDA.exe[3040] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\CTsvcCDA.exe[3040] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\CTsvcCDA.exe[3040] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\CTsvcCDA.exe[3040] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\CTsvcCDA.exe[3040] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\CTsvcCDA.exe[3040] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\CTsvcCDA.exe[3040] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\CTsvcCDA.exe[3040] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[3136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3136] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3136] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[3136] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3136] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[3136] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[3136] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[3136] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[3136] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[3136] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3136] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[3136] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[3136] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[3136] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[3136] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[3136] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3136] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3300] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[3300] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[3300] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[3300] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[3300] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[3300] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[3300] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[3300] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[3300] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[3332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[3332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[3332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[3332] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[3332] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[3332] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[3332] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[3332] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[3332] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[3332] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[3332] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[3332] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[3332] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[3332] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[3332] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[3332] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[3332] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x84 0xA9 0x1E 0x20 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB7160$\3309505285 0 bytes
File C:\WINDOWS\$NtUninstallKB7160$\343478145 0 bytes
File C:\WINDOWS\$NtUninstallKB7160$\343478145\L 0 bytes
File C:\WINDOWS\$NtUninstallKB7160$\343478145\U 0 bytes

---- EOF - GMER 1.0.15 ----

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:44 AM

Posted 20 February 2012 - 01:38 AM

Thanks for trying, let's run some more scans to fully understand the situation.


:step1: Download OTL by OldTimer from one of the links below:

Link 1
Link 2

  • Save it to your desktop.
  • Close all open windows on the Task Bar.
  • Double click the OTL icon to run the program (run as Administrator for Windows Vista/7).
  • Put a check mark on Scan All Users.
  • Click the Run Scan button and let it run uninterrupted.
  • It will create two reports namely OTL.txt (will be opened) and Extras.txt (will be minimized).
  • Post the contents of both reports when you reply.
  • Exit OTL.


:step2: Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Note: Do not install Avast anti virus when offered.



:step3: Please download Listparts
Run the tool, click Scan and post the log (Result.txt) it makes.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 Mr Darkwater

Mr Darkwater
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 21 February 2012 - 02:52 AM

OTL:







logfile created on: 2/20/2012 9:20:57 PM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 84.48% Memory free
5.34 Gb Paging File | 4.99 Gb Available in Paging File | 93.42% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 131.98 Gb Free Space | 44.28% Space Free | Partition Type: NTFS
Drive F: | 111.79 Gb Total Space | 22.49 Gb Free Space | 20.12% Space Free | Partition Type: NTFS
Drive L: | 1863.01 Gb Total Space | 1548.70 Gb Free Space | 83.13% Space Free | Partition Type: NTFS
Drive N: | 7.47 Gb Total Space | 3.94 Gb Free Space | 52.81% Space Free | Partition Type: FAT32

Computer Name: PAST-594BFF0499 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/20 21:17:37 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/02/14 13:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/11/28 08:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 08:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/03/30 19:19:54 | 000,851,768 | ---- | M] (ООО ЯНДЕКС) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Yandex\Updater\praetorian.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2009/02/19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/02/19 00:30:36 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\LBTWiz.exe
PRC - [2009/02/19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
PRC - [2009/02/19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/06/22 23:49:27 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/09 14:53:46 | 000,405,504 | ---- | M] (DropShots) -- C:\Program Files\DropBox\DropBox\DropBox.exe
PRC - [2007/02/28 17:50:50 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2006/09/22 02:40:12 | 000,028,160 | ---- | M] (Jgaa's Internet (www.jgaa.com)) -- C:\Program Files\War-ftpd\WarTrayIcon.exe
PRC - [2005/11/04 18:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 12:43:42 | 001,712,640 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12022002\algo.dll
MOD - [2012/02/19 22:11:59 | 001,712,640 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12022000\algo.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2007/08/13 20:45:02 | 000,077,824 | ---- | M] () -- C:\WINDOWS\system32\ctmmactl.dll
MOD - [2007/05/07 14:59:08 | 000,137,216 | R--- | M] () -- C:\WINDOWS\system32\OemSpi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (npkcmsvc)
SRV - [2011/11/28 08:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/07/13 04:00:16 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/02/14 04:05:51 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2003/05/13 20:45:04 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - [2012/02/11 15:24:24 | 000,024,064 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2011/11/28 07:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 07:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 07:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 07:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 07:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 07:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 07:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/13 04:00:14 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/11/09 16:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Pro Webcam C910(UVC)
DRV - [2010/11/09 16:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/09 16:46:28 | 000,020,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2010/06/24 13:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliandMP)
DRV - [2010/06/24 13:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliand)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/10/18 15:13:28 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/04 02:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 02:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 02:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 02:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 02:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 02:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 02:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 02:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 02:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/03/23 14:07:28 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/23 14:07:26 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/18 23:43:54 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/18 23:43:18 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/12/18 23:43:12 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/12/18 23:43:06 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/11/18 12:09:45 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/02/25 19:51:42 | 002,863,616 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/02/25 09:41:28 | 000,329,240 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2008/02/25 09:41:18 | 000,134,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2008/02/25 09:41:14 | 000,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2008/02/25 09:41:10 | 000,286,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/11/20 23:06:26 | 001,174,528 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17xfi.sys -- (P17xfi)
DRV - [2007/10/10 01:31:08 | 001,664,384 | R--- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\p17xfilt.sys -- (p17xfilt)
DRV - [2007/06/15 02:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/01/03 17:25:18 | 000,027,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2006/12/28 06:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/11/14 20:34:00 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/07 01:30:52 | 000,162,176 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2006/05/23 17:48:07 | 000,061,952 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2006/05/23 17:48:02 | 000,158,720 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2006/05/23 17:47:44 | 001,170,432 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2006/05/23 17:46:58 | 000,548,352 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2006/05/23 17:46:32 | 000,160,768 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2006/05/23 17:46:02 | 000,536,576 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2006/05/23 17:45:48 | 000,087,552 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2006/04/24 07:52:28 | 000,100,736 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/02/17 01:28:32 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/17 01:28:30 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/07 17:54:52 | 000,114,688 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/12/07 17:54:44 | 000,142,336 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/03 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/08/12 16:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-839522115-1614895754-2147062339-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
IE - HKU\S-1-5-21-839522115-1614895754-2147062339-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKU\S-1-5-21-839522115-1614895754-2147062339-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2475029
IE - HKU\S-1-5-21-839522115-1614895754-2147062339-500\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-839522115-1614895754-2147062339-500\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - No CLSID value found
IE - HKU\S-1-5-21-839522115-1614895754-2147062339-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-839522115-1614895754-2147062339-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-839522115-1614895754-2147062339-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/11 15:39:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 04:20:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/27 14:11:03 | 000,000,000 | ---D | M]

