no access to secure sites or sending emails

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

lite_fingers

Thread Starter
Joined
Dec 30, 2012
Messages
11
I have had the computer for 5 years only now has the following problems developed

1) I can not access secure web sites including the Windows update site. I have tried with both FireFox and IE 8. In both cases the message is wating for securesite.com and the loading fails due to timing out.

I have no problem accessing unsecured sites

2) At the same time my email server Thunderbird can only receive email but can not send. When attempting to send emails the message is connection to STMP server timed out.

I have tried the recommended fixes with no success

a) cleared SSL
b) checked clock
c) re-registered dll's
d) reset IE to defaults
e) changed ports
f) turned off firewall
g) changed wireless to Proset from Windows and back
h) did straight wired connection to router for internet
i) did a system restore to a time I was still getting and sending emails

I tried to preview post and it failed. Tried to post it failed had to borrow a computer to submit.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 2, 32 bit
Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz, x86 Family 6 Model 15 Stepping 6
Processor Count: 2
RAM: 2045 Mb
Graphics Card: ATI Mobility Radeon X1400, 512 Mb
Hard Drives: C: Total - 110791 MB, Free - 23400 MB;
Motherboard: Intel Corporation, MPAD-MSAE Customer Reference Boards
Antivirus: avast! Antivirus, Updated: Yes, On-Demand Scanner: Enabled
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
I am not sure if this is malware related but lets see what this shows us
follow advice here and post the logs those programs make
 

lite_fingers

Thread Starter
Joined
Dec 30, 2012
Messages
11
As requested


dds scan

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by H at 10:45:37 on 2012-12-30
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.2046.820 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Documents and Settings\H\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: QuickNet BHO: {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - LocalServer32 - <no file>
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [ThpSrv] thpsrv /logon
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [TPSMain] TPSMain.exe
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [EM_EXEC] c:\progra~1\mousew~1\system\EM_EXEC.EXE
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
StartupFolder: c:\docume~1\hendri~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\h\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\hendri~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ndasde~1.lnk - c:\program files\ndas\system\ndasmgmt.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1356329830531
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{1F504DE1-472F-40A1-950C-072851D7A0F7} : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: psfus - psqlpwd.dll
SSODL: sysaplapp - <orphaned>
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\h\application data\mozilla\firefox\profiles\pb9md6rm.default\
FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-12-16 11:30; [email protected]_easiestyoutube; c:\documents and settings\h\application data\mozilla\firefox\profiles\pb9md6rm.default\extensions\[email protected]_easiestyoutube.xpi
FF - ExtSQL: !HIDDEN! 2009-10-12 08:56; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-20 64160]
R0 lfsfilt;NDAS Lean File Sharing Service;c:\windows\system32\drivers\lfsfilt.sys [2009-8-22 329704]
R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2009-8-22 119784]
R0 ndasfs;ndasfs;c:\windows\system32\drivers\ndasfs.sys [2009-8-22 340456]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-5-30 6144]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-2-26 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-9-24 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-6-25 361032]
R1 ndasfat;NDAS FAT File System Service;c:\windows\system32\drivers\ndasfat.sys [2009-8-22 479720]
R1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\drivers\ndasrofs.sys [2009-8-22 787432]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2006-5-18 5888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-25 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-24 44808]
R2 BackupService;BackupService;c:\documents and settings\h\application data\hp simplesave application\uUACTokenSvc.exe [2011-5-1 83512]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2006-5-18 126976]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-5-10 110592]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-5-10 1858048]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-5-10 482304]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-5-18 35968]
R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2009-8-22 385512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9b92f7886483c;Google Update Service (gupdate1c9b92f7886483c);c:\program files\google\update\GoogleUpdate.exe [2009-4-9 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-19 1684736]
S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2009-8-22 378344]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-7-17 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: QPW.EXE: open="c:\corel\suite8\programs\QPW.EXE"
ShellExec: QPW.EXE: print="c:\corel\suite8\programs\QPW.EXE"
.
=============== Created Last 30 ================
.
2012-12-29 01:25:23 87552 ----a-w- c:\windows\system32\iecont.dll
2012-12-24 04:31:45 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-12-24 04:31:41 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-12-24 04:31:37 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-12-24 04:31:33 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-12-24 04:31:29 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-12-24 04:29:40 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-12-24 04:29:35 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-12-24 04:29:32 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-12-24 04:29:22 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2012-12-24 04:29:21 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-12-24 04:27:59 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys
2012-12-24 04:26:59 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2012-12-24 04:25:58 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2012-12-24 04:24:57 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2012-12-24 04:23:58 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2012-12-24 04:22:57 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2012-12-24 04:21:59 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2012-12-24 04:20:56 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2012-12-24 04:19:56 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-12-24 04:18:58 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2012-12-24 04:17:57 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2012-12-24 04:16:59 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2012-12-24 04:15:59 7552 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2012-12-24 04:14:59 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2012-12-24 04:13:52 4274816 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2012-12-24 04:12:58 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2012-12-24 04:11:59 111104 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe
2012-12-24 04:11:55 1309184 -c--a-w- c:\windows\system32\dllcache\mtlstrm.sys
2012-12-24 04:11:55 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
2012-12-24 04:11:40 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2012-12-24 04:11:39 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2012-12-24 04:11:31 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-12-24 04:11:08 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-12-24 04:11:05 40960 -c--a-w- c:\windows\system32\dllcache\msiregmv.exe
2012-12-24 04:11:04 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-12-24 04:09:58 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2012-12-24 04:08:59 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2012-12-24 04:07:59 35328 -c--a-w- c:\windows\system32\dllcache\iprip.dll
2012-12-24 04:06:57 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2012-12-24 04:05:58 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2012-12-24 04:04:59 39936 -c--a-w- c:\windows\system32\dllcache\hostmib.dll
2012-12-24 04:03:58 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2012-12-24 04:02:58 72192 -c--a-w- c:\windows\system32\dllcache\es1969.sys
2012-12-24 04:01:58 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2012-12-24 04:00:59 24064 -c--a-w- c:\windows\system32\dllcache\devldr32.exe
2012-12-24 03:59:58 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
2012-12-24 03:58:59 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys
2012-12-24 03:57:59 34735 -c--a-w- c:\windows\system32\dllcache\ati1xsxx.sys
2012-12-24 03:56:58 32827 -c--a-w- c:\windows\system32\dllcache\tcptest.exe
2012-12-24 02:32:12 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-12-24 02:32:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-24 02:28:44 -------- d-----w- c:\documents and settings\h\application data\VSRevoGrouph
2012-12-23 17:14:35 -------- d-sh--w- c:\documents and settings\h\IECompatCache
2012-12-23 05:42:34 -------- d-----w- c:\documents and settings\h\application data\DriverCure
2012-12-22 14:48:54 -------- d-sh--w- c:\documents and settings\h\PrivacIE
2012-12-22 14:45:00 -------- d-sh--w- c:\documents and settings\h\IETldCache
2012-12-22 07:46:10 -------- dc-h--w- c:\windows\ie8
2012-12-11 00:40:15 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2012-12-29 00:56:34 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-29 00:56:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-09 03:49:30 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-09 03:49:22 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-09 03:49:19 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-09 03:49:19 746984 -c--a-w- c:\windows\system32\deployJava1.dll
2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51:56 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr
2009-09-20 18:13:37 157696 -c--a-w- c:\program files\JavaRa.exe
2002-01-18 22:50:52 398848 -c--a-w- c:\program files\ReActiva.exe
.
============= FINISH: 10:46:44.64 ===============

