I have had problems with IE for about 3 weeks. It redirects me after each search and now it is to the point that it will not open. I ran a scan and and it found that I had Trojan: Win32\Alureon.CT and Virus:Win32\Alureon.H. I can use google chrome but my IE will not open at all. I have tried the combo fix but it also will not run as it says that AVG is installed. I have uninstalled AVG. so I don't understand this. I am to the point that I can barely use my pc. Any help would be very appreciated.

Here is my malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5199

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/27/2010 11:39:31 AM
mbam-log-2010-11-27 (11-39-31).txt

Scan type: Quick scan
Objects scanned: 140982
Time elapsed: 6 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4c350b19-6ca1-4569-b14c-296d8d6535b2} (Adware.Jookz) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4c350b19-6ca1-4569-b14c-296d8d6535b2} (Adware.Jookz) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4c350b19-6ca1-4569-b14c-296d8d6535b2} (Adware.Jookz) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hello, and welcome to The Ultimate Geek TaskForce!

Please note the following information about the malware forum:

• Only Trained Advisors, Moderators and Administrators are allowed to give advice on removing malware from your computer.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  
• If you have already asked for help somewhere, please post the link to the topic you were helped.
  
• We try our best to reply quickly, but for any reason we do not reply in two days, do this:
  
  Reply to this topic with the word BUMP.
  
  
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

---

Please download TDSSKiller from here and save it to your Desktop.

• Doubleclick TDSSKiller.exe to run the tool
  
• Click the Start Scan button
  
• After the scan has finished, click the Close button
  
• Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

I have sent logs to microsoft, but have not done anything with them and wont. I also have downloaded and ran scans with pc tools spyware doctor but will not use it now after getting an answer from you. I am also unable to update anything and my anti-spyware and firewalls get turned off right after I turn them back on, so I am really unprotected. Also my Avast keeps poping up every minute or so saying it has stopped a harmful site
C:\\Windows\System32\svchost.exe
I am not sure what this is.
Anyway thanks for all your help on this.

Here is the log.