[2009/02/18 16:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/02/18 16:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/01/30 22:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wcu9duep.default\extensions
[2010/06/25 00:30:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wcu9duep.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/09 00:55:56 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wcu9duep.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/01/19 13:57:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wcu9duep.default\extensions\engine@conduit.com
[2011/07/03 11:06:16 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wcu9duep.default\searchplugins\askcom.xml
[2012/02/11 15:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/17 04:20:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/08 07:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/08 07:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2010/02/08 19:22:34 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
O2 - BHO: ( ) - {C93F72A2-2162-4BBA-A07A-F13663C297A6} - C:\Program Files\Yandex\YandexBarIE\fastdial.dll (ООО ЯНДЕКС)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Яндекс.Бар) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll (ООО ЯНДЕКС)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Яндекс.Бар) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll (ООО ЯНДЕКС)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Яндекс.Бар) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll (ООО ЯНДЕКС)
O3 - HKU\S-1-5-21-839522115-1614895754-2147062339-500\..\Toolbar\WebBrowser: (Яндекс.Бар) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll (ООО ЯНДЕКС)
O3 - HKU\S-1-5-21-839522115-1614895754-2147062339-500\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [DropBoxUtility] C:\Program Files\DropBox\DropBox\DropBox.exe (DropShots)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\SPIRun.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\Run: [kell] c:\program Files\Manson\liser.exe File not found
O4 - HKU\S-1-5-18..\Run: [kell] c:\program Files\Manson\liser.exe File not found
O4 - HKU\S-1-5-21-839522115-1614895754-2147062339-500..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-839522115-1614895754-2147062339-500..\Run: [Praetorian] C:\Documents and Settings\Administrator\Local Settings\Application Data\Yandex\Updater\praetorian.exe (ООО ЯНДЕКС)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\War FTPD Tray icon.lnk = C:\Program Files\War-ftpd\WarTrayIcon.exe (Jgaa's Internet (www.jgaa.com))
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1614895754-2147062339-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1614895754-2147062339-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1879A4ED-353E-4679-AF20-5B82CBAF86DC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~1\Manson\liser.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/21 20:07:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c8a6ef16-c18e-11de-9eb2-001d601bb65c}\Shell - "" = AutoRun
O33 - MountPoints2\{c8a6ef16-c18e-11de-9eb2-001d601bb65c}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\Administrator\Desktop\[Torrentsworld.net] - VA-Promo Only Caribbean Series February-2010-XXL torrent [loadthedecks com].torrent
File not found -- C:\Documents and Settings\Administrator\Desktop\[Torrentsworld.net] - Sony Sound Forge PRO 10 0 + KEYGEN [Professional Sound Editor] [ h33t ].torrent
File not found -- C:\Documents and Settings\Administrator\Desktop\[Torrentreactor.to] - Spartacus Blood and Sand S01E14 HDTV XviD-SYS.torrent
[2012/02/20 21:17:36 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/02/19 15:03:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/02/19 12:36:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/02/12 20:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/12 20:01:32 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2012/02/12 11:35:24 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/02/12 11:16:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/12 11:12:43 | 002,061,360 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2012/02/11 15:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2012/02/11 12:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2012/02/11 12:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\10.02.12 (Mixshow Ingredients 60, 61 ) Only Fresh Club Music!
[2012/02/11 03:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/02/11 03:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/02/06 12:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New House
[2012/02/04 15:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Dj Software
[2012/02/04 15:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\DJ Ant-Lo - Too Short - Greatest Hits
[2012/02/04 14:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Hot 80's 24
[2012/02/04 11:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Random 7
[2012/01/30 21:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HMA! Pro VPN
[2012/01/30 21:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\HMA! Pro VPN
[2012/01/27 17:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 My MP3 3.1
[2012/01/27 16:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2012/01/24 06:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Tech House
[2009/06/18 13:16:36 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\setup_ldm.iss
[2009/04/14 11:02:05 | 000,000,209 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\default.rss
[2008/11/18 12:22:51 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml
[2008/11/18 12:22:43 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2008/11/18 12:22:43 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2008/11/18 12:22:43 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2008/11/18 12:22:43 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2008/07/10 15:25:05 | 000,005,087 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ywasvxup.hvs
[2008/07/08 00:55:13 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/24 03:06:10 | 029,971,234 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Administrator\Desktop\[Torrentsworld.net] - VA-Promo Only Caribbean Series February-2010-XXL torrent [loadthedecks com].torrent
File not found -- C:\Documents and Settings\Administrator\Desktop\[Torrentsworld.net] - Sony Sound Forge PRO 10 0 + KEYGEN [Professional Sound Editor] [ h33t ].torrent
File not found -- C:\Documents and Settings\Administrator\Desktop\[Torrentreactor.to] - Spartacus Blood and Sand S01E14 HDTV XviD-SYS.torrent
[2012/02/20 21:17:37 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/02/20 21:12:45 | 000,013,702 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/20 21:12:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/20 00:54:14 | 002,224,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/19 15:06:12 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2012/02/19 15:05:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/02/19 15:03:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/02/19 15:01:21 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2012/02/19 05:30:03 | 000,015,499 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\514LVi40gGL._SL500_AA300_.jpg