Highjack log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:41:05 AM, on 30/12/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\H\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: QuickNet - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'SYSTEM')
O4 - .DEFAULT Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1356329830531
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: sysaplapp - {2F2BAF08-F215-5FF7-59B0-015013542A3F} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BackupService - ArcSoft, Inc. - C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9b92f7886483c) (gupdate1c9b92f7886483c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

--
End of file - 12858 bytes

DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 30/05/2007 2:32:30 PM
System Uptime: 29/12/2012 11:27:17 PM (11 hours ago)
.
Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz | U1 | 2161/mhz
Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz | U1 | 2161/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 108 GiB total, 22.699 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10408086&REV_02\4&2803E7C1&0&00E2
Manufacturer: Intel Corporation
Name: Intel(R) PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10408086&REV_02\4&2803E7C1&0&00E2
Service: NETw5x32
.
==== System Restore Points ===================
.
RP1470: 08/11/2012 1:00:56 AM - System Checkpoint
RP1471: 08/11/2012 10:49:05 PM - Installed Java 7 Update 9
RP1472: 09/11/2012 11:40:24 PM - System Checkpoint
RP1473: 10/11/2012 11:44:29 PM - System Checkpoint
RP1474: 12/11/2012 4:41:48 PM - System Checkpoint
RP1475: 13/11/2012 6:21:44 PM - System Checkpoint
RP1476: 14/11/2012 11:23:50 PM - System Checkpoint
RP1477: 15/11/2012 11:32:14 PM - System Checkpoint
RP1478: 17/11/2012 1:14:30 AM - System Checkpoint
RP1479: 18/11/2012 7:20:31 PM - System Checkpoint
RP1480: 19/11/2012 8:34:03 PM - System Checkpoint
RP1481: 22/11/2012 1:07:55 PM - System Checkpoint
RP1482: 24/11/2012 1:45:32 AM - System Checkpoint
RP1483: 25/11/2012 8:13:46 PM - System Checkpoint
RP1484: 26/11/2012 9:07:15 PM - System Checkpoint
RP1485: 27/11/2012 9:51:29 PM - System Checkpoint
RP1486: 28/11/2012 11:09:15 PM - System Checkpoint
RP1487: 30/11/2012 12:29:34 AM - System Checkpoint
RP1488: 01/12/2012 2:42:00 AM - System Checkpoint
RP1489: 01/12/2012 3:21:05 AM - Made by Regsofts
RP1490: 01/12/2012 3:28:19 AM - Made by Regsofts
RP1491: 02/12/2012 5:24:57 PM - System Checkpoint
RP1492: 03/12/2012 8:24:03 PM - System Checkpoint
RP1493: 04/12/2012 8:24:31 PM - System Checkpoint
RP1494: 05/12/2012 8:35:43 PM - System Checkpoint
RP1495: 08/12/2012 4:29:24 PM - System Checkpoint
RP1496: 10/12/2012 2:31:06 PM - System Checkpoint
RP1497: 12/12/2012 9:34:45 AM - System Checkpoint
RP1498: 13/12/2012 4:12:10 PM - System Checkpoint
RP1499: 14/12/2012 2:47:09 AM - Made by Regsofts
RP1500: 14/12/2012 3:08:33 AM - Made by Regsofts
RP1501: 15/12/2012 11:09:31 PM - System Checkpoint
RP1502: 16/12/2012 1:54:28 AM - Made by Regsofts
RP1503: 17/12/2012 10:39:26 AM - System Checkpoint
RP1504: 18/12/2012 2:31:03 PM - System Checkpoint
RP1505: 21/12/2012 10:41:51 AM - System Checkpoint
RP1506: 21/12/2012 2:54:49 PM - Made by Regsofts
RP1507: 21/12/2012 7:14:12 PM - Installed Java 7 Update 10
RP1508: 22/12/2012 2:47:18 AM - Installed Windows Internet Explorer 8.
RP1509: 22/12/2012 4:53:44 PM - Installed Microsoft Fix it 50102
RP1510: 23/12/2012 1:00:54 AM - Made by Regsofts
RP1511: 23/12/2012 1:48:20 AM - Made by Regsofts
RP1512: 23/12/2012 9:27:26 PM - Restore Operation
RP1513: 24/12/2012 12:52:22 AM - Made by Regsofts
RP1514: 24/12/2012 12:58:26 AM - Revo Uninstaller's restore point - Eusing Cleaner
RP1515: 25/12/2012 1:31:32 AM - System Checkpoint
RP1516: 26/12/2012 10:52:46 AM - System Checkpoint
RP1517: 27/12/2012 9:17:56 PM - System Checkpoint
RP1518: 29/12/2012 1:07:09 AM - Made by Regsofts
RP1519: 29/12/2012 1:13:40 AM - Made by Regsofts
RP1520: 29/12/2012 1:57:15 AM - Made by Regsofts
RP1521: 29/12/2012 2:12:34 AM - Made by Regsofts
RP1522: 29/12/2012 2:25:16 AM - Revo Uninstaller's restore point - Ask Toolbar
RP1523: 29/12/2012 2:25:36 AM - Removed Ask Toolbar.
RP1524: 29/12/2012 2:22:40 PM - Removed Canon Camera WIA Driver
RP1525: 29/12/2012 2:23:14 PM - Removed Canon Camera WIA Driver
RP1526: 29/12/2012 10:02:06 PM - Installed Windows Internet Explorer 8.
.
==== Installed Programs ======================
.
Adobe Acrobat 8 Standard
Adobe Acrobat 6.0 Professional - English, Français, Deutsch
Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat 8.3.1 - CPSID_83708
Adobe Acrobat 8.3.1 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 6.0
Adobe Reader 7.0.5
Adobe SVG Viewer
aiofw
aioprnt
aioscnnr
Anti-Twin (Installation 05/09/2011)
Apple Application Support
ArcSoft Panorama Maker 5
ArcSoft PhotoStudio 5.5
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoCAD 2000
AutoCAD 2000 Migration Assistance
AutoUpdate
avast! Pro Antivirus
Bluetooth Stack for Windows by Toshiba
Bonjour
C4USelfUpdater
Canon Camera WIA Driver
Canon Camera WIA Driver 6.2.5
Canon CanoScan Toolbox 4.6
CD/DVD Drive Acoustic Silencer
center
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Dropbox
DVD-RAM Driver
Encom Compass Scout
Encom Discover 9.0
ESRI ArcExplorer 2.0
Free Window Registry Repair
Garmin Trip and Waypoint Manager v4
Geosoft Plug-In for MapInfo
Google Earth
Google Update Helper
GPSBabel 1.4.2
GPSU version 5.00
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel PROSet Wireless
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless WiFi Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 23
KODAK AiO Home Center
ksDIP
LSI V92 MOH Application
Manual CanoScan 4200F
MapImagery
MapInfo Professional 8.0
MapInfo Professional Data
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MouseWare 9.60
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0 (x86 en-US)
mProSafe
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MSXML4SP2
mWlsSafe
NDAS Software 3.61.2056
Nikon Message Center 2
OmniPage SE 2.0
OpenOffice.org 3.0
PreReq
Protector Suite 5.4
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Revo Uninstaller 1.91
SD Secure Module
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
SES Driver
Skype™ 6.0
SMSC IrCC V5.1.3600.9
Soap 3.0 Toolkit
Sonic DLA
Sonic RecordNow!
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA HDD Protection
TOSHIBA Hotkey Utility
TOSHIBA Mobile Extension3 for Windows XP V3.79.00.XP.C
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
Toshiba Tbiosdrv Driver
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Zooming Utility
UFile 2009
UFile 2010
UFile 2011
UFile Updater 2010
UFile Updater 2011
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.6195
ViewNX 2
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD SmartWare
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Winmail Reader 1.1.12
WinZip 15.5
.
==== Event Viewer Messages From Past Week ========
.
30/12/2012 3:15:35 AM, error: NetDDE [206] - Listen failed: 09: No resource was available.
30/12/2012 1:43:22 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
29/12/2012 3:21:37 PM, error: NetDDE [213] - Unknown Error Code returned by Lana number 0 while adding node name to network: 0x23
29/12/2012 3:21:37 PM, error: NetDDE [206] - Listen failed: 01: An illegal buffer length was supplied.
29/12/2012 2:10:45 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0019D2BA716E. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
29/12/2012 12:19:03 PM, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 340 (0x154).
28/12/2012 3:30:33 PM, error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The system cannot find the file specified.
28/12/2012 3:30:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Net.Tcp Port Sharing Service service to connect.
28/12/2012 3:30:33 PM, error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/12/2012 7:35:27 PM, error: NetDDE [211] - NetBIOS Adapter Status Query on Lana number 0 failed: 0x23
26/12/2012 1:45:25 PM, error: NetDDE [213] - Unknown Error Code returned by Lana number 1 while adding node name to network: 0x23
26/12/2012 1:37:33 PM, error: Service Control Manager [7024] - The Messenger service terminated with service-specific error 2270 (0x8DE).
26/12/2012 1:37:19 PM, error: NetDDE [206] - Listen failed: 15:
26/12/2012 1:37:11 PM, error: NetDDE [206] - Listen failed: 08: The session number was out of range.
24/12/2012 4:28:31 PM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.
23/12/2012 4:55:14 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
.
==== End Of File ===========================


GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-12-30 22:45:42

Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC7DP

Running: 4bbgjohu.exe; Driver: C:\DOCUME~1\HENDRI~1\LOCALS~1\Temp\pwlcipoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA959F4BA]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA96C4C22]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA959FED6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA95E1811]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA95AAFA8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA95AAFF4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA95AB176]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA95E11C5]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA95AAF16]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA95AB038]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA95AAF5E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA95A011C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA95AB130]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA95A093E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA959F508]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA95E1ED7]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA95E218D]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA95A41C2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA95E1D42]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA95E1BAD]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA96C4CEA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA959F170]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA959F556]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA95A4534]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA95A13A6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA95AAFD2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA95AB016]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA95AB19A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA95E1521]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA95AAF3C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA95A3C3E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA95AB0BA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA95AAF86]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA95A3F14]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA95AB154]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA96C4E4A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA95E1A28]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA95A1272]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA95E187A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA95A0DD4]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA96D17D2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA95E0838]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA959F5A4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA959F5F2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA95A07BE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA959F1FA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA959F3AA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA95E1FDE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA959F350]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA95A0AF8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA95A0C54]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA959F41A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA95A04D4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA95A0636]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA96C341C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA959F640]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA959FF1A]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA96DDE56]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 1C2 804E4A1C 4 Bytes JMP DAA96C4C

.text ntoskrnl.exe!ZwYieldExecution + 3C2 804E4C1C 12 Bytes [A4, F5, 59, A9, F2, F5, 59, ...]

.text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CC4 12 Bytes [F8, 0A, 5A, A9, 54, 0C, 5A, ...] {CLC ; OR BL, [EDX-0x57]; PUSH ESP; OR AL, 0x5a; TEST EAX, 0xa959f41a}

PAGE ntoskrnl.exe!ObInsertObject 8056DBBF 5 Bytes JMP A96DC810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80576BAE 4 Bytes CALL A95A1A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

PAGE ntoskrnl.exe!ZwCreateProcessEx 8058C938 7 Bytes JMP A96DDE5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E38C6 5 Bytes JMP A96DACF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

.text win32k.sys!EngFreeUserMem + 674 BF809B45 5 Bytes JMP A95A5B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFreeUserMem + 35D0 BF80CAA1 5 Bytes JMP A95A5A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSurface + 45 BF80FBC0 5 Bytes JMP A95A59F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11F0 BF81C962 5 Bytes JMP A95A50A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngPaint + 4EF BF8255ED 5 Bytes JMP A95A47C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + 1E5F BF8341A1 5 Bytes JMP A95A5CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + 237D BF8346BF 5 Bytes JMP A95A58FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + 4564 BF8368A6 5 Bytes JMP A95A5EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + EE3F BF841181 5 Bytes JMP A95A4834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!FONTOBJ_pxoGetXform + DE42 BF85AD4E 5 Bytes JMP A95A4688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngMulDiv + B5F2 BF8670A0 5 Bytes JMP A95A5090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + 3474 BF87111B 5 Bytes JMP A95A4C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + 34FF BF8711A6 4 Bytes JMP A95A4EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBlt + 35C1 BF87593B 5 Bytes JMP A95A5A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGetCurrentCodePage + 35FB BF894195 5 Bytes JMP A95A4CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGetCurrentCodePage + 411E BF894CB8 5 Bytes JMP A95A4E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGetLastError + 1606 BF8B1EF6 5 Bytes JMP A95A5182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGradientFill + 3AA1 BF8B6854 5 Bytes JMP A95A5BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBltROP + 33F7 BF8BA1A0 5 Bytes JMP A95A516A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBltROP + 34B7 BF8BA260 5 Bytes JMP A95A4670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBltROP + 8A22 BF8BF7CB 5 Bytes JMP A95A5E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngAlphaBlend + 3E8 BF8C333C 4 Bytes JMP A95A4944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 1517 BF8EB97D 5 Bytes JMP A95A4A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 1797 BF8EBBFD 5 Bytes JMP A95A4B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + B223 BF8F5689 5 Bytes JMP A95A50C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F9A43 5 Bytes JMP A95A456A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 19C1 BF913245 5 Bytes JMP A95A4760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 2595 BF913E19 5 Bytes JMP A95A48F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 4EF4 BF916778 5 Bytes JMP A95A4FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngPlgBlt + 18EC BF94468A 5 Bytes JMP A95A5D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[148] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[148] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[252] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[252] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\agrsmsvc.exe[264] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\agrsmsvc.exe[264] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\System32\alg.exe[268] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\System32\alg.exe[268] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe[316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe[316] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\RAMASST.exe[428] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