2010/11/28 07:19:00.0390 TDSS rootkit removing tool 2.4.9.0 Nov 26 2010 15:38:31
2010/11/28 07:19:00.0390 ================================================================================
2010/11/28 07:19:00.0391 SystemInfo:
2010/11/28 07:19:00.0391
2010/11/28 07:19:00.0391 OS Version: 6.1.7600 ServicePack: 0.0
2010/11/28 07:19:00.0391 Product type: Workstation
2010/11/28 07:19:00.0392 ComputerName: GYPSY-PC
2010/11/28 07:19:00.0399 UserName: Gypsy
2010/11/28 07:19:00.0399 Windows directory: C:\Windows
2010/11/28 07:19:00.0399 System windows directory: C:\Windows
2010/11/28 07:19:00.0400 Processor architecture: Intel x86
2010/11/28 07:19:00.0400 Number of processors: 2
2010/11/28 07:19:00.0400 Page size: 0x1000
2010/11/28 07:19:00.0400 Boot type: Normal boot
2010/11/28 07:19:00.0400 ================================================================================
2010/11/28 07:19:01.0563 Initialize success
2010/11/28 07:19:06.0890 ================================================================================
2010/11/28 07:19:06.0891 Scan started
2010/11/28 07:19:06.0891 Mode: Manual;
2010/11/28 07:19:06.0891 ================================================================================
2010/11/28 07:19:08.0706 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/11/28 07:19:08.0763 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/11/28 07:19:08.0809 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/11/28 07:19:08.0862 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/11/28 07:19:08.0925 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/11/28 07:19:08.0970 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/11/28 07:19:09.0040 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/11/28 07:19:09.0083 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/11/28 07:19:09.0121 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/11/28 07:19:09.0166 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/11/28 07:19:09.0205 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/11/28 07:19:09.0227 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/11/28 07:19:09.0273 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/11/28 07:19:09.0297 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/11/28 07:19:09.0335 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/11/28 07:19:09.0372 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/11/28 07:19:09.0411 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/11/28 07:19:09.0461 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/11/28 07:19:09.0670 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/11/28 07:19:09.0729 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/11/28 07:19:09.0801 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2010/11/28 07:19:09.0883 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2010/11/28 07:19:09.0932 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2010/11/28 07:19:09.0988 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2010/11/28 07:19:10.0028 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2010/11/28 07:19:10.0076 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/28 07:19:10.0113 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/11/28 07:19:10.0323 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
2010/11/28 07:19:10.0365 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
2010/11/28 07:19:10.0409 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\system32\Drivers\avgtdix.sys
2010/11/28 07:19:10.0464 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/11/28 07:19:10.0516 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/11/28 07:19:10.0611 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/11/28 07:19:10.0718 BDFM (8d4efc5c378bffe34c298c92f37d3b14) C:\Windows\system32\DRIVERS\bdfm.sys
2010/11/28 07:19:10.0966 bdfsfltr (4c44d82e372a87b3cb439a7f14cfef03) C:\Windows\system32\DRIVERS\bdfsfltr.sys
2010/11/28 07:19:11.0237 bdselfpr (0dc43ebf2a3b0ce455c02bdb70097e35) C:\Users\Gypsy\AppData\Local\Temp\RarSFX0\bdselfpr.sys
2010/11/28 07:19:11.0245 Suspicious file (Forged): C:\Users\Gypsy\AppData\Local\Temp\RarSFX0\bdselfpr.sys. Real md5: 0dc43ebf2a3b0ce455c02bdb70097e35, Fake md5: d7277471a99f7f5ac302494acaf6c65c
2010/11/28 07:19:11.0274 bdselfpr - detected Forged file (1)
2010/11/28 07:19:11.0320 Bdvedisk (375cd0b9f433465ec6f50d4df44e9448) C:\Windows\system32\DRIVERS\bdvedisk.sys
2010/11/28 07:19:11.0368 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/11/28 07:19:11.0422 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/11/28 07:19:11.0458 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/28 07:19:11.0496 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/11/28 07:19:11.0536 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/11/28 07:19:11.0600 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/11/28 07:19:11.0649 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/11/28 07:19:11.0684 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/11/28 07:19:11.0715 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/11/28 07:19:11.0762 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/11/28 07:19:11.0818 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/28 07:19:11.0861 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/28 07:19:11.0903 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/11/28 07:19:11.0968 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/11/28 07:19:12.0016 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/28 07:19:12.0053 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/11/28 07:19:12.0094 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/11/28 07:19:12.0137 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/28 07:19:12.0173 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/11/28 07:19:12.0224 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/11/28 07:19:12.0303 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/11/28 07:19:12.0387 DbusAudio (ff6e54b49607cc0f37d675b763735570) C:\Windows\system32\drivers\DbusAudio.sys
2010/11/28 07:19:12.0453 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/11/28 07:19:12.0510 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/11/28 07:19:12.0576 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/11/28 07:19:12.0656 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/11/28 07:19:12.0734 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/28 07:19:12.0906 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/11/28 07:19:13.0145 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/11/28 07:19:13.0204 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/11/28 07:19:13.0270 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/11/28 07:19:13.0303 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/11/28 07:19:13.0346 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/28 07:19:13.0399 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/11/28 07:19:13.0435 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/11/28 07:19:13.0469 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/28 07:19:13.0529 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/11/28 07:19:13.0581 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/11/28 07:19:13.0632 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/11/28 07:19:13.0683 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/28 07:19:13.0749 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/11/28 07:19:13.0800 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/11/28 07:19:13.0880 HBtnKey (88a78635b41ed4b261365fadeb28fe81) C:\Windows\system32\DRIVERS\cpqbttn.sys
2010/11/28 07:19:13.0926 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/11/28 07:19:13.0982 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/11/28 07:19:14.0025 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/28 07:19:14.0062 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/11/28 07:19:14.0094 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/11/28 07:19:14.0129 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/11/28 07:19:14.0174 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/28 07:19:14.0259 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2010/11/28 07:19:14.0302 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/11/28 07:19:14.0348 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/11/28 07:19:14.0394 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/11/28 07:19:14.0431 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/28 07:19:14.0478 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/11/28 07:19:14.0522 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/11/28 07:19:14.0598 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/11/28 07:19:14.0629 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/28 07:19:14.0797 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/28 07:19:14.0902 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/11/28 07:19:14.0945 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/11/28 07:19:14.0991 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/11/28 07:19:15.0028 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/11/28 07:19:15.0066 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/28 07:19:15.0110 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/28 07:19:15.0146 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/28 07:19:15.0197 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/28 07:19:15.0258 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/11/28 07:19:15.0328 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/28 07:19:15.0397 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/11/28 07:19:15.0428 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/11/28 07:19:15.0480 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/11/28 07:19:15.0512 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/11/28 07:19:15.0550 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/11/28 07:19:15.0596 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/11/28 07:19:15.0640 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/11/28 07:19:15.0698 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/11/28 07:19:15.0741 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/28 07:19:15.0766 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/28 07:19:15.0800 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/28 07:19:15.0837 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/11/28 07:19:15.0874 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/11/28 07:19:15.0916 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/28 07:19:15.0966 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/11/28 07:19:16.0029 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/28 07:19:16.0065 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/28 07:19:16.0119 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/28 07:19:16.0153 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/11/28 07:19:16.0199 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/11/28 07:19:16.0260 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/11/28 07:19:16.0292 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/11/28 07:19:16.0322 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/11/28 07:19:16.0368 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/28 07:19:16.0406 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/28 07:19:16.0442 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/11/28 07:19:16.0479 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/11/28 