[2012/02/18 15:06:06 | 014,026,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spencer & Hill - A Million (Original Mix) www.livingelectro.com.mp3
[2012/02/18 14:54:01 | 012,005,331 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Michel Tel - Ai Se Eu Te Pego (LX-Tronix Softmix) www.LivingElectro.com.mp3
[2012/02/18 14:32:39 | 016,699,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Deadmau5 - Maths (Original Mix) www.livingelectro.com.mp3
[2012/02/18 14:32:37 | 011,856,689 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sean Finn - Show Me Love 2K12 (Bodybangers Remix) www.livingelectro.com.mp3
[2012/02/18 14:23:29 | 012,286,868 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Razat BASS OVERLOAD (Urban Assault Remix)www.livingelectro.com(1).mp3
[2012/02/18 14:23:27 | 012,286,868 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Razat BASS OVERLOAD (Urban Assault Remix)www.livingelectro.com.mp3
[2012/02/18 14:22:49 | 013,683,264 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Tiger & Wolf Feed The Beast (F.O.O.L Remix)www.livingelectro.com.mp3
[2012/02/18 14:21:05 | 010,500,093 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Swedish House Mafia & Knife Party - Antidote (Schoolboy Remix)www.livingelectro.com.mp3
[2012/02/18 02:52:57 | 006,197,452 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JLS_-_Do_You_Feel_What_I_Feel.mp3
[2012/02/18 02:39:38 | 012,848,247 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ Rihanna - You Da One (Gregor Salto Amsterdam Club Mix).mp3
[2012/02/17 11:56:23 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/17 11:56:23 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Dropbox.lnk
[2012/02/17 03:58:51 | 010,153,920 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Nicolas_Jaar_Work_It_Bluewave_EDIT.mp3
[2012/02/17 03:47:02 | 015,057,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Foster The People - Pumped Up Kicks (RLYNX Rmx).mp3
[2012/02/17 03:46:51 | 018,118,113 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Souls Of Mischief - 93' til Infinity (Hannes Fischer Remix).mp3
[2012/02/17 03:35:39 | 013,870,528 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Radiohead - Codex (Hannes Fischer Edit).mp3
[2012/02/17 03:33:34 | 014,224,251 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Gotye Feat. Kimbra - Somebody That I Used To Know (Hannes Fischer Remix).mp3
[2012/02/17 03:26:34 | 016,435,117 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Gotye ft. Kimbra - Somebody That I Used To Know (Alex Cruz Remix).mp3
[2012/02/15 03:20:17 | 023,226,119 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\09 - T.J.M. (aka Thomas Tom Jerome Moulton) - I don't need no music (Casablanca LP cut, 1979).mp3
[2012/02/15 01:55:53 | 021,096,951 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2.dj_dan_-_put_that_record_back_on_(h-foundation_mix).mp3
[2012/02/15 01:30:54 | 012,386,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Basic J - The Drums (Club Mix).mp3
[2012/02/15 01:30:07 | 010,474,579 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\(REMIX) Michael Jackson Vs. Lionel Richie - Wannabe all night long.mp3
[2012/02/15 01:26:41 | 012,464,128 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\11th Street - Billy Dream (Illicit White Label).mp3
[2012/02/15 01:12:44 | 002,211,335 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SHAKEDOWN - At Night (Acapella).mp3
[2012/02/15 00:48:15 | 003,486,090 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\To Kool Chris - 05 - The Roof Is On Fire (Bonus Insane Dub).mp3
[2012/02/14 22:18:30 | 000,396,041 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MiniToolBox.exe
[2012/02/12 20:01:40 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2012/02/12 11:35:54 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/02/12 11:15:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/12 11:14:44 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\imtgiucr.exe
[2012/02/11 16:59:22 | 002,061,360 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2012/02/11 15:39:31 | 000,002,638 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/02/11 15:24:24 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/02/11 15:12:02 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/11 12:50:00 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/06 11:17:10 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/02/06 11:17:00 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/06 08:25:24 | 433,747,967 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Gantz.II.Perfect.Answer.2011.720p.BDRiP.XViD.AC3-EXQUiSiTE.avi
[2012/02/05 15:09:15 | 016,122,883 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Kim Karner - Bete Davis Eyes (Viktor Mora & Naccarati Remix Bootleg).mp3
[2012/02/05 14:25:10 | 015,018,804 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Good bleep Night (Chuckie Smash Crank Bootleg) www.livingelectro.com.mp3
[2012/02/05 13:24:33 | 009,657,052 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Mord_Fustang_vs._Chuckie_-_Magic_Troopers_in_Vegas_(Rokcity_Bootleg)_www.music4you.hu.mp3
[2012/02/05 13:19:14 | 008,933,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Rundfunk & EDDR - Pinup (Original Mix)[www.LivingElectro.com].mp3
[2012/02/05 13:14:29 | 009,164,126 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DJ Ozi - Rock It (Original Mix).mp3
[2012/02/05 13:06:06 | 012,070,912 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Afrojack & R3hab - Prutataaa (Dada Life Remix) www.livingelectro.com.mp3
[2012/02/05 12:58:25 | 010,295,424 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Deadmau5 - Cthulhu Dreams www.livingelectro.com.mp3
[2012/02/05 12:50:34 | 012,331,008 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Klaas Ft. Carlprit - Do What You Do (Bodybangers Remix) www.livingelectro.com.mp3
[2012/02/05 12:49:51 | 018,059,970 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Greg Parys - Get Sexy (Extended Mix) www.livingelectro.com.mp3
[2012/02/05 12:45:40 | 011,584,097 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Looks Like Sex (It's The DJ Kue Remix!) (livingelectro.com).mp3
[2012/02/05 12:42:02 | 012,351,578 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Insane (Cold Blank Remix) (www.livingelectro.com).mp3
[2012/02/04 15:16:45 | 003,251,200 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Evan's List.USR
[2012/02/04 12:14:50 | 013,718,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\06 Soda (Instrumental).mp3
[2012/02/04 12:04:10 | 014,478,177 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Peter Brown - Dance with me (Lac's less Peter edit).mp3
[2012/02/04 11:53:19 | 014,971,298 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Pictures_Edit_Masterd.mp3
[2012/01/30 23:17:34 | 015,526,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Birthday_Cake_Intro_DirtyExtended_Mix.mp3
[2012/01/30 21:49:34 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HMA! Pro VPN.lnk
[2012/01/30 08:58:51 | 009,895,506 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DJ Hero-B Boy Hustle Original Mix -www.mrtzcmp3.net.mp3