.text C:\WINDOWS\system32\RAMASST.exe[428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\RAMASST.exe[428] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

.text C:\WINDOWS\system32\RAMASST.exe[428] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[516] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[516] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[516] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\Ati2evxx.exe[580] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\Ati2evxx.exe[580] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[616] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[616] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[676] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[676] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\Explorer.EXE[680] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\clipsrv.exe[756] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\clipsrv.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\TPSMain.exe[836] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\WINDOWS\system32\TPSMain.exe[836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\TPSMain.exe[836] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\WINDOWS\system32\TPSMain.exe[836] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00B31014

.text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00B30804

.text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00B30A08

.text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00B30C0C

.text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00B30E10

.text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00B301F8

.text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 00B303FC

.text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00B30600

.text C:\WINDOWS\System32\smss.exe[852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\ltmoh\Ltmoh.exe[872] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Program Files\ltmoh\Ltmoh.exe[872] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\ltmoh\Ltmoh.exe[872] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Program Files\ltmoh\Ltmoh.exe[872] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\TPSBattM.exe[900] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

.text C:\WINDOWS\system32\TPSBattM.exe[900] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\TPSBattM.exe[900] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

.text C:\WINDOWS\system32\TPSBattM.exe[900] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[932] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[932] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\csrss.exe[944] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\csrss.exe[944] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[980] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\services.exe[1032] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\services.exe[1032] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\lsass.exe[1052] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\lsass.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\thpsrv.exe[1200] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\thpsrv.exe[1200] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\Ati2evxx.exe[1288] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\Ati2evxx.exe[1288] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\spoolsv.exe[1352] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\spoolsv.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\DVDRAMSV.exe[1384] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\DVDRAMSV.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1432] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE[1480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE[1480] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[1500] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\RTHDCPL.EXE[1572] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

.text C:\WINDOWS\RTHDCPL.EXE[1572] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\RTHDCPL.EXE[1572] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

.text C:\WINDOWS\RTHDCPL.EXE[1572] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 02561014

.text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 02560804

.text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 02560A08

.text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 02560C0C

.text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 02560E10

.text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 025601F8

.text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 025603FC

.text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 02560600

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1644] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1644] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

.text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

.text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 01060A08

.text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 01060804

.text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 01060600

.text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 010601F8

.text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 010603FC

.text C:\WINDOWS\system32\svchost.exe[1824] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[1916] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\ctfmon.exe[1916] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[1916] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\ctfmon.exe[1916] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 009B1014

.text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 009B0804

.text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 009B0A08

.text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 009B0C0C

.text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 009B0E10

.text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 009B01F8

.text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 009B03FC

.text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 009B0600

.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Bonjour\mDNSResponder.exe[1960] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Bonjour\mDNSResponder.exe[1960] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\netdde.exe[1968] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\netdde.exe[1968] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[2120] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[2120] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Java\jre7\bin\jqs.exe[2172] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Java\jre7\bin\jqs.exe[2172] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[2256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[2256] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\NDAS\System\ndassvc.exe[2328] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\NDAS\System\ndassvc.exe[2328] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[2360] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[2360] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\NDAS\System\ndasmgmt.exe[2580] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002B01F8

.text C:\Program Files\NDAS\System\ndasmgmt.exe[2580] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\NDAS\System\ndasmgmt.exe[2580] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002B03FC

.text C:\Program Files\NDAS\System\ndasmgmt.exe[2580] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003D0A08

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003D0804

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003D0600

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003D01F8

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003D03FC

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003E1014

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003E0804

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003E0A08

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003E0C0C

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003E0E10

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003E01F8

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003E03FC

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003E0600

.text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2868] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2868] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 01280A08

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 01280804

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 01280600

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 012801F8

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 012803FC

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00DF1014

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00DF0804

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00DF0A08

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00DF0C0C

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00DF0E10

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00DF01F8

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 00DF03FC

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00DF0600

.text C:\Program Files\WinZip\WZQKPICK.EXE[2976] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Program Files\WinZip\WZQKPICK.EXE[2976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\WinZip\WZQKPICK.EXE[2976] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Program Files\WinZip\WZQKPICK.EXE[2976] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003801F8

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003803FC

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 01131014

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 01130804

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 01130A08

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 01130C0C

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 01130E10

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 011301F8

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 011303FC

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 01130600

.text C:\WINDOWS\system32\svchost.exe[3060] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[3060] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[3060] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[3060] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 008E1014

.text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 008E0804

.text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 008E0A08

.text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 008E0C0C

.text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 008E0E10

.text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 008E01F8

.text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 008E03FC

.text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 008E0600

.text C:\WINDOWS\system32\ThpSrv.exe[3084] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\WINDOWS\system32\ThpSrv.exe[3084] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\ThpSrv.exe[3084] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\WINDOWS\system32\ThpSrv.exe[3084] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 01931014

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 01930804

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 01930A08

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 01930C0C

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 01930E10

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 019301F8

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 019303FC

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 01930600

.text C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE[3184] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE[3184] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE[3184] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE[3184] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002A01F8

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002A03FC

.text C:\WINDOWS\system32\wdfmgr.exe[3188] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00711014

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00710804

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00710A08

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00710C0C

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00710E10

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 007101F8

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 007103FC

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00710600

.text C:\WINDOWS\System32\vssvc.exe[3244] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002B01F8

.text C:\WINDOWS\System32\vssvc.exe[3244] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\System32\vssvc.exe[3244] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002B03FC

.text C:\WINDOWS\System32\vssvc.exe[3244] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003F1014

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003F0804

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003F0A08

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003F0C0C

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003F0E10

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003F01F8

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003F03FC

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003F0600

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00AA0A08

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00AA0804

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00AA0600

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 00AA01F8

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 00AA03FC

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 01751014

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 01750804

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 01750A08

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 01750C0C

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 01750E10

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 017501F8

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 017503FC

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 01750600

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 04DB1014

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 04DB0804

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 04DB0A08

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 04DB0C0C

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 04DB0E10

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 04DB01F8

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 04DB03FC

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 04DB0600

.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[3612] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[3612] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[3612] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[3612] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00DC1014

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00DC0804

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00DC0A08

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00DC0C0C

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00DC0E10

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00DC01F8

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 00DC03FC

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00DC0600

.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3672] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3672] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3672] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3672] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002701F8

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002703FC

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 02760A08

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 02760804

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 02760600

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 027601F8

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 027603FC

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003E1014

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003E0804

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003E0A08

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003E0C0C

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003E0E10

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003E01F8

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003E03FC

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003E0600

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

Device ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)

Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)

Device DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\ndasrofs \Device\NdasRofsControl ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

Device A5ADBC8A

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs A5B30400

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

Device ndasrofs.sys (NDAS RO File System Driver/XIMETA, Inc.)