07:19:16.0527 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/28 07:19:16.0551 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/11/28 07:19:16.0578 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/11/28 07:19:16.0616 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/11/28 07:19:16.0662 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/28 07:19:16.0724 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/11/28 07:19:16.0776 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/11/28 07:19:16.0807 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/28 07:19:16.0838 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/28 07:19:16.0901 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/28 07:19:16.0929 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/11/28 07:19:16.0973 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/28 07:19:17.0011 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/28 07:19:17.0083 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/11/28 07:19:17.0142 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/11/28 07:19:17.0181 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/28 07:19:17.0258 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/11/28 07:19:17.0350 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/11/28 07:19:17.0689 nvlddmkm (05b288b25c2ebd9a4e9e5114ae790876) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/11/28 07:19:17.0983 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/11/28 07:19:18.0020 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/11/28 07:19:18.0064 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/11/28 07:19:18.0108 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/28 07:19:18.0173 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/11/28 07:19:18.0213 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/11/28 07:19:18.0253 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/11/28 07:19:18.0294 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/11/28 07:19:18.0323 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/11/28 07:19:18.0366 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/11/28 07:19:18.0449 PCTCore (8f93fb300deac55c553c2255f1d0342d) C:\Windows\system32\drivers\PCTCore.sys
2010/11/28 07:19:18.0562 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
2010/11/28 07:19:18.0644 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
2010/11/28 07:19:18.0713 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/11/28 07:19:18.0775 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/11/28 07:19:18.0971 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/28 07:19:19.0012 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/11/28 07:19:19.0066 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/28 07:19:19.0145 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/11/28 07:19:19.0219 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/11/28 07:19:19.0273 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/28 07:19:19.0312 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/28 07:19:19.0352 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/11/28 07:19:19.0392 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/28 07:19:19.0438 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/28 07:19:19.0471 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/28 07:19:19.0515 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/28 07:19:19.0547 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/11/28 07:19:19.0581 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/28 07:19:19.0642 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/11/28 07:19:19.0674 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/28 07:19:19.0713 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/11/28 07:19:19.0755 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/11/28 07:19:19.0795 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/11/28 07:19:19.0878 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/11/28 07:19:20.0015 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/11/28 07:19:20.0192 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/11/28 07:19:20.0264 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/28 07:19:20.0311 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/11/28 07:19:20.0356 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/11/28 07:19:20.0400 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/11/28 07:19:20.0475 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2010/11/28 07:19:20.0543 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/28 07:19:20.0603 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/28 07:19:20.0641 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/11/28 07:19:20.0666 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/11/28 07:19:20.0738 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/11/28 07:19:20.0773 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/11/28 07:19:20.0808 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/11/28 07:19:20.0842 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/11/28 07:19:20.0904 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/11/28 07:19:20.0933 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/11/28 07:19:20.0967 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/11/28 07:19:21.0003 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/11/28 07:19:21.0058 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/11/28 07:19:21.0149 srv (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys
2010/11/28 07:19:21.0226 srv2 (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/28 07:19:21.0316 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/11/28 07:19:21.0420 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/11/28 07:19:21.0542 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/11/28 07:19:21.0618 srvnet (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/28 07:19:21.0670 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
2010/11/28 07:19:21.0722 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2010/11/28 07:19:21.0776 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
2010/11/28 07:19:21.0836 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
2010/11/28 07:19:21.0901 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/11/28 07:19:21.0968 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/11/28 07:19:22.0009 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/11/28 07:19:22.0050 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/28 07:19:22.0208 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/11/28 07:19:22.0311 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/28 07:19:22.0357 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/28 07:19:22.0397 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/11/28 07:19:22.0424 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/11/28 07:19:22.0463 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/28 07:19:22.0489 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/28 07:19:22.0605 Trufos (21d940160c67ade7448dad6c1d504a62) C:\Windows\system32\DRIVERS\Trufos.sys
2010/11/28 07:19:22.0667 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/28 07:19:22.0703 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/28 07:19:22.0745 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/11/28 07:19:22.0788 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/28 07:19:22.0860 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/11/28 07:19:22.0932 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/28 07:19:22.0986 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/11/28 07:19:23.0064 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/28 07:19:23.0104 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/11/28 07:19:23.0151 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/28 07:19:23.0190 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/28 07:19:23.0223 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/28 07:19:23.0260 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/28 07:19:23.0301 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/11/28 07:19:23.0360 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/28 07:19:23.0395 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/28 07:19:23.0444 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2010/11/28 07:19:23.0491 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/11/28 07:19:23.0533 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/28 07:19:23.0588 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/11/28 07:19:23.0625 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/11/28 07:19:23.0662 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/11/28 07:19:23.0698 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/11/28 07:19:23.0737 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/11/28 07:19:23.0786 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/11/28 07:19:23.0832 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/11/28 07:19:23.0867 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/11/28 07:19:23.0927 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/11/28 07:19:24.0013 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/11/28 07:19:24.0095 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/11/28 07:19:24.0161 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/11/28 07:19:24.0195 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/11/28 07:19:24.0263 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/11/28 07:19:24.0317 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/28 07:19:24.0342 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/28 07:19:24.0429 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/11/28 07:19:24.0484 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/28 07:19:24.0591 WfpLwf (6f93a7fdae59366220b591c4464283d1) C:\Windows\system32\DRIVERS\WFPLWF.SYS
2010/11/28 07:19:24.0592 Suspicious file (Forged): C:\Windows\system32\DRIVERS\WFPLWF.SYS. Real md5: 6f93a7fdae59366220b591c4464283d1, Fake md5: 8b9a943f3b53861f2bfaf6c186168f79
2010/11/28 07:19:24.0601 WfpLwf - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/11/28 07:19:24.0631 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/11/28 07:19:24.0738 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/11/28 07:19:24.0798 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/28 07:19:24.0869 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/28 07:19:24.0935 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/11/28 07:19:24.0975 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/28 07:19:25.0079 ================================================================================
2010/11/28 07:19:25.0079 Scan finished
2010/11/28 07:19:25.0079 ================================================================================
2010/11/28 07:19:25.0102 Detected object count: 2
2010/11/28 07:20:21.0366 Forged file(bdselfpr) - User select action: Skip
2010/11/28 07:20:21.0436 WfpLwf (6f93a7fdae59366220b591c4464283d1) C:\Windows\system32\DRIVERS\WFPLWF.SYS
2010/11/28 07:20:21.0438 Suspicious file (Forged): C:\Windows\system32\DRIVERS\WFPLWF.SYS. Real md5: 6f93a7fdae59366220b591c4464283d1, Fake md5: 8b9a943f3b53861f2bfaf6c186168f79
2010/11/28 07:20:21.0633 Backup copy found, using it..
2010/11/28 07:20:21.0724 C:\Windows\system32\DRIVERS\WFPLWF.SYS - will be cured after reboot
2010/11/28 07:20:21.0724 Rootkit.Win32.TDSS.tdl3(WfpLwf) - User select action: Cure