[2012/01/29 07:03:51 | 009,299,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Slum_Village_ft_Kanye_West_John_Legend_Selfish_M_M.mp3
[2012/01/29 07:01:50 | 007,650,240 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Flyyyyyyyy.mp3
[2012/01/29 07:00:08 | 007,650,240 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Flyyyyyyyy M Mac Beats.mp3
[2012/01/29 06:27:49 | 014,313,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Smashing_Pumpkins_1979_Virgin_Magnetic_Material_Re.mp3
[2012/01/29 06:21:10 | 012,790,080 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Peter_Gabriel_In_Your_Eyes_Virgin_Magnetic_Materia(2).mp3
[2012/01/29 06:05:03 | 011,076,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Fleetwood_Mac_Dreams_Virgin_Magnetic_Material_Remi.mp3
[2012/01/29 05:52:31 | 012,308,195 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Fleetwood_Mac_Landslide_Virgin_Magnetic_Material_R(1).mp3
[2012/01/29 05:46:36 | 012,308,195 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Fleetwood_Mac_Landslide_Virgin_Magnetic_Material_R.mp3
[2012/01/29 05:42:52 | 011,116,835 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bobby_McFerrin_Thinkin_About_Your_Body_Virgin_Magn(1).mp3
[2012/01/29 04:05:46 | 010,494,310 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Death-Cab-For-Cutie-Underneath-the-Sycamore-Dillon-Francis-Remix.mp3
[2012/01/23 21:08:26 | 008,038,519 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\06-skrillex-kyoto_feat._sirah_(original_mix).mp3
[2012/01/22 22:30:00 | 000,860,987 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\eJazzGrass0815.jpg
[2012/01/22 22:30:00 | 000,820,822 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\eJazzBack0813.jpg
[2012/01/22 22:30:00 | 000,626,609 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\eJazzTunnel0799.jpg
[2012/01/22 22:30:00 | 000,538,825 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\eJazzBF0827.jpg
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/20 00:53:23 | 002,224,056 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/19 15:06:20 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2012/02/19 15:06:12 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2012/02/19 15:05:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/02/19 15:01:21 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2012/02/19 05:30:03 | 000,015,499 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\514LVi40gGL._SL500_AA300_.jpg
[2012/02/18 15:05:15 | 014,026,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spencer & Hill - A Million (Original Mix) www.livingelectro.com.mp3
[2012/02/18 14:53:21 | 012,005,331 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Michel Tel - Ai Se Eu Te Pego (LX-Tronix Softmix) www.LivingElectro.com.mp3
[2012/02/18 14:31:56 | 011,856,689 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sean Finn - Show Me Love 2K12 (Bodybangers Remix) www.livingelectro.com.mp3
[2012/02/18 14:31:34 | 016,699,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Deadmau5 - Maths (Original Mix) www.livingelectro.com.mp3
[2012/02/18 14:22:47 | 012,286,868 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Razat BASS OVERLOAD (Urban Assault Remix)www.livingelectro.com(1).mp3
[2012/02/18 14:22:45 | 012,286,868 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Razat BASS OVERLOAD (Urban Assault Remix)www.livingelectro.com.mp3
[2012/02/18 14:21:50 | 013,683,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Tiger & Wolf Feed The Beast (F.O.O.L Remix)www.livingelectro.com.mp3
[2012/02/18 14:20:26 | 010,500,093 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Swedish House Mafia & Knife Party - Antidote (Schoolboy Remix)www.livingelectro.com.mp3
[2012/02/18 02:52:36 | 006,197,452 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\JLS_-_Do_You_Feel_What_I_Feel.mp3
[2012/02/18 02:37:43 | 012,848,247 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ Rihanna - You Da One (Gregor Salto Amsterdam Club Mix).mp3
[2012/02/17 03:58:09 | 010,153,920 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Nicolas_Jaar_Work_It_Bluewave_EDIT.mp3
[2012/02/17 03:46:07 | 018,118,113 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Souls Of Mischief - 93' til Infinity (Hannes Fischer Remix).mp3
[2012/02/17 03:43:25 | 015,057,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Foster The People - Pumped Up Kicks (RLYNX Rmx).mp3
[2012/02/17 03:35:19 | 013,870,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Radiohead - Codex (Hannes Fischer Edit).mp3
[2012/02/17 03:31:59 | 014,224,251 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Gotye Feat. Kimbra - Somebody That I Used To Know (Hannes Fischer Remix).mp3
[2012/02/17 03:26:20 | 016,435,117 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Gotye ft. Kimbra - Somebody That I Used To Know (Alex Cruz Remix).mp3
[2012/02/17 03:11:11 | 005,851,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DJ DAVID S. - BROOKLYN MOOMBAHTON (ALVARO BEATS).mp3
[2012/02/17 02:23:34 | 008,415,607 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Nadi Ali - Pressure Vs Rapture (BeatBreaker EDIT).mp3
[2012/02/15 02:40:10 | 023,226,119 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\09 - T.J.M. (aka Thomas Tom Jerome Moulton) - I don't need no music (Casablanca LP cut, 1979).mp3
[2012/02/15 01:36:55 | 021,096,951 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\2.dj_dan_-_put_that_record_back_on_(h-foundation_mix).mp3
[2012/02/15 01:24:21 | 012,386,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Basic J - The Drums (Club Mix).mp3
[2012/02/15 01:22:17 | 012,464,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\11th Street - Billy Dream (Illicit White Label).mp3
[2012/02/15 01:11:00 | 002,211,335 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SHAKEDOWN - At Night (Acapella).mp3
[2012/02/15 01:10:45 | 010,474,579 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\(REMIX) Michael Jackson Vs. Lionel Richie - Wannabe all night long.mp3
[2012/02/15 00:48:10 | 003,486,090 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\To Kool Chris - 05 - The Roof Is On Fire (Bonus Insane Dub).mp3
[2012/02/14 22:18:28 | 000,396,041 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MiniToolBox.exe
[2012/02/12 11:14:39 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\imtgiucr.exe
[2012/02/11 15:24:24 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/02/11 15:12:02 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/11 03:09:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/06 11:17:00 | 433,747,967 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Gantz.II.Perfect.Answer.2011.720p.BDRiP.XViD.AC3-EXQUiSiTE.avi
[2012/02/05 15:08:41 | 016,122,883 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Kim Karner - Bete Davis Eyes (Viktor Mora & Naccarati Remix Bootleg).mp3
[2012/02/05 14:24:07 | 015,018,804 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Good bleep Night (Chuckie Smash Crank Bootleg) www.livingelectro.com.mp3
[2012/02/05 13:23:55 | 009,657,052 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Mord_Fustang_vs._Chuckie_-_Magic_Troopers_in_Vegas_(Rokcity_Bootleg)_www.music4you.hu.mp3