---- Files - GMER 1.0.15 ----

File C:\avast! sandbox 0 bytes

File C:\avast! sandbox\S-1-5-21-1553018746-3710091088-2946514685-1005 0 bytes

File C:\avast! sandbox\S-1-5-21-1553018746-3710091088-2946514685-1005\sfzone 0 bytes

File C:\avast! sandbox\S-1-5-21-1553018746-3710091088-2946514685-1005\sfzone\C 0 bytes

File C:\avast! sandbox\S-1-5-21-1553018746-3710091088-2946514685-1005\sfzone\snx_fs.dat 180 bytes

File C:\avast! sandbox\snx_rhive 1310720 bytes

File C:\avast! sandbox\snx_rhive.LOG 1024 bytes

---- EOF - GMER 1.0.15 ----
 

lite_fingers

Thread Starter
Joined
Dec 30, 2012
Messages
11
As requested


dds scan

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by H at 10:45:37 on 2012-12-30
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.2046.820 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Documents and Settings\H\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: QuickNet BHO: {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - LocalServer32 - <no file>
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [ThpSrv] thpsrv /logon
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [TPSMain] TPSMain.exe
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [EM_EXEC] c:\progra~1\mousew~1\system\EM_EXEC.EXE
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
StartupFolder: c:\docume~1\hendri~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\h\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\hendri~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ndasde~1.lnk - c:\program files\ndas\system\ndasmgmt.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1356329830531
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{1F504DE1-472F-40A1-950C-072851D7A0F7} : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: psfus - psqlpwd.dll
SSODL: sysaplapp - <orphaned>
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\h\application data\mozilla\firefox\profiles\pb9md6rm.default\
FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-12-16 11:30; [email protected]_easiestyoutube; c:\documents and settings\h\application data\mozilla\firefox\profiles\pb9md6rm.default\extensions\[email protected]_easiestyoutube.xpi
FF - ExtSQL: !HIDDEN! 2009-10-12 08:56; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-20 64160]
R0 lfsfilt;NDAS Lean File Sharing Service;c:\windows\system32\drivers\lfsfilt.sys [2009-8-22 329704]
R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2009-8-22 119784]
R0 ndasfs;ndasfs;c:\windows\system32\drivers\ndasfs.sys [2009-8-22 340456]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-5-30 6144]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-2-26 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-9-24 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-6-25 361032]
R1 ndasfat;NDAS FAT File System Service;c:\windows\system32\drivers\ndasfat.sys [2009-8-22 479720]
R1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\drivers\ndasrofs.sys [2009-8-22 787432]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2006-5-18 5888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-25 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-24 44808]
R2 BackupService;BackupService;c:\documents and settings\h\application data\hp simplesave application\uUACTokenSvc.exe [2011-5-1 83512]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2006-5-18 126976]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-5-10 110592]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-5-10 1858048]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-5-10 482304]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-5-18 35968]
R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2009-8-22 385512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9b92f7886483c;Google Update Service (gupdate1c9b92f7886483c);c:\program files\google\update\GoogleUpdate.exe [2009-4-9 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-19 1684736]
S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2009-8-22 378344]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-7-17 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: QPW.EXE: open="c:\corel\suite8\programs\QPW.EXE"
ShellExec: QPW.EXE: print="c:\corel\suite8\programs\QPW.EXE"
.
=============== Created Last 30 ================
.
2012-12-29 01:25:23 87552 ----a-w- c:\windows\system32\iecont.dll
2012-12-24 04:31:45 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-12-24 04:31:41 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-12-24 04:31:37 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-12-24 04:31:33 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-12-24 04:31:29 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-12-24 04:29:40 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-12-24 04:29:35 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-12-24 04:29:32 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-12-24 04:29:22 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2012-12-24 04:29:21 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-12-24 04:27:59 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys
2012-12-24 04:26:59 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2012-12-24 04:25:58 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2012-12-24 04:24:57 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2012-12-24 04:23:58 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2012-12-24 04:22:57 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2012-12-24 04:21:59 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2012-12-24 04:20:56 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2012-12-24 04:19:56 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-12-24 04:18:58 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2012-12-24 04:17:57 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2012-12-24 04:16:59 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2012-12-24 04:15:59 7552 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2012-12-24 04:14:59 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2012-12-24 04:13:52 4274816 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2012-12-24 04:12:58 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2012-12-24 04:11:59 111104 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe
2012-12-24 04:11:55 1309184 -c--a-w- c:\windows\system32\dllcache\mtlstrm.sys
2012-12-24 04:11:55 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
2012-12-24 04:11:40 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2012-12-24 04:11:39 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2012-12-24 04:11:31 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-12-24 04:11:08 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-12-24 04:11:05 40960 -c--a-w- c:\windows\system32\dllcache\msiregmv.exe
2012-12-24 04:11:04 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-12-24 04:09:58 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2012-12-24 04:08:59 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2012-12-24 04:07:59 35328 -c--a-w- c:\windows\system32\dllcache\iprip.dll
2012-12-24 04:06:57 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2012-12-24 04:05:58 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2012-12-24 04:04:59 39936 -c--a-w- c:\windows\system32\dllcache\hostmib.dll
2012-12-24 04:03:58 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2012-12-24 04:02:58 72192 -c--a-w- c:\windows\system32\dllcache\es1969.sys
2012-12-24 04:01:58 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2012-12-24 04:00:59 24064 -c--a-w- c:\windows\system32\dllcache\devldr32.exe
2012-12-24 03:59:58 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
2012-12-24 03:58:59 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys
2012-12-24 03:57:59 34735 -c--a-w- c:\windows\system32\dllcache\ati1xsxx.sys
2012-12-24 03:56:58 32827 -c--a-w- c:\windows\system32\dllcache\tcptest.exe
2012-12-24 02:32:12 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-12-24 02:32:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-24 02:28:44 -------- d-----w- c:\documents and settings\h\application data\VSRevoGrouph
2012-12-23 17:14:35 -------- d-sh--w- c:\documents and settings\h\IECompatCache
2012-12-23 05:42:34 -------- d-----w- c:\documents and settings\h\application data\DriverCure
2012-12-22 14:48:54 -------- d-sh--w- c:\documents and settings\h\PrivacIE
2012-12-22 14:45:00 -------- d-sh--w- c:\documents and settings\h\IETldCache
2012-12-22 07:46:10 -------- dc-h--w- c:\windows\ie8
2012-12-11 00:40:15 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2012-12-29 00:56:34 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-29 00:56:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-09 03:49:30 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-09 03:49:22 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-09 03:49:19 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-09 03:49:19 746984 -c--a-w- c:\windows\system32\deployJava1.dll
2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51:56 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr
2009-09-20 18:13:37 157696 -c--a-w- c:\program files\JavaRa.exe
2002-01-18 22:50:52 398848 -c--a-w- c:\program files\ReActiva.exe
.
============= FINISH: 10:46:44.64 ===============