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

• Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  
• Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  
• Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  
• It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  
• Once inside the interface, do not fix anything. Click on the Report tab.
  
• Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  
• It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  
• When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

I am either unable to do this or am not understanding the instructions to "Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"

When I right-click a tab pops up and I can scan it using differnt scans,share it, send it copy, past it, all that stuff, then if I mouse over to 7zip nothing happens, there is no extract option.

Do you mean to drag and drop the RKU to the 7-Zip? Sorry but not clear on what to do here? Thanks

nevermind my last post I got it. Sorry about that. will post after completing your tasks.

ok

Here is the report part 1:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtCreateProcess, Type: Address change 0x82D21E61-->88875A96 [C:\Windows\system32\drivers\PCTCore.sys]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Address change 0x82D21EAC-->88875D5E [C:\Windows\system32\drivers\PCTCore.sys]
ntkrnlpa.exe-->NtCreateUserProcess, Type: Address change 0x82C9CE6C-->8887605A [C:\Windows\system32\drivers\PCTCore.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x82CA8BCD-->88875506 [C:\Windows\system32\drivers\PCTCore.sys]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x862C3CC0 [368] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0x876FF4F0 [440] C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools, PC Tools Security Service)
0x867AA030 [476] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x876DA5E0 [484] C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools, PC Tools Auxiliary Service)
0x86202D40 [536] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x86ABC4D0 [548] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x86B2CD40 [600] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x86B31D40 [616] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x86B4B8F8 [632] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x86B48B18 [640] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x86D106B8 [784] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x862423D8 [872] C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 179.67)
0x87724030 [888] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation, Microsoft SeaPort Search Enhancement Broker)
0x86D9F360 [908] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86E22D40 [972] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8570B7E0 [1008] C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE (Microsoft Corporation, Microsoft Office Outlook)
0x86EC0B18 [1048] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x85267240 [1132] C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc., Adobe® Flash® Player Installer/Uninstaller 10.1 r82)
0x8716ED40 [1256] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8718AD40 [1304] C:\Windows\System32\rundll32.exe (Microsoft Corporation, Windows host process (Rundll32))
0x877BA5B0 [1420] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp., Microsoft® Windows Live ID Service)
0x84F7AD40 [1464] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x871CDB18 [1504] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x871EFD40 [1608] C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software, avast! Service)
0x8773CD40 [1844] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0xAEBC4D40 [1856] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8781A498 [1872] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x879FED40 [1952] C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd., Browser Defender Update Service)
0x854B7990 [2060] C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE (Microsoft Corporation, Microsoft Office Outlook)
0x855BE030 [2068] C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (-, HpqToaster Module)
0x87905450 [2076] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp., Microsoft® Windows Live ID Service Monitor)
0x878FD030 [2408] C:\Windows\System32\taskhost.exe (Microsoft Corporation, Host Process for Windows Tasks)
0x8624D608 [2488] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
0xCDC711B8 [2500] C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE (Microsoft Corporation, Microsoft Office Outlook)
0x87CE88F8 [2548] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0x879A19F8 [2672] C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P., hpqwmiex Module)
0x87B9C030 [3052] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard, HP Wireless Assistant Main Program)
0x877A28F0 [3060] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P., Quick Launch Buttons)
0x87B2B030 [3084] C:\Windows\System32\rundll32.exe (Microsoft Corporation, Windows host process (Rundll32))
0x87B8EB18 [3092] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc., RealNetworks Scheduler)
0x87C08840 [3168] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software, avast! Antivirus)
0x850FFA58 [3268] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xB1142578 [3308] C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE (Microsoft Corporation, Microsoft Office Outlook)
0x87BA6A70 [3408] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools, PC Tools GUI Application)
0x85FCFA68 [3416] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd., FakeGuard Module)
0x853308F8 [4028] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P., Com for QLB application)
0x85A8FD40 [4068] C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe (Microsoft Corp., Bing Bar)
0x86BD83B8 [4324] C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc., Google Toolbar Broker)
0x880F6030 [4528] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8545B840 [4672] C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE (Microsoft Corporation, Microsoft Office Outlook)
0xD321C968 [5148] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0xA4EC3310 [5388] C:\Windows\System32\MustBeRandomlyNamed\qwfgNuW21nsk.exe (UG North, RKULE, SR2 Normandy)
0xDD2E7D40 [5608] C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE (Microsoft Corporation, Microsoft Office Outlook)
0x87A7D830 [5656] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0xB02311E8 [5812] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x879A1368 [5916] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x87F57030 [5988] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x86F1F700 [6128] C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation, Microsoft Search Client Server)
0x84DCABF8 [4] System
0x9193C748 [2648] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )
==============================================
>Drivers
==============================================
0x8FC3A000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7548928 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 179.67 )
0x82A47000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82A47000 PnpManager 4259840 bytes
0x82A47000 RAW 4259840 bytes
0x82A47000 WMIxWDM 4259840 bytes
0x93540000 Win32k 2400256 bytes
0x93540000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x88E07000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x88A23000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8F65D000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1146880 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x9064D000 C:\Windows\system32\DRIVERS\VSTDPV3.SYS 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x90416000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88C16000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8F80C000 C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8348F000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x888FC000 C:\Windows\system32\drivers\pctEFA.sys 675840 bytes (PC Tools, PC Tools Extended File Attributes)
0x99D62000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x99C21000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8353A000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8EB5F000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x88B90000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8EA37000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x888A5000 C:\Windows\system32\drivers\pctDS.sys 356352 bytes (PC Tools, PC Tools Data Store)
0x8F60B000 C:\Windows\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0x9A882000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x8F77F000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x88819000 C:\Windows\system32\DRIVERS\bdfsfltr.sys 323584 bytes (BitDefender, BitDefender AntiVirus FS filter driver)
0x9A833000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x93400000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8EEE2000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x83723000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8362D000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8F982000 C:\Windows\system32\DRIVERS\Trufos.sys 294912 bytes (BitDefender S.R.L., Trufos Kernel Module)
0x9074F000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x903A1000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8344D000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8EAFE000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x88F8A000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x88CCD000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x88868000 C:\Windows\system32\drivers\PCTCore.sys 249856 bytes (PC Tools, PC Tools KDS Core Driver)
0x90610000 C:\Windows\system32\DRIVERS\VSTAZL3.SYS 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x99CF4000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x835B9000 C:\Windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x904CD000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82A10000 ACPI_HAL 225280 bytes
0x8F948000 C:\Windows\system32\drivers\aswMonFlt.sys 225280 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x82A10000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8EE20000 C:\Windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x8367E000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9036D000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x88D48000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x889CD000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x88F50000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8FC00000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x88FD1000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8EF5B000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x88B52000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x836BA000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8EE54000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
0x88D8B000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x88D0B000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8F8E7000 C:\Windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)
0x837A2000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x99CD1000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9057F000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x907B8000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8EE7B000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x88DB0000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8EF3C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8EA9D000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x937D0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8F92D000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x99D2F000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8F9CA000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x99CA6000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8F7CF000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8EF87000 C:\Windows\system32\DRIVERS\sdbus.sys 102400 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8EBC3000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x90506000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x9055C000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x905A1000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x905B9000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x905D0000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x889A1000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x8F8CE000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x83783000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8EBE9000 C:\Windows\system32\DRIVERS\bdvedisk.sys 81920 bytes (BitDefender, FileVault Disk Driver)
0x8EFB1000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8EEB5000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x88B7D000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x907A5000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8EADB000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9054A000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8EE9C000 C:\Windows\system32\DRIVERS\amdk8.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x9A98C000 C:\Windows\system32\drivers\klmd.sys 73728 bytes
0x99CBF000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x88D7A000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x837CE000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x903E5000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x836EF000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x83434000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8EFA0000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD/MMC Driver)
0x8EABC000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x8F9E4000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x88D30000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x90795000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8EAEE000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x83713000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8EF2D000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8EBDB000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8EACD000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x88A14000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x83775000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x88BED000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x90400000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x835AB000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x9053D000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x9A94F000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x90523000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8F8C1000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x90530000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x99C0A000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x88DEF000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8EB53000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x905F3000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x88DE3000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x83708000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x83429000 C:\Windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)
0x9A981000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x88A09000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x90574000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x889B8000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x836E4000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x889C3000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x8F918000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8EB49000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8EB3F000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x905E7000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x99C00000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8EED8000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8F775000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x837C5000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x9A946000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x83799000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x88A00000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9A99E000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x9A8D3000 C:\Program Files\PC Tools Security\PCTSDInj32.sys 36864 bytes (PC Tools, UM Injection Driver)
0x937A0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x88F81000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8EECF000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x83675000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x83445000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x83700000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x88D40000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BA4000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x836B2000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x88C00000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88C08000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x88DD1000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x88FC9000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x88DDC000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8EEC8000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x88E00000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8376E000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8EA96000 C:\Windows\SYSTEM32\DRIVERS\WFPLWF.SYS 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8EA00000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x8EA91000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x9051E000 C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 20480 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver)
0x8EEAE000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8F97F000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x8EEB2000 C:\Windows\system32\DRIVERS\cpqbttn.sys 12288 bytes (Hewlett-Packard Development Company, L.P., HP Tablet PC Key Button HID Driver)
0x905F1000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8F8E5000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
!!!!!!!!!!!Hidden driver: 0x860F1AEA ?_empty_? 1302 bytes
0x860F1EC5 unknown_irp_handler 315 bytes
!!!!!!!!!!!Hidden driver: 0x8616C490 ?_empty_? 0 bytes
==============================================

part 2:

>Stealth
==============================================
0x83799000 WARNING: suspicious driver modification [atapi.sys::0x860F1AEA]
0x66550000 Hidden Image-->System.Runtime.Serialization.ni.dll [ EPROCESS 0x85A8FD40 ] PID: 4068, 1196032 bytes
0x66550000 Hidden Image-->System.Runtime.Serialization.ni.dll [ EPROCESS 0x87F57030 ] PID: 5988, 1196032 bytes
0x66520000 Hidden Image-->System.ServiceModel.Web.ni.dll [ EPROCESS 0x85A8FD40 ] PID: 4068, 143360 bytes
0x66520000 Hidden Image-->System.ServiceModel.Web.ni.dll [ EPROCESS 0x87F57030 ] PID: 5988, 143360 bytes
0x66090000 Hidden Image-->System.Core.ni.dll [ EPROCESS 0x85A8FD40 ] PID: 4068, 2375680 bytes
0x66090000 Hidden Image-->System.Core.ni.dll [ EPROCESS 0x87F57030 ] PID: 5988, 2375680 bytes
0x00EB0000 Hidden Image-->Interop.HPQWMIEXLib.dll [ EPROCESS 0x87B9C030 ] PID: 3052, 28672 bytes
0x00FA0000 Hidden Image-->Interop.HPQTOASTERLib.dll [ EPROCESS 0x87B9C030 ] PID: 3052, 28672 bytes
0x8EA96000 WARNING: Virus alike driver modification [WFPLWF.SYS], 28672 bytes
0x00A50000 Hidden Image-->HPWAMain.resources.dll [ EPROCESS 0x87B9C030 ] PID: 3052, 36864 bytes
0x68600000 Hidden Image-->System.Windows.Browser.ni.dll [ EPROCESS 0x85A8FD40 ] PID: 4068, 380928 bytes
0x68600000 Hidden Image-->System.Windows.Browser.ni.dll [ EPROCESS 0x87F57030 ] PID: 5988, 380928 bytes
0x66680000 Hidden Image-->System.Windows.ni.dll [ EPROCESS 0x85A8FD40 ] PID: 4068, 4476928 bytes
0x66680000 Hidden Image-->System.Windows.ni.dll [ EPROCESS 0x87F57030 ] PID: 5988, 4476928 bytes
0x9A906F2E Unknown thread object [ ETHREAD 0x85904020 ] , 600 bytes
0x67000000 Hidden Image-->mscorlib.ni.dll [ EPROCESS 0x85A8FD40 ] PID: 4068, 6197248 bytes
0x67000000 Hidden Image-->mscorlib.ni.dll [ EPROCESS 0x87F57030 ] PID: 5988, 6197248 bytes
0x662E0000 Hidden Image-->System.Net.ni.dll [ EPROCESS 0x85A8FD40 ] PID: 4068, 659456 bytes
0x662E0000 Hidden Image-->System.Net.ni.dll [ EPROCESS 0x87F57030 ] PID: 5988, 659456 bytes
0x66C10000 Hidden Image-->System.ni.dll [ EPROCESS 0x85A8FD40 ] PID: 4068, 671744 bytes
0x66C10000 Hidden Image-->System.ni.dll [ EPROCESS 0x87F57030 ] PID: 5988, 671744 bytes
0x65FC0000 Hidden Image-->System.Xml.ni.dll [ EPROCESS 0x85A8FD40 ] PID: 4068, 847872 bytes
0x65FC0000 Hidden Image-->System.Xml.ni.dll [ EPROCESS 0x87F57030 ] PID: 5988, 847872 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat::$DATA
!-->[Hidden] C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat::$DATA
!-->[Hidden] C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_svchost.exe_def2ddcebc21279351a5983e1239f72ebd1abc7_1341075c\Report.wer
!-->[Hidden] C:\ProgramData\Real\setup\config.ini::$DATA
!-->[Hidden] C:\Users\Gypsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KKICUN7\rssCAP1BFWM
!-->[Hidden] C:\Users\Gypsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\216YWIJR\rssCAQ0SMI7
!-->[Hidden] C:\Users\Gypsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARX3PAVM\QuoteRequestCAQFQQAN.txt
!-->[Hidden] C:\Users\Gypsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q586RQXI\QuoteRequestCA3BEAIV.txt
!-->[Hidden] C:\Users\Gypsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q586RQXI\rssCA07HVYQ
!-->[Hidden] C:\Users\Gypsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2Z9LS7WO\ppEY[2].txt
!-->[Hidden] C:\Users\Gypsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5WL4I0HZ\18747993[1].rss
!-->[Hidden] C:\Users\Gypsy\AppData\Local\Temp\Low\415303181942878824.tmp
!-->[Hidden] C:\Users\Gypsy\AppData\Local\Temp\~DF057A41767851A83E.TMP::$DATA
!-->[Hidden] C:\Users\Gypsy\AppData\Local\Temp\~DF2BA19FB07840639F.TMP::$DATA
!-->[Hidden] C:\Users\Gypsy\AppData\Local\Temp\~DF35891B96A58D509D.TMP::$DATA
!-->[Hidden] C:\Users\Gypsy\AppData\Local\Temp\~DF8EC5A66E3A0AE9F7.TMP::$DATA
!-->[Hidden] C:\Users\Gypsy\AppData\Local\Temp\~DFC3258C05808A39B9.TMP::$DATA
!-->[Hidden] C:\Users\Gypsy\AppData\Local\Temp\~DFDEAC9CA4825F9E8B.TMP::$DATA
!-->[Hidden] C:\Users\Gypsy\AppData\Local\Temp\~DFF6228E962D63618A.TMP::$DATA
!-->[Hidden] C:\Users\Gypsy\AppData\Local\Temp\~DFFDF634C016B4B058.TMP::$DATA
!-->[Hidden] C:\Users\Gypsy\Pictures\actions\mw_dreamy_glow+cleanup_12_07.atn::$DATA
!-->[Hidden] C:\Users\Gypsy\Pictures\actions\mw_dreamy_glow+cleanup_12_07.atn:Zone.Identifier:$DATA
!-->[Hidden] C:\Users\Gypsy\Pictures\actions\mw_dreamy_glow_11_06\__MACOSX\._mw_dreamy_glow_11_06::$DATA
!-->[Hidden] C:\Users\Gypsy\Pictures\actions\mw_dreamy_glow_11_06\__MACOSX\._mw_dreamy_glow_11_06:Zone.Identifier:$DATA
!-->[Hidden] C:\Users\Gypsy\Pictures\actions\mw_dreamy_glow_11_06\__MACOSX\mw_dreamy_glow_11_06\._.DS_Store::$DATA
!-->[Hidden] C:\Users\Gypsy\Pictures\actions\mw_dreamy_glow_11_06\__MACOSX\mw_dreamy_glow_11_06\._.DS_Store:Zone.Identifier:$DATA
!-->[Hidden] C:\Users\Gypsy\Pictures\actions\mw_dreamy_glow_11_06\__MACOSX\mw_dreamy_glow_11_06\._mw_dreamy_glow+cleanup_12_07.atn::$DATA
!-->[Hidden] C:\Users\Gypsy\Pictures\actions\mw_dreamy_glow_11_06\__MACOSX\mw_dreamy_glow_11_06\._mw_dreamy_glow+cleanup_12_07.atn:Zone.Identifier:$DATA
!-->[Hidden] C:\Users\Gypsy\Pictures\actions\mw_dreamy_glow_11_06\__MACOSX\mw_dreamy_glow_11_06\._Read_me_Loading_Actions.rtf::$DATA
!-->[Hidden] C:\Users\Gypsy\Pictures\actions\mw_dreamy_glow_11_06\__MACOSX\mw_dreamy_glow_11_06\._Read_me_Loading_Actions.rtf:Zone.Identifier:$DATA
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LNM6IFB\goodnews;site=thegrio;sect=goodnews;!c=goodnews;pageid=383;tandomad=none;pm=1;dcopt=ist;pos=1;tile=1;sz=728x90,970x66;ord=767579324883[1]1]
==============================================
>Hooks
==============================================
Key object-->ParseProcedure, Type: Kernel Object [klmd.sys]
ntkrnlpa.exe+0x00222CF3, Type: Inline - RelativeJump 0x82C69CF3-->8EE67012 [aswSP.SYS]
ntkrnlpa.exe-->NtCreateSection, Type: Inline - RelativeJump 0x82C77D63-->8EE699D6 [aswSP.SYS]
ntkrnlpa.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x82C4FFBF-->8EE655D4 [aswSP.SYS]
[1008]OUTLOOK.EXE-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[1008]OUTLOOK.EXE-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]
[1008]OUTLOOK.EXE-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump 0x763F3162-->00000000 [MSO.DLL]
[1008]OUTLOOK.EXE-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]
[1008]OUTLOOK.EXE-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7120144C-->00000000 [apphelp.dll]
[1132]FlashUtil10i_ActiveX.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x767081B7-->00000000 [unknown_code_page]
[1132]FlashUtil10i_ActiveX.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7672FA61-->00000000 [unknown_code_page]
[1132]FlashUtil10i_ActiveX.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x766ED3AE-->00000000 [unknown_code_page]
[1132]FlashUtil10i_ActiveX.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x766F3581-->00000000 [unknown_code_page]
[1304]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[1304]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]
[1304]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]
[1304]rundll32.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7120144C-->00000000 [apphelp.dll]
[1608]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x763F3162-->00000000 [unknown_code_page]
[1952]BDTUpdateService.exe-->advapi32.dll-->CreateServiceW, Type: IAT modification 0x0042C04C-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77C6178C-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77C617F0-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77C61848-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[1952]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77C61844-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x0042C07C-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x0042C084-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x0042C078-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x0042C070-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61154-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B611E0-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B6118C-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]