[2012/02/05 13:18:36 | 008,933,504 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Rundfunk & EDDR - Pinup (Original Mix)[www.LivingElectro.com].mp3
[2012/02/05 13:13:48 | 009,164,126 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DJ Ozi - Rock It (Original Mix).mp3
[2012/02/05 13:05:09 | 012,070,912 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Afrojack & R3hab - Prutataaa (Dada Life Remix) www.livingelectro.com.mp3
[2012/02/05 12:57:44 | 010,295,424 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Deadmau5 - Cthulhu Dreams www.livingelectro.com.mp3
[2012/02/05 12:49:50 | 012,331,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Klaas Ft. Carlprit - Do What You Do (Bodybangers Remix) www.livingelectro.com.mp3
[2012/02/05 12:48:35 | 018,059,970 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Greg Parys - Get Sexy (Extended Mix) www.livingelectro.com.mp3
[2012/02/05 12:44:54 | 011,584,097 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Looks Like Sex (It's The DJ Kue Remix!) (livingelectro.com).mp3
[2012/02/05 12:41:12 | 012,351,578 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Insane (Cold Blank Remix) (www.livingelectro.com).mp3
[2012/02/04 12:14:31 | 013,718,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\06 Soda (Instrumental).mp3
[2012/02/04 12:02:13 | 014,478,177 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Peter Brown - Dance with me (Lac's less Peter edit).mp3
[2012/02/04 11:53:08 | 014,971,298 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Pictures_Edit_Masterd.mp3
[2012/01/31 17:48:48 | 011,113,195 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DJ Khaled ft Lil Wayne- I'm On One (KillaGraham Remix).mp3
[2012/01/31 17:48:12 | 009,899,862 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DJ BeatBreaker - Pass At Me (BMore ReFix).mp3
[2012/01/31 17:48:11 | 010,633,619 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DJ BeatBreaker - bleeps In Paris (Big Room House Banger).mp3
[2012/01/31 17:46:33 | 009,018,193 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BEST OF MY LOVE (REDRUM) [WEDDING CRASHERS] 113BPM.mp3
[2012/01/31 17:46:26 | 010,031,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Awooga_Lmfao_Reedit.mp3
[2012/01/31 17:45:37 | 007,952,212 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Anthem Kingz - Moves Like Jagger (Kingz Klub Anthem).mp3
[2012/01/30 23:07:28 | 015,526,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Birthday_Cake_Intro_DirtyExtended_Mix.mp3
[2012/01/30 21:49:34 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HMA! Pro VPN.lnk
[2012/01/30 20:39:51 | 009,895,506 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DJ Hero-B Boy Hustle Original Mix -www.mrtzcmp3.net.mp3
[2012/01/29 07:02:56 | 009,299,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Slum_Village_ft_Kanye_West_John_Legend_Selfish_M_M.mp3
[2012/01/29 07:01:15 | 007,650,240 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Flyyyyyyyy.mp3
[2012/01/29 06:59:25 | 007,650,240 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Flyyyyyyyy M Mac Beats.mp3
[2012/01/29 06:25:59 | 014,313,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Smashing_Pumpkins_1979_Virgin_Magnetic_Material_Re.mp3
[2012/01/29 06:19:34 | 012,790,080 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Peter_Gabriel_In_Your_Eyes_Virgin_Magnetic_Materia(2).mp3
[2012/01/29 06:03:27 | 011,076,515 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Fleetwood_Mac_Dreams_Virgin_Magnetic_Material_Remi.mp3
[2012/01/29 05:51:15 | 012,308,195 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Fleetwood_Mac_Landslide_Virgin_Magnetic_Material_R(1).mp3
[2012/01/29 05:45:18 | 012,308,195 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Fleetwood_Mac_Landslide_Virgin_Magnetic_Material_R.mp3
[2012/01/29 05:42:00 | 011,116,835 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bobby_McFerrin_Thinkin_About_Your_Body_Virgin_Magn(1).mp3
[2012/01/29 04:03:58 | 010,494,310 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Death-Cab-For-Cutie-Underneath-the-Sycamore-Dillon-Francis-Remix.mp3
[2012/01/23 21:04:09 | 008,038,519 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\06-skrillex-kyoto_feat._sirah_(original_mix).mp3
[2012/01/22 20:31:53 | 000,860,987 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\eJazzGrass0815.jpg
[2012/01/22 20:31:53 | 000,820,822 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\eJazzBack0813.jpg
[2012/01/22 20:31:53 | 000,626,609 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\eJazzTunnel0799.jpg
[2012/01/22 20:31:53 | 000,538,825 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\eJazzBF0827.jpg
[2012/01/11 10:20:27 | 000,014,768 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\eag4kc5fuawqy03w18yfr13
[2012/01/11 10:20:27 | 000,014,768 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\eag4kc5fuawqy03w18yfr13
[2012/01/09 19:31:24 | 000,012,672 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\21juy61aha1224gursi88rlkuu5mp68jeb6v60s3u11qst
[2012/01/09 19:31:24 | 000,012,672 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\21juy61aha1224gursi88rlkuu5mp68jeb6v60s3u11qst
[2012/01/08 13:07:17 | 000,013,890 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vh2274ug1oyx06p58o312dq7k2n4tdoin474xoxa8x76pj
[2012/01/08 13:07:17 | 000,013,890 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\vh2274ug1oyx06p58o312dq7k2n4tdoin474xoxa8x76pj
[2012/01/06 10:00:03 | 000,014,098 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ly036el178fysd08075qy86316l25xr415g3pj4f0vd132
[2012/01/06 10:00:03 | 000,014,098 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ly036el178fysd08075qy86316l25xr415g3pj4f0vd132
[2011/12/25 21:17:31 | 000,012,970 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\73pv3860r11boob22dqyv76u00q75h8t
[2011/12/25 21:17:31 | 000,012,970 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\73pv3860r11boob22dqyv76u00q75h8t
[2011/12/23 07:23:02 | 000,015,166 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\cpynbl4y1krm6osb1vih2w201v3e
[2011/12/23 07:23:02 | 000,015,166 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\cpynbl4y1krm6osb1vih2w201v3e
[2011/09/28 18:31:53 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/07/26 06:48:54 | 000,026,286 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/04/10 20:04:30 | 000,000,065 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2010/11/09 16:45:32 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/11/09 16:45:30 | 010,871,128 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/11/09 16:45:20 | 000,316,248 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/10/25 16:58:20 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Configuration.xml
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/04/24 16:28:35 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2010/03/03 00:41:35 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/03/02 20:00:32 | 000,014,496 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CMa57a2rBB
[2010/03/01 18:04:31 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