Highjack log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:41:05 AM, on 30/12/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\H\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: QuickNet - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'SYSTEM')
O4 - .DEFAULT Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1356329830531
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: sysaplapp - {2F2BAF08-F215-5FF7-59B0-015013542A3F} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BackupService - ArcSoft, Inc. - C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9b92f7886483c) (gupdate1c9b92f7886483c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

--
End of file - 12858 bytes

DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 30/05/2007 2:32:30 PM
System Uptime: 29/12/2012 11:27:17 PM (11 hours ago)
.
Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz | U1 | 2161/mhz
Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz | U1 | 2161/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 108 GiB total, 22.699 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10408086&REV_02\4&2803E7C1&0&00E2
Manufacturer: Intel Corporation
Name: Intel(R) PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10408086&REV_02\4&2803E7C1&0&00E2
Service: NETw5x32
.
==== System Restore Points ===================
.
RP1470: 08/11/2012 1:00:56 AM - System Checkpoint
RP1471: 08/11/2012 10:49:05 PM - Installed Java 7 Update 9
RP1472: 09/11/2012 11:40:24 PM - System Checkpoint
RP1473: 10/11/2012 11:44:29 PM - System Checkpoint
RP1474: 12/11/2012 4:41:48 PM - System Checkpoint
RP1475: 13/11/2012 6:21:44 PM - System Checkpoint
RP1476: 14/11/2012 11:23:50 PM - System Checkpoint
RP1477: 15/11/2012 11:32:14 PM - System Checkpoint
RP1478: 17/11/2012 1:14:30 AM - System Checkpoint
RP1479: 18/11/2012 7:20:31 PM - System Checkpoint
RP1480: 19/11/2012 8:34:03 PM - System Checkpoint
RP1481: 22/11/2012 1:07:55 PM - System Checkpoint
RP1482: 24/11/2012 1:45:32 AM - System Checkpoint
RP1483: 25/11/2012 8:13:46 PM - System Checkpoint
RP1484: 26/11/2012 9:07:15 PM - System Checkpoint
RP1485: 27/11/2012 9:51:29 PM - System Checkpoint
RP1486: 28/11/2012 11:09:15 PM - System Checkpoint
RP1487: 30/11/2012 12:29:34 AM - System Checkpoint
RP1488: 01/12/2012 2:42:00 AM - System Checkpoint
RP1489: 01/12/2012 3:21:05 AM - Made by Regsofts
RP1490: 01/12/2012 3:28:19 AM - Made by Regsofts
RP1491: 02/12/2012 5:24:57 PM - System Checkpoint
RP1492: 03/12/2012 8:24:03 PM - System Checkpoint
RP1493: 04/12/2012 8:24:31 PM - System Checkpoint
RP1494: 05/12/2012 8:35:43 PM - System Checkpoint
RP1495: 08/12/2012 4:29:24 PM - System Checkpoint
RP1496: 10/12/2012 2:31:06 PM - System Checkpoint
RP1497: 12/12/2012 9:34:45 AM - System Checkpoint
RP1498: 13/12/2012 4:12:10 PM - System Checkpoint
RP1499: 14/12/2012 2:47:09 AM - Made by Regsofts
RP1500: 14/12/2012 3:08:33 AM - Made by Regsofts
RP1501: 15/12/2012 11:09:31 PM - System Checkpoint
RP1502: 16/12/2012 1:54:28 AM - Made by Regsofts
RP1503: 17/12/2012 10:39:26 AM - System Checkpoint
RP1504: 18/12/2012 2:31:03 PM - System Checkpoint
RP1505: 21/12/2012 10:41:51 AM - System Checkpoint
RP1506: 21/12/2012 2:54:49 PM - Made by Regsofts
RP1507: 21/12/2012 7:14:12 PM - Installed Java 7 Update 10
RP1508: 22/12/2012 2:47:18 AM - Installed Windows Internet Explorer 8.
RP1509: 22/12/2012 4:53:44 PM - Installed Microsoft Fix it 50102
RP1510: 23/12/2012 1:00:54 AM - Made by Regsofts
RP1511: 23/12/2012 1:48:20 AM - Made by Regsofts
RP1512: 23/12/2012 9:27:26 PM - Restore Operation
RP1513: 24/12/2012 12:52:22 AM - Made by Regsofts
RP1514: 24/12/2012 12:58:26 AM - Revo Uninstaller's restore point - Eusing Cleaner
RP1515: 25/12/2012 1:31:32 AM - System Checkpoint
RP1516: 26/12/2012 10:52:46 AM - System Checkpoint
RP1517: 27/12/2012 9:17:56 PM - System Checkpoint
RP1518: 29/12/2012 1:07:09 AM - Made by Regsofts
RP1519: 29/12/2012 1:13:40 AM - Made by Regsofts
RP1520: 29/12/2012 1:57:15 AM - Made by Regsofts
RP1521: 29/12/2012 2:12:34 AM - Made by Regsofts
RP1522: 29/12/2012 2:25:16 AM - Revo Uninstaller's restore point - Ask Toolbar
RP1523: 29/12/2012 2:25:36 AM - Removed Ask Toolbar.
RP1524: 29/12/2012 2:22:40 PM - Removed Canon Camera WIA Driver
RP1525: 29/12/2012 2:23:14 PM - Removed Canon Camera WIA Driver
RP1526: 29/12/2012 10:02:06 PM - Installed Windows Internet Explorer 8.
.
==== Installed Programs ======================
.
Adobe Acrobat 8 Standard
Adobe Acrobat 6.0 Professional - English, Français, Deutsch
Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat 8.3.1 - CPSID_83708
Adobe Acrobat 8.3.1 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 6.0
Adobe Reader 7.0.5
Adobe SVG Viewer
aiofw
aioprnt
aioscnnr
Anti-Twin (Installation 05/09/2011)
Apple Application Support
ArcSoft Panorama Maker 5
ArcSoft PhotoStudio 5.5
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoCAD 2000
AutoCAD 2000 Migration Assistance
AutoUpdate
avast! Pro Antivirus
Bluetooth Stack for Windows by Toshiba
Bonjour
C4USelfUpdater
Canon Camera WIA Driver
Canon Camera WIA Driver 6.2.5
Canon CanoScan Toolbox 4.6
CD/DVD Drive Acoustic Silencer
center
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Dropbox
DVD-RAM Driver
Encom Compass Scout
Encom Discover 9.0
ESRI ArcExplorer 2.0
Free Window Registry Repair
Garmin Trip and Waypoint Manager v4
Geosoft Plug-In for MapInfo
Google Earth
Google Update Helper
GPSBabel 1.4.2
GPSU version 5.00
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel PROSet Wireless
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless WiFi Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 23
KODAK AiO Home Center
ksDIP
LSI V92 MOH Application
Manual CanoScan 4200F
MapImagery
MapInfo Professional 8.0
MapInfo Professional Data
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MouseWare 9.60
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0 (x86 en-US)
mProSafe
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MSXML4SP2
mWlsSafe
NDAS Software 3.61.2056
Nikon Message Center 2
OmniPage SE 2.0
OpenOffice.org 3.0
PreReq
Protector Suite 5.4
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Revo Uninstaller 1.91
SD Secure Module
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
SES Driver
Skype™ 6.0
SMSC IrCC V5.1.3600.9
Soap 3.0 Toolkit
Sonic DLA
Sonic RecordNow!
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA HDD Protection
TOSHIBA Hotkey Utility
TOSHIBA Mobile Extension3 for Windows XP V3.79.00.XP.C
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
Toshiba Tbiosdrv Driver
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Zooming Utility
UFile 2009
UFile 2010
UFile 2011
UFile Updater 2010
UFile Updater 2011
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.6195
ViewNX 2
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD SmartWare
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Winmail Reader 1.1.12
WinZip 15.5
.
==== Event Viewer Messages From Past Week ========
.
30/12/2012 3:15:35 AM, error: NetDDE [206] - Listen failed: 09: No resource was available.
30/12/2012 1:43:22 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
29/12/2012 3:21:37 PM, error: NetDDE [213] - Unknown Error Code returned by Lana number 0 while adding node name to network: 0x23
29/12/2012 3:21:37 PM, error: NetDDE [206] - Listen failed: 01: An illegal buffer length was supplied.
29/12/2012 2:10:45 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0019D2BA716E. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
29/12/2012 12:19:03 PM, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 340 (0x154).
28/12/2012 3:30:33 PM, error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The system cannot find the file specified.
28/12/2012 3:30:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Net.Tcp Port Sharing Service service to connect.
28/12/2012 3:30:33 PM, error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/12/2012 7:35:27 PM, error: NetDDE [211] - NetBIOS Adapter Status Query on Lana number 0 failed: 0x23
26/12/2012 1:45:25 PM, error: NetDDE [213] - Unknown Error Code returned by Lana number 1 while adding node name to network: 0x23
26/12/2012 1:37:33 PM, error: Service Control Manager [7024] - The Messenger service terminated with service-specific error 2270 (0x8DE).
26/12/2012 1:37:19 PM, error: NetDDE [206] - Listen failed: 15:
26/12/2012 1:37:11 PM, error: NetDDE [206] - Listen failed: 08: The session number was out of range.
24/12/2012 4:28:31 PM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.
23/12/2012 4:55:14 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
.
==== End Of File ===========================


GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-12-30 22:45:42

Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC7DP

Running: 4bbgjohu.exe; Driver: C:\DOCUME~1\HENDRI~1\LOCALS~1\Temp\pwlcipoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA959F4BA]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA96C4C22]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA959FED6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA95E1811]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA95AAFA8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA95AAFF4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA95AB176]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA95E11C5]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA95AAF16]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA95AB038]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA95AAF5E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA95A011C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA95AB130]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA95A093E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA959F508]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA95E1ED7]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA95E218D]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA95A41C2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA95E1D42]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA95E1BAD]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA96C4CEA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA959F170]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA959F556]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA95A4534]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA95A13A6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA95AAFD2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA95AB016]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA95AB19A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA95E1521]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA95AAF3C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA95A3C3E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA95AB0BA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA95AAF86]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA95A3F14]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA95AB154]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA96C4E4A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA95E1A28]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA95A1272]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA95E187A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA95A0DD4]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA96D17D2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA95E0838]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA959F5A4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA959F5F2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA95A07BE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA959F1FA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA959F3AA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA95E1FDE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA959F350]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA95A0AF8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA95A0C54]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA959F41A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA95A04D4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA95A0636]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA96C341C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA959F640]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA959FF1A]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA96DDE56]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 1C2 804E4A1C 4 Bytes JMP DAA96C4C

.text ntoskrnl.exe!ZwYieldExecution + 3C2 804E4C1C 12 Bytes [A4, F5, 59, A9, F2, F5, 59, ...]

.text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CC4 12 Bytes [F8, 0A, 5A, A9, 54, 0C, 5A, ...] {CLC ; OR BL, [EDX-0x57]; PUSH ESP; OR AL, 0x5a; TEST EAX, 0xa959f41a}

PAGE ntoskrnl.exe!ObInsertObject 8056DBBF 5 Bytes JMP A96DC810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80576BAE 4 Bytes CALL A95A1A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

PAGE ntoskrnl.exe!ZwCreateProcessEx 8058C938 7 Bytes JMP A96DDE5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E38C6 5 Bytes JMP A96DACF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