[1952]BDTUpdateService.exe-->kernel32.dll-->CreateFileA, Type: IAT modification 0x0042C1B4-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->kernel32.dll-->CreateFileW, Type: IAT modification 0x0042C1D0-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x0042C16C-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x0042C254-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0042C130-->00000000 [apphelp.dll]
[1952]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x738022C4-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x73802240-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x73802298-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D11524-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]
[1952]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D114B4-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D11444-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->RegSetValueExW, Type: IAT modification 0x77D114AC-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x71201284-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x712011D0-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->advapi32.dll-->RegDeleteValueA, Type: IAT modification 0x71201244-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x712011D8-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x7120128C-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x71201268-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x71201288-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x712011DC-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->CopyFileA, Type: IAT modification 0x712012DC-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x712014CC-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x712014D0-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->DeleteFileA, Type: IAT modification 0x712014F4-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x71201448-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7120144C-->00000000 [apphelp.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->MoveFileA, Type: IAT modification 0x71201318-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->MoveFileExA, Type: IAT modification 0x71201444-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x71201310-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x71201314-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->SetFileAttributesA, Type: IAT modification 0x7120132C-->00000000 [AcGenral.dll]
[1952]BDTUpdateService.exe-->wininet.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x71201400-->00000000 [AcGenral.dll]
[2060]OUTLOOK.EXE-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[2060]OUTLOOK.EXE-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]
[2060]OUTLOOK.EXE-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump 0x763F3162-->00000000 [MSO.DLL]
[2060]OUTLOOK.EXE-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]
[2060]OUTLOOK.EXE-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7120144C-->00000000 [apphelp.dll]
[2068]HpqToaster.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x767081B7-->00000000 [unknown_code_page]
[2068]HpqToaster.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7672FA61-->00000000 [unknown_code_page]
[2068]HpqToaster.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x766ED3AE-->00000000 [unknown_code_page]
[2068]HpqToaster.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x766F3581-->00000000 [unknown_code_page]
[2408]taskhost.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x767081B7-->00000000 [unknown_code_page]
[2408]taskhost.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7672FA61-->00000000 [unknown_code_page]
[2408]taskhost.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x766ED3AE-->00000000 [unknown_code_page]
[2408]taskhost.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x766F3581-->00000000 [unknown_code_page]
[2500]OUTLOOK.EXE-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[2500]OUTLOOK.EXE-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]
[2500]OUTLOOK.EXE-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump 0x763F3162-->00000000 [MSO.DLL]
[2500]OUTLOOK.EXE-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]
[2500]OUTLOOK.EXE-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7120144C-->00000000 [apphelp.dll]
[3052]HPWAMain.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x767081B7-->00000000 [unknown_code_page]
[3052]HPWAMain.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7672FA61-->00000000 [unknown_code_page]
[3052]HPWAMain.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x766ED3AE-->00000000 [unknown_code_page]
[3052]HPWAMain.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x766F3581-->00000000 [unknown_code_page]
[3060]QLBCTRL.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x767081B7-->00000000 [unknown_code_page]
[3060]QLBCTRL.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7672FA61-->00000000 [unknown_code_page]
[3060]QLBCTRL.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x766ED3AE-->00000000 [unknown_code_page]
[3060]QLBCTRL.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x766F3581-->00000000 [unknown_code_page]
[3084]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[3084]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]
[3084]rundll32.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x767081B7-->00000000 [unknown_code_page]
[3084]rundll32.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7672FA61-->00000000 [unknown_code_page]
[3084]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]
[3084]rundll32.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x766ED3AE-->00000000 [unknown_code_page]
[3084]rundll32.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x766F3581-->00000000 [unknown_code_page]
[3084]rundll32.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7120144C-->00000000 [apphelp.dll]
[3092]realsched.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x767081B7-->00000000 [unknown_code_page]
[3092]realsched.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7672FA61-->00000000 [unknown_code_page]
[3092]realsched.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x766ED3AE-->00000000 [unknown_code_page]
[3092]realsched.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x766F3581-->00000000 [unknown_code_page]
[3308]OUTLOOK.EXE-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[3308]OUTLOOK.EXE-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]
[3308]OUTLOOK.EXE-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump 0x763F3162-->00000000 [MSO.DLL]
[3308]OUTLOOK.EXE-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]
[3308]OUTLOOK.EXE-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7120144C-->00000000 [apphelp.dll]
[3408]pctsGui.exe-->kernel32.dll-->CreateThread, Type: IAT modification 0x004C0E70-->00000000 [pctsGui.exe]
[3408]pctsGui.exe-->shell32.dll-->kernel32.dll-->QueueUserWorkItem, Type: IAT modification 0x738021C8-->00000000 [pctsGui.exe]
[3408]pctsGui.exe-->user32.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x77D113B0-->00000000 [pctsGui.exe]
[3408]pctsGui.exe-->wininet.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x71201360-->00000000 [pctsGui.exe]
[3416]FGuard.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x767081B7-->00000000 [unknown_code_page]
[3416]FGuard.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7672FA61-->00000000 [unknown_code_page]
[3416]FGuard.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x766ED3AE-->00000000 [unknown_code_page]
[3416]FGuard.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x766F3581-->00000000 [unknown_code_page]
[4068]mswinext.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x767081B7-->00000000 [unknown_code_page]
[4068]mswinext.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7672FA61-->00000000 [unknown_code_page]
[4068]mswinext.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x766ED3AE-->00000000 [unknown_code_page]
[4068]mswinext.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x766F3581-->00000000 [unknown_code_page]
[4324]GoogleToolbarUser_32.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x767081B7-->00000000 [unknown_code_page]
[4324]GoogleToolbarUser_32.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7672FA61-->00000000 [unknown_code_page]
[4324]GoogleToolbarUser_32.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x766ED3AE-->00000000 [unknown_code_page]