========== Files - Unicode (All) ==========
(C:\Documents and Settings\All Users\Start Menu\Programs\??????) -- C:\Documents and Settings\All Users\Start Menu\Programs\Яндекс

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:036B9593
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1493A0EF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D

< End of report >















Extras:






OTL Extras logfile created on: 2/20/2012 9:20:57 PM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 84.48% Memory free
5.34 Gb Paging File | 4.99 Gb Available in Paging File | 93.42% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 131.98 Gb Free Space | 44.28% Space Free | Partition Type: NTFS
Drive F: | 111.79 Gb Total Space | 22.49 Gb Free Space | 20.12% Space Free | Partition Type: NTFS
Drive L: | 1863.01 Gb Total Space | 1548.70 Gb Free Space | 83.13% Space Free | Partition Type: NTFS
Drive N: | 7.47 Gb Total Space | 3.94 Gb Free Space | 52.81% Space Free | Partition Type: FAT32

Computer Name: PAST-594BFF0499 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- Reg Error: Value error. File not found
.inf [@ = inffile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-839522115-1614895754-2147062339-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- Reg Error: Key error.
batfile [open] -- "%1" %*
batfile [print] -- Reg Error: Key error.
cmdfile [edit] -- Reg Error: Key error.
cmdfile [open] -- "%1" %*
cmdfile [print] -- Reg Error: Key error.
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [open] -- Reg Error: Key error.
inffile [print] -- Reg Error: Key error.
inifile [print] -- Reg Error: Key error.
jsfile [edit] -- Reg Error: Key error.
jsfile [print] -- Reg Error: Key error.
jsefile [edit] -- Reg Error: Key error.
jsefile [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [edit] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [print] -- Reg Error: Key error.
txtfile [printto] -- Reg Error: Key error.
vbefile [edit] -- Reg Error: Key error.
vbefile [print] -- Reg Error: Key error.
vbsfile [edit] -- Reg Error: Key error.
vbsfile [print] -- Reg Error: Key error.
wsffile [edit] -- Reg Error: Key error.
wsffile [print] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\3361\svchost.exe" = C:\WINDOWS\system32\3361\svchost.exe:*:Enabled:SVCHOST.EXE
"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe" = C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe:*:Enabled:Soulstorm -- (THQ Canada Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:Torrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe:*:Enabled:Spotify
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AA1207-D8C6-45DC-A96D-48358EBE09F3}" = PSShortcuts
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{094074FD-1B13-7267-F786-51C9C6A76F3E}" = Catalyst Control Center Localization Polish
"{0A26C729-ECE1-F335-5E34-0C901BB8ADEF}" = ccc-core-preinstall
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{12EE8B97-720F-1CC0-F57D-BC66C5A988D0}" = CCC Help Hungarian
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{143405BB-F166-C828-BCAA-3E1A04D56C35}" = Catalyst Control Center Localization Danish
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1774ACC4-A333-EC5D-1C2D-3E4C2EF060C8}" = Catalyst Control Center Localization Hungarian
"{17766AD8-856F-FDC6-38A2-C04232E5FD22}" = Catalyst Control Center Localization Japanese
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21AF81F1-8D23-076A-313E-B0A0ADC7066C}" = Catalyst Control Center Localization French
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{234E70A2-F1CD-A9DB-E122-7A089EADA315}" = Catalyst Control Center Localization Greek
"{245BBD95-C8FA-DD66-5CD6-71F4C4F5552E}" = Catalyst Control Center Graphics Light
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{28F1E7CB-E1E2-DA3F-09B9-5F36592EF4CB}" = Catalyst Control Center Localization Turkish
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C9083DF-AAEE-60A1-15C5-84299E4B51D1}" = CCC Help Russian
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35AC130A-B7B4-4AA7-85EB-D0A7E10B927E}" = PS7900
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A6EBAE2-B82D-5DAD-064E-E3F99C0F2BAA}" = CCC Help Chinese Traditional
"{3AFD3DA7-7223-5610-80FB-08C44561011E}" = CCC Help Czech
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BAF32E0-7877-37E1-F53A-8482393AA897}" = Catalyst Control Center Localization Norwegian
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0
"{42E351BC-E7C2-583C-D782-2DE6DF53F9B6}" = Catalyst Control Center Localization Chinese Traditional
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D9794C-2FE3-8180-2B1D-C0AD1926414B}" = CCC Help Dutch
"{46BF5495-A17D-4413-B165-97B9AAECBA92}" = ccc-core-static
"{47D2D455-2C1C-4922-A520-3E3466D783E1}" = Sony Media Manager 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C5FFAA8-579C-4B5E-8718-23923BDA5518}" = Catalyst Control Center Localization Russian
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4EFD6836-FC72-B269-032F-C689B21B3C97}" = Catalyst Control Center Localization Spanish
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{505FCE42-0DFF-128E-7270-7A524615B096}" = Catalyst Control Center Localization Finnish
"{517B8FB2-26EE-43B0-AE1B-07408860AA69}" = DigitImg
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{53E2DCBB-E6F7-4C83-B1EF-F78435B9814E}" = Sound Blaster X-Fi Xtreme Audio
"{5475BD3C-A5D5-155B-C4C6-56228AC12A43}" = Catalyst Control Center Localization Italian
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57BA8191-0CA4-1D2C-D4DC-6E4DDC2A2299}" = Warhammer 40,000: Dawn of War - Soulstorm
"{58394C6E-1D18-6ADD-D916-3B0855D16DC5}" = CCC Help Norwegian
"{5B64D674-D8D8-33A5-8728-8E527220F7C7}" = CCC Help Finnish
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{62FE8186-5A37-BC85-B271-DCB7A25BC33B}" = Catalyst Control Center Graphics Full Existing
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{655DFA09-0631-D7D4-FE37-BDEFE2113D32}" = CCC Help Korean
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7385EE94-C8DD-B2A5-6A43-C2A48EAB9A1C}" = CCC Help Chinese Standard
"{74C07829-4800-7CB5-DF82-8A8BE55F9091}" = CCC Help English
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{809E9D11-335A-4186-8767-CB8C6F3D7810}" = DropBox
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82DA76D0-A964-B120-B3BF-26BD6FA38787}" = Catalyst Control Center Core Implementation
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB5EA01-DDB9-CE5D-96BF-E6BE13DE1C97}" = CCC Help Turkish
"{8C59329A-FE1B-D00B-3208-9624776754EB}" = ccc-utility
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FBC47DC-8452-69AD-F042-8C7D0FA54DBA}" = CCC Help Japanese
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{93D98530-2627-3FAA-09BC-7C79462B34A0}" = Catalyst Control Center Localization Thai
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96DF5EA9-C6FB-62F8-48E4-F03885892CA7}" = CCC Help Swedish
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99774D8C-CAD0-3646-5EF6-706421D9CFCC}" = Catalyst Control Center Localization German
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B49BE56-7934-166F-7AFD-A14E38EBF8ED}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0582BFA-16B4-6573-38B0-29DD589FD43A}" = Catalyst Control Center Localization Korean
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A99AE198-60A2-0744-F768-F700EFDA4D2D}" = Catalyst Control Center Localization Chinese Standard
"{A9FF0492-05E5-F426-3104-3DDA813E2E23}" = Catalyst Control Center Graphics Previews Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype 5.5
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B7374768-A9FD-CD71-B0C7-8ACEEB6F731B}" = Catalyst Control Center Localization Dutch
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BFDB362F-4734-47B8-9CF1-81E972E931C7}" = dupeGuru Music Edition
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C34FB250-DAB9-4353-831C-9452BC2C16F3}" = Replay Media Catcher 4
"{C5F2DBF1-6A08-39D2-9871-BF8F29F73C88}" = Skins
"{C849D7B5-DCE7-9080-687E-CF5D3D535190}" = CCC Help Thai
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC9784BF-FB26-460A-B382-686773904152}_is1" = Vyzex MPD26
"{CCE74E03-4C99-915C-931D-C7264BCA9DDB}" = CCC Help Spanish
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D28695F9-31CD-783C-6F29-065B8737F8CA}" = Catalyst Control Center Localization Czech
"{D3A1CEC0-4D44-9ACA-A894-035269EE2C59}" = CCC Help Greek
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D63B08C9-50B9-D513-083C-BF9310149C35}" = Catalyst Control Center Graphics Full New
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D72384E0-9A6B-C04D-5AFA-E37C7472E6C0}" = Catalyst Control Center Localization Portuguese
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}" = HP Software Update
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E0BC8EAB-5967-C231-80E0-A90AC551C604}" = Catalyst Control Center Localization Swedish
"{E1929CF4-139E-B24F-42A2-BFE2DAB1F112}" = CCC Help Danish
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48D3F6F-9765-D114-72A1-A9B4590F7443}" = CCC Help Italian
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EBB19969-37BF-8449-A1ED-7E64ECBD6FBF}" = CCC Help Polish
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4A6D232-D1C0-1167-B29A-CB0F7986D499}" = CCC Help Portuguese
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F75CF7C3-AB31-4E4E-A38D-051D634EE2A6}" = Яндекс.Бар 5.2 для Internet Explorer
"{F95A9729-9678-3683-B3F2-FB706F7256C5}" = CCC Help German
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"All ATI Software" = ATI - Software Uninstall Utility
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"ATI Display Driver" = ATI Display Driver
"AudioCS" = Creative Audio Console
"avast" = avast! Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Easy CD-DA Extractor 2011" = Easy CD-DA Extractor 2011
"ESET Online Scanner" = ESET Online Scanner v3
"HMA! Pro VPN" = HMA! Pro VPN 2.6.9
"ie8" = Windows Internet Explorer 8
"IsoBuster_is1" = IsoBuster 2.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiPony" = MiPony 1.5.1
"MIXVIBES - U46MK2 Audio Driver Setup" = MIXVIBES - U46MK2 Audio Driver
"mmfsetup_is1" = MixMeister Fusion 7.3.5
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MVApplication1" = SureThing CD Labeler Deluxe 4
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"NVIDIA Drivers" = NVIDIA Drivers
"Oxelon Media Converter_is1" = Oxelon Media Converter 1.1
"Platinum Notes" = Platinum Notes 2.0
"ShowXpress_is1" = ShowXpress
"Soulseek2" = SoulSeek 157 NS 13e
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"SysInfo" = Creative System Information
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = Torrent
"VLC media player" = VLC media player 1.1.11
"voxware_is1" = Voxware Audio decoder 1.6
"Ward180" = Ward180
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.93
"Wise PC Engineer_is1" = Wise PC Engineer 6.3.8
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-839522115-1614895754-2147062339-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 4/14/2010 3:24:12 AM | Computer Name = PAST-594BFF0499 | Source = avast! | ID = 33554522
Description =

Error - 4/24/2010 10:11:30 PM | Computer Name = PAST-594BFF0499 | Source = avast! | ID = 33554522
Description =

Error - 6/11/2010 1:54:05 AM | Computer Name = PAST-594BFF0499 | Source = avast! | ID = 33554522
Description =

Error - 6/11/2010 2:47:22 AM | Computer Name = PAST-594BFF0499 | Source = avast! | ID = 33554522
Description =

Error - 6/11/2010 3:26:48 AM | Computer Name = PAST-594BFF0499 | Source = avast! | ID = 33554522
Description =

Error - 6/11/2010 3:34:49 AM | Computer Name = PAST-594BFF0499 | Source = avast! | ID = 33554522
Description =

Error - 8/11/2010 10:53:44 PM | Computer Name = PAST-594BFF0499 | Source = avast! | ID = 33554522
Description =

Error - 8/11/2010 11:20:13 PM | Computer Name = PAST-594BFF0499 | Source = avast! | ID = 33554522
Description =

Error - 8/11/2010 11:59:56 PM | Computer Name = PAST-594BFF0499 | Source = avast! | ID = 33554522
Description =

Error - 8/12/2010 12:30:17 AM | Computer Name = PAST-594BFF0499 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 12/23/2011 5:23:13 PM | Computer Name = PAST-594BFF0499 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/25/2011 9:22:09 AM | Computer Name = PAST-594BFF0499 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/25/2011 8:49:02 PM | Computer Name = PAST-594BFF0499 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 12/26/2011 12:21:34 AM | Computer Name = PAST-594BFF0499 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 1/5/2012 10:25:13 PM | Computer Name = PAST-594BFF0499 | Source = Application Error | ID = 1000
Description = Faulting application winamp.exe, version 5.5.6.2512, faulting module
winamp.exe, version 5.5.6.2512, fault address 0x0003dd2e.

Error - 1/6/2012 12:07:43 AM | Computer Name = PAST-594BFF0499 | Source = Application Error | ID = 1000
Description = Faulting application winamp.exe, version 5.5.6.2512, faulting module
winamp.exe, version 5.5.6.2512, fault address 0x0003dd2e.

Error - 1/7/2012 3:31:33 PM | Computer Name = PAST-594BFF0499 | Source = Application Error | ID = 1000
Description = Faulting application mipony.exe, version 1.5.1.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 1/17/2012 3:14:08 PM | Computer Name = PAST-594BFF0499 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 2/4/2012 9:26:52 PM | Computer Name = PAST-594BFF0499 | Source = MsiInstaller | ID = 11706
Description = Product: Replay Media Catcher 4 -- Error 1706. An installation package
for the product Replay Media Catcher 4 cannot be found. Try the installation again
using a valid copy of the installation package 'RMC.Setup.msi'.

Error - 2/19/2012 9:08:14 PM | Computer Name = PAST-594BFF0499 | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15641, faulting module
gmer.exe, version 1.0.15.15641, fault address 0x0000c676.

[ System Events ]
Error - 2/21/2012 3:13:35 AM | Computer Name = PAST-594BFF0499 | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).

Error - 2/21/2012 3:13:35 AM | Computer Name = PAST-594BFF0499 | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 2/21/2012 3:13:35 AM | Computer Name = PAST-594BFF0499 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066

Error - 2/21/2012 3:13:35 AM | Computer Name = PAST-594BFF0499 | Source = Service Control Manager | ID = 7000
Description = The LBeepKE service failed to start due to the following error: %%31

Error - 2/21/2012 3:13:35 AM | Computer Name = PAST-594BFF0499 | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 2/21/2012 3:13:35 AM | Computer Name = PAST-594BFF0499 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 2/21/2012 3:13:35 AM | Computer Name = PAST-594BFF0499 | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).

Error - 2/21/2012 3:13:35 AM | Computer Name = PAST-594BFF0499 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066

Error - 2/21/2012 3:13:35 AM | Computer Name = PAST-594BFF0499 | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).

Error - 2/21/2012 3:13:35 AM | Computer Name = PAST-594BFF0499 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066


< End of report >






aswMBR:








aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-20 21:35:12
-----------------------------
21:35:12.640 OS Version: Windows 5.1.2600 Service Pack 3
21:35:12.640 Number of processors: 2 586 0x1706
21:35:12.640 ComputerName: PAST-594BFF0499 UserName: Administrator
21:35:13.156 Initialze error C000010E - driver not loaded
21:35:13.218 AVAST engine defs: 12022002
21:35:49.218 Service scanning
21:35:49.562 Service .afd \? **LOCKED** 123
21:35:49.562 Service .cdrom \? **LOCKED** 123
21:35:49.562 Service .mrxsmb \* **LOCKED** 123
21:35:49.578 Service .netbt \? **LOCKED** 123
21:35:49.578 Service .serial \? **LOCKED** 123
21:36:03.953 Modules scanning
21:36:03.968 Disk 0 trace - called modules:
21:36:03.968
21:36:04.312 AVAST engine scan C:\WINDOWS
21:36:07.828 AVAST engine scan C:\WINDOWS\system32
21:37:44.406 AVAST engine scan C:\WINDOWS\system32\drivers
21:37:52.718 AVAST engine scan C:\Documents and Settings\Administrator
21:46:42.375 AVAST engine scan C:\Documents and Settings\All Users
21:47:51.578 Scan finished successfully
21:48:27.343 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"




Whatcha think?