[4324]GoogleToolbarUser_32.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x766F3581-->00000000 [unknown_code_page]
[440]pctsSvc.exe-->kernel32.dll-->CreateThread, Type: IAT modification 0x004E7FD4-->00000000 [pctsSvc.exe]
[440]pctsSvc.exe-->shell32.dll-->kernel32.dll-->QueueUserWorkItem, Type: IAT modification 0x738021C8-->00000000 [pctsSvc.exe]
[440]pctsSvc.exe-->user32.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x77D113B0-->00000000 [pctsSvc.exe]
[440]pctsSvc.exe-->wininet.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x71201360-->00000000 [pctsSvc.exe]
[4672]OUTLOOK.EXE-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[4672]OUTLOOK.EXE-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]
[4672]OUTLOOK.EXE-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump 0x763F3162-->00000000 [MSO.DLL]
[4672]OUTLOOK.EXE-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]
[4672]OUTLOOK.EXE-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7120144C-->00000000 [apphelp.dll]
[5148]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x766ECC8F-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->CreateDialogIndirectParamA, Type: Inline - RelativeJump 0x76709110-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->CreateDialogIndirectParamW, Type: Inline - RelativeJump 0x767108AD-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->CreateDialogParamA, Type: Inline - RelativeJump 0x76703E79-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x766E9BFF-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x766F0E51-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7672D29C-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x76714AA7-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7672CF6A-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7671564A-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->EnableWindow, Type: Inline - RelativeJump 0x766EA72E-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->EndDialog, Type: Inline - RelativeJump 0x7671555C-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - RelativeJump 0x766EC09A-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->GetKeyState, Type: Inline - RelativeJump 0x766F4FDA-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->IsDialogMessage, Type: Inline - RelativeJump 0x7670407A-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->IsDialogMessageW, Type: Inline - RelativeJump 0x766F6F06-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->keybd_event, Type: Inline - RelativeJump 0x7673EC9B-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7673EA29-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7673EA4D-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7673E8C9-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7673E9C3-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump 0x76717055-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->SetCursorPos, Type: Inline - RelativeJump 0x7672C1D8-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->SetKeyboardState, Type: Inline - RelativeJump 0x76716B52-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x766F210A-->00000000 [ieframe.dll]
[5148]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x766ECC7B-->00000000 [ieframe.dll]
[5380]svchost.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x757B2BBC-->00000000 [unknown_code_page]
[5380]svchost.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x757B44B1-->00000000 [unknown_code_page]
[5380]svchost.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x757B46B7-->00000000 [unknown_code_page]
[5380]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77C66448-->00000000 [unknown_code_page]
[5380]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C65380-->00000000 [unknown_code_page]
[5380]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x77C65F00-->00000000 [unknown_code_page]
[5608]OUTLOOK.EXE-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[5608]OUTLOOK.EXE-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]
[5608]OUTLOOK.EXE-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump 0x763F3162-->00000000 [MSO.DLL]
[5608]OUTLOOK.EXE-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]
[5608]OUTLOOK.EXE-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7120144C-->00000000 [apphelp.dll]
[5656]explorer.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x757B2BBC-->00000000 [unknown_code_page]
[5656]explorer.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x757B44B1-->00000000 [unknown_code_page]
[5656]explorer.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x757B46B7-->00000000 [unknown_code_page]
[5656]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77C66448-->00000000 [unknown_code_page]
[5656]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C65380-->00000000 [unknown_code_page]
[5656]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x77C65F00-->00000000 [unknown_code_page]
[5812]iexplore.exe-->advapi32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x77C617C0-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->advapi32.dll-->kernel32.dll-->FreeLibrary, Type: IAT modification 0x77C617C8-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->advapi32.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x77C61868-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->advapi32.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x77C6183C-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->gdi32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x77B611D8-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61154-->00000000 [IEShims.dll]
[5812]iexplore.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B611E0-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B6118C-->00000000 [IEShims.dll]
[5812]iexplore.exe-->gdi32.dll-->kernel32.dll-->FreeLibrary, Type: IAT modification 0x77B611B4-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B61144-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61138-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B611A0-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->gdi32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77B61198-->00000000 [IEShims.dll]
[5812]iexplore.exe-->gdi32.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x77B611DC-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x757B2BBC-->00000000 [unknown_code_page]
[5812]iexplore.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x757B44B1-->00000000 [unknown_code_page]
[5812]iexplore.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x757B46B7-->00000000 [unknown_code_page]
[5812]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77C66448-->00000000 [unknown_code_page]
[5812]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C65380-->00000000 [unknown_code_page]
[5812]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x77C65F00-->00000000 [unknown_code_page]
[5812]iexplore.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x738022C4-->00000000 [IEShims.dll]
[5812]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateHardLinkW, Type: IAT modification 0x738021D8-->00000000 [IEShims.dll]
[5812]iexplore.exe-->shell32.dll-->kernel32.dll-->GetBinaryTypeW, Type: IAT modification 0x738022BC-->00000000 [IEShims.dll]
[5812]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileIntW, Type: IAT modification 0x73802254-->00000000 [IEShims.dll]
[5812]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionNamesW, Type: IAT modification 0x73802220-->00000000 [IEShims.dll]
[5812]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionW, Type: IAT modification 0x738022DC-->00000000 [IEShims.dll]
[5812]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x7380224C-->00000000 [IEShims.dll]
[5812]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameA, Type: IAT modification 0x7380225C-->00000000 [IEShims.dll]
[5812]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x738021BC-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x73802248-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x73802240-->00000000 [IEShims.dll]
[5812]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x73802298-->00000000 [IEShims.dll]
[5812]iexplore.exe-->shell32.dll-->kernel32.dll-->ReplaceFileW, Type: IAT modification 0x73802294-->00000000 [IEShims.dll]