D

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:44 AM

Posted 21 February 2012 - 11:00 AM

Hi,

Do you know what is this, it's in your desktop: C:\Documents and Settings\Administrator\Desktop\imtgiucr.exe


P2P Warning:

Torrent

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes .

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


=================================================


:step1: Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (npkcmsvc)
    IE - HKU\S-1-5-21-839522115-1614895754-2147062339-500\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - No CLSID value found
    IE - HKU\S-1-5-21-839522115-1614895754-2147062339-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-21-839522115-1614895754-2147062339-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [kell] c:\program Files\Manson\liser.exe File not found
    O4 - HKU\S-1-5-18..\Run: [kell] c:\program Files\Manson\liser.exe File not found
    O18 - Protocol\Handler\skype4com - No CLSID value found
    O20 - AppInit_DLLs: (c:\progra~1\Manson\liser.dll) - File not found
    File not found -- C:\Documents and Settings\Administrator\Desktop\[Torrentsworld.net] - VA-Promo Only Caribbean Series February-2010-XXL torrent [loadthedecks com].torrent
    File not found -- C:\Documents and Settings\Administrator\Desktop\[Torrentsworld.net] - Sony Sound Forge PRO 10 0 + KEYGEN [Professional Sound Editor] [ h33t ].torrent
    File not found -- C:\Documents and Settings\Administrator\Desktop\[Torrentreactor.to] - Spartacus Blood and Sand S01E14 HDTV XviD-SYS.torrent
    [2008/07/10 15:25:05 | 000,005,087 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ywasvxup.hvs
    [2012/01/11 10:20:27 | 000,014,768 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\eag4kc5fuawqy03w18yfr13
    [2012/01/11 10:20:27 | 000,014,768 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\eag4kc5fuawqy03w18yfr13
    [2012/01/09 19:31:24 | 000,012,672 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\21juy61aha1224gursi88rlkuu5mp68jeb6v60s3u11qst
    [2012/01/09 19:31:24 | 000,012,672 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\21juy61aha1224gursi88rlkuu5mp68jeb6v60s3u11qst
    [2012/01/08 13:07:17 | 000,013,890 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vh2274ug1oyx06p58o312dq7k2n4tdoin474xoxa8x76pj
    [2012/01/08 13:07:17 | 000,013,890 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\vh2274ug1oyx06p58o312dq7k2n4tdoin474xoxa8x76pj
    [2012/01/06 10:00:03 | 000,014,098 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ly036el178fysd08075qy86316l25xr415g3pj4f0vd132
    [2012/01/06 10:00:03 | 000,014,098 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ly036el178fysd08075qy86316l25xr415g3pj4f0vd132
    [2011/12/25 21:17:31 | 000,012,970 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\73pv3860r11boob22dqyv76u00q75h8t
    [2011/12/25 21:17:31 | 000,012,970 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\73pv3860r11boob22dqyv76u00q75h8t
    [2011/12/23 07:23:02 | 000,015,166 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\cpynbl4y1krm6osb1vih2w201v3e
    [2011/12/23 07:23:02 | 000,015,166 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\cpynbl4y1krm6osb1vih2w201v3e
    @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:036B9593
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1493A0EF
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications"=-
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [CREATERESTOREPOINT] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.



:step2: Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 Mr Darkwater

Mr Darkwater
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 21 February 2012 - 04:47 PM

OTL:




========== OTL ==========
Service npkcmsvc stopped successfully!
Service npkcmsvc deleted successfully!
Registry value HKEY_USERS\S-1-5-21-839522115-1614895754-2147062339-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\{C94E154B-1459-4A47-966B-4B843BEFC7DB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C94E154B-1459-4A47-966B-4B843BEFC7DB}\ not found.
Registry value HKEY_USERS\S-1-5-21-839522115-1614895754-2147062339-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
HKU\S-1-5-21-839522115-1614895754-2147062339-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\kell deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\kell not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\Manson\liser.dll deleted successfully.
C:\Documents and Settings\All Users\Application Data\ywasvxup.hvs moved successfully.
C:\Documents and Settings\All Users\Application Data\eag4kc5fuawqy03w18yfr13 moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\eag4kc5fuawqy03w18yfr13 moved successfully.
C:\Documents and Settings\All Users\Application Data\21juy61aha1224gursi88rlkuu5mp68jeb6v60s3u11qst moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\21juy61aha1224gursi88rlkuu5mp68jeb6v60s3u11qst moved successfully.
C:\Documents and Settings\All Users\Application Data\vh2274ug1oyx06p58o312dq7k2n4tdoin474xoxa8x76pj moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\vh2274ug1oyx06p58o312dq7k2n4tdoin474xoxa8x76pj moved successfully.
C:\Documents and Settings\All Users\Application Data\ly036el178fysd08075qy86316l25xr415g3pj4f0vd132 moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\ly036el178fysd08075qy86316l25xr415g3pj4f0vd132 moved successfully.
C:\Documents and Settings\All Users\Application Data\73pv3860r11boob22dqyv76u00q75h8t moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\73pv3860r11boob22dqyv76u00q75h8t moved successfully.
C:\Documents and Settings\All Users\Application Data\cpynbl4y1krm6osb1vih2w201v3e moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\cpynbl4y1krm6osb1vih2w201v3e moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:036B9593 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1493A0EF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DisableNotifications deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.33.1 log created on 02212012_113214




Now for ComboFix. It runs through the scan but stops giving me a warning saying Do Not in Compatibility Mode
and that doing so may damage the machine.

All windows are closed were closed when I ran the scan.


:(



D

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:44 AM

Posted 22 February 2012 - 09:57 AM

Did Combofix give you the option to "Accept" or "Continue" when the error "Do Not in run Compatibility Mode" pop-up?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 Mr Darkwater

Mr Darkwater
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 22 February 2012 - 10:17 PM

It was an "OK" button.

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:44 AM

Posted 23 February 2012 - 05:28 AM

Can you please confirm that the OS is Windows XP Professional Edition Service Pack 3?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:44 AM

Posted 28 February 2012 - 11:35 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:44 AM

Posted 29 February 2012 - 06:59 AM

This topic has been re-opened at the request of the person who originally posted.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 Mr Darkwater

Mr Darkwater
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 29 February 2012 - 02:05 PM

Yes it is Service Pack 3 of Windows XP Professional Edition.

#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:05:44 AM

Posted 29 February 2012 - 11:52 PM

OK thanks. Please delete your copy of Combofix and then download a new copy and run it again.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 Mr Darkwater

Mr Darkwater
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 03 March 2012 - 06:15 PM

What Combofix version should I be running so I make sure I am not running an older one?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users