[5812]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileSectionW, Type: IAT modification 0x73802218-->00000000 [IEShims.dll]
[5812]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x73802214-->00000000 [IEShims.dll]
[5812]iexplore.exe-->shell32.dll-->ntdll.dll-->NtQueryDirectoryFile, Type: IAT modification 0x73801B64-->00000000 [IEShims.dll]
[5812]iexplore.exe-->shell32.dll-->user32.dll-->CreateDialogParamW, Type: IAT modification 0x73801F54-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->shell32.dll-->user32.dll-->DialogBoxParamW, Type: IAT modification 0x73801E04-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->shell32.dll-->user32.dll-->LoadImageW, Type: IAT modification 0x73801C8C-->00000000 [IEShims.dll]
[5812]iexplore.exe-->shell32.dll-->user32.dll-->MessageBoxIndirectW, Type: IAT modification 0x73801F58-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->shell32.dll-->user32.dll-->PrivateExtractIconsW, Type: IAT modification 0x7380202C-->00000000 [IEShims.dll]
[5812]iexplore.exe-->shell32.dll-->user32.dll-->WinHelpW, Type: IAT modification 0x73801E44-->00000000 [IEShims.dll]
[5812]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x766ECC8F-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->CreateDialogIndirectParamA, Type: Inline - RelativeJump 0x76709110-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->CreateDialogIndirectParamW, Type: Inline - RelativeJump 0x767108AD-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->CreateDialogParamA, Type: Inline - RelativeJump 0x76703E79-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x766E9BFF-->00000000 [ConduitEngine.dll]
[5812]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x766F0E51-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7672D29C-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x76714AA7-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7672CF6A-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7671564A-->00000000 [ConduitEngine.dll]
[5812]iexplore.exe-->user32.dll-->EnableWindow, Type: Inline - RelativeJump 0x766EA72E-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->EndDialog, Type: Inline - RelativeJump 0x7671555C-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - RelativeJump 0x766EC09A-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->GetKeyState, Type: Inline - RelativeJump 0x766F4FDA-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->IsDialogMessage, Type: Inline - RelativeJump 0x7670407A-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->IsDialogMessageW, Type: Inline - RelativeJump 0x766F6F06-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x77D113D4-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D11524-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D113E4-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->user32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x77D11414-->00000000 [IEShims.dll]
[5812]iexplore.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77D1141C-->00000000 [IEShims.dll]
[5812]iexplore.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77D11418-->00000000 [IEShims.dll]
[5812]iexplore.exe-->user32.dll-->kernel32.dll-->FreeLibrary, Type: IAT modification 0x77D114DC-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->user32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x77D114A8-->00000000 [IEShims.dll]
[5812]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x77D11490-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D11398-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D114E4-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->user32.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x77D113D8-->00000000 [PCTBDCore.dll]
[5812]iexplore.exe-->user32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77D11390-->00000000 [IEShims.dll]
[5812]iexplore.exe-->user32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x77D11408-->00000000 [IEShims.dll]
[5812]iexplore.exe-->user32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x77D1152C-->00000000 [IEShims.dll]
[5812]iexplore.exe-->user32.dll-->keybd_event, Type: Inline - RelativeJump 0x7673EC9B-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7673EA29-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7673EA4D-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7673E8C9-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7673E9C3-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump 0x76717055-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->SetCursorPos, Type: Inline - RelativeJump 0x7672C1D8-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->SetKeyboardState, Type: Inline - RelativeJump 0x76716B52-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x766F210A-->00000000 [ieframe.dll]
[5812]iexplore.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x76714B3B-->00000000 [ConduitEngine.dll]
[5812]iexplore.exe-->user32.dll-->TrackPopupMenuEx, Type: Inline - RelativeJump 0x76715F72-->00000000 [ConduitEngine.dll]
[5812]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x766ECC7B-->00000000 [ieframe.dll]
[5916]iexplore.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x757B2BBC-->00000000 [unknown_code_page]
[5916]iexplore.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x757B44B1-->00000000 [unknown_code_page]
[5916]iexplore.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x757B46B7-->00000000 [unknown_code_page]
[5916]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77C66448-->00000000 [unknown_code_page]
[5916]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C65380-->00000000 [unknown_code_page]
[5916]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x77C65F00-->00000000 [unknown_code_page]
[5916]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x766E9BFF-->00000000 [tbSwa0.dll]
[5916]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x766F0E51-->00000000 [ieframe.dll]
[5916]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7672D29C-->00000000 [ieframe.dll]
[5916]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x76714AA7-->00000000 [ieframe.dll]
[5916]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7672CF6A-->00000000 [ieframe.dll]
[5916]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7671564A-->00000000 [tbSwa0.dll]
[5916]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7673EA29-->00000000 [ieframe.dll]
[5916]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7673EA4D-->00000000 [ieframe.dll]
[5916]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7673E8C9-->00000000 [ieframe.dll]
[5916]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7673E9C3-->00000000 [ieframe.dll]
[5916]iexplore.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x76714B3B-->00000000 [tbSwa0.dll]
[5916]iexplore.exe-->user32.dll-->TrackPopupMenuEx, Type: Inline - RelativeJump 0x76715F72-->00000000 [tbSwa0.dll]
[6128]SCServer.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x767081B7-->00000000 [unknown_code_page]
[6128]SCServer.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7672FA61-->00000000 [unknown_code_page]
[6128]SCServer.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x766ED3AE-->00000000 [unknown_code_page]
[6128]SCServer.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x766F3581-->00000000 [unknown_code_page]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Looks like you had a double Alureon infection there, so we will get rid of the remaining.

Not sure why TDSSKiller did not catch the other driver, but we will rid the other.

Go to start > Run copy/paste the following line in the run box and click OK.

cmd /c (dir /oe /a /s "C:\atapi.*") >log.txt&log.txt

Wait until a text file (log.txt) will be open. Please post its content to your reply.

When I follow your directions it opens a black box for a split second then goes away.
If I go to the open the file location and then double click on cmd folder it goes to a black box that says:

Microsoft Windows [Version 6.1.7600]
Copyright 2009 Microsoft Corporation. All rights reserved.

C:\Windows\System32>

Not sure if this is what you are wanting? There is nothing else in the box.

Try this:

dir /oe /a /s "C:\atapi.*" >log.txt && log.txt

No, it says windows cannot find file...

Try this in the Command Processor:

dir /s c:\atapi.* > log.txt && log.txt