.text win32k.sys!EngFreeUserMem + 674 BF809B45 5 Bytes JMP A95A5B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFreeUserMem + 35D0 BF80CAA1 5 Bytes JMP A95A5A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSurface + 45 BF80FBC0 5 Bytes JMP A95A59F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11F0 BF81C962 5 Bytes JMP A95A50A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngPaint + 4EF BF8255ED 5 Bytes JMP A95A47C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + 1E5F BF8341A1 5 Bytes JMP A95A5CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + 237D BF8346BF 5 Bytes JMP A95A58FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + 4564 BF8368A6 5 Bytes JMP A95A5EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + EE3F BF841181 5 Bytes JMP A95A4834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!FONTOBJ_pxoGetXform + DE42 BF85AD4E 5 Bytes JMP A95A4688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngMulDiv + B5F2 BF8670A0 5 Bytes JMP A95A5090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + 3474 BF87111B 5 Bytes JMP A95A4C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + 34FF BF8711A6 4 Bytes JMP A95A4EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBlt + 35C1 BF87593B 5 Bytes JMP A95A5A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGetCurrentCodePage + 35FB BF894195 5 Bytes JMP A95A4CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGetCurrentCodePage + 411E BF894CB8 5 Bytes JMP A95A4E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGetLastError + 1606 BF8B1EF6 5 Bytes JMP A95A5182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGradientFill + 3AA1 BF8B6854 5 Bytes JMP A95A5BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBltROP + 33F7 BF8BA1A0 5 Bytes JMP A95A516A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBltROP + 34B7 BF8BA260 5 Bytes JMP A95A4670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBltROP + 8A22 BF8BF7CB 5 Bytes JMP A95A5E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngAlphaBlend + 3E8 BF8C333C 4 Bytes JMP A95A4944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 1517 BF8EB97D 5 Bytes JMP A95A4A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 1797 BF8EBBFD 5 Bytes JMP A95A4B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + B223 BF8F5689 5 Bytes JMP A95A50C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F9A43 5 Bytes JMP A95A456A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 19C1 BF913245 5 Bytes JMP A95A4760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 2595 BF913E19 5 Bytes JMP A95A48F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 4EF4 BF916778 5 Bytes JMP A95A4FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngPlgBlt + 18EC BF94468A 5 Bytes JMP A95A5D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[148] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[148] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[252] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[252] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\agrsmsvc.exe[264] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\agrsmsvc.exe[264] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\System32\alg.exe[268] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\System32\alg.exe[268] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe[316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe[316] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\RAMASST.exe[428] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

.text C:\WINDOWS\system32\RAMASST.exe[428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\RAMASST.exe[428] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

.text C:\WINDOWS\system32\RAMASST.exe[428] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[516] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[516] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[516] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\Ati2evxx.exe[580] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\Ati2evxx.exe[580] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[616] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[616] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[676] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[676] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\Explorer.EXE[680] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\clipsrv.exe[756] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\clipsrv.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\TPSMain.exe[836] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\WINDOWS\system32\TPSMain.exe[836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\TPSMain.exe[836] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\WINDOWS\system32\TPSMain.exe[836] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00B31014

.text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00B30804

.text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00B30A08

.text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00B30C0C

.text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00B30E10

.text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00B301F8

.text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 00B303FC

.text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00B30600

.text C:\WINDOWS\System32\smss.exe[852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\ltmoh\Ltmoh.exe[872] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Program Files\ltmoh\Ltmoh.exe[872] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\ltmoh\Ltmoh.exe[872] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Program Files\ltmoh\Ltmoh.exe[872] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\TPSBattM.exe[900] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

.text C:\WINDOWS\system32\TPSBattM.exe[900] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\TPSBattM.exe[900] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

.text C:\WINDOWS\system32\TPSBattM.exe[900] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[932] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[932] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\csrss.exe[944] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\csrss.exe[944] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[980] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\services.exe[1032] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\services.exe[1032] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\lsass.exe[1052] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\lsass.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\thpsrv.exe[1200] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\thpsrv.exe[1200] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\Ati2evxx.exe[1288] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\Ati2evxx.exe[1288] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\spoolsv.exe[1352] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\spoolsv.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\DVDRAMSV.exe[1384] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\DVDRAMSV.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1432] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE[1480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE[1480] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[1500] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\RTHDCPL.EXE[1572] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

.text C:\WINDOWS\RTHDCPL.EXE[1572] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\RTHDCPL.EXE[1572] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

.text C:\WINDOWS\RTHDCPL.EXE[1572] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 02561014

.text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 02560804

.text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 02560A08

.text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 02560C0C

.text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 02560E10

.text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 025601F8

.text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 025603FC

.text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 02560600

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1644] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1644] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

.text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

.text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 01060A08

.text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 01060804

.text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 01060600

.text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 010601F8

.text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 010603FC

.text C:\WINDOWS\system32\svchost.exe[1824] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[1916] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\ctfmon.exe[1916] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[1916] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\ctfmon.exe[1916] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 009B1014

.text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 009B0804

.text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 009B0A08

.text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 009B0C0C

.text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 009B0E10

.text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 009B01F8

.text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 009B03FC

.text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 009B0600

.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Bonjour\mDNSResponder.exe[1960] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Bonjour\mDNSResponder.exe[1960] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\netdde.exe[1968] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\netdde.exe[1968] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[2120] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[2120] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Java\jre7\bin\jqs.exe[2172] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Java\jre7\bin\jqs.exe[2172] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[2256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[2256] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\NDAS\System\ndassvc.exe[2328] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\NDAS\System\ndassvc.exe[2328] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[2360] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[2360] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\NDAS\System\ndasmgmt.exe[2580] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002B01F8

.text C:\Program Files\NDAS\System\ndasmgmt.exe[2580] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\NDAS\System\ndasmgmt.exe[2580] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002B03FC

.text C:\Program Files\NDAS\System\ndasmgmt.exe[2580] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003D0A08

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003D0804

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003D0600

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003D01F8

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003D03FC

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003E1014

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003E0804

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003E0A08

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003E0C0C

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003E0E10

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003E01F8

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003E03FC

.text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003E0600

.text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2868] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2868] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 01280A08

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 01280804

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 01280600

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 012801F8

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 012803FC

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00DF1014

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00DF0804

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00DF0A08

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00DF0C0C

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00DF0E10

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00DF01F8

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 00DF03FC

.text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00DF0600

.text C:\Program Files\WinZip\WZQKPICK.EXE[2976] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Program Files\WinZip\WZQKPICK.EXE[2976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\WinZip\WZQKPICK.EXE[2976] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Program Files\WinZip\WZQKPICK.EXE[2976] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003801F8

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003803FC

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 01131014

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 01130804

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 01130A08

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 01130C0C

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 01130E10

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 011301F8

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 011303FC

.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 01130600

.text C:\WINDOWS\system32\svchost.exe[3060] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[3060] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[3060] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[3060] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 008E1014

.text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 008E0804

.text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 008E0A08

.text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 008E0C0C

.text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 008E0E10

.text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 008E01F8

.text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 008E03FC

.text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 008E0600

.text C:\WINDOWS\system32\ThpSrv.exe[3084] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\WINDOWS\system32\ThpSrv.exe[3084] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\ThpSrv.exe[3084] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\WINDOWS\system32\ThpSrv.exe[3084] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 01931014

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 01930804

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 01930A08

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 01930C0C

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 01930E10

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 019301F8

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 019303FC

.text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 01930600

.text C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE[3184] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE[3184] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE[3184] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE[3184] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002A01F8

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002A03FC

.text C:\WINDOWS\system32\wdfmgr.exe[3188] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00711014

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00710804

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00710A08

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00710C0C

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00710E10

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 007101F8

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 007103FC

.text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00710600

.text C:\WINDOWS\System32\vssvc.exe[3244] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002B01F8

.text C:\WINDOWS\System32\vssvc.exe[3244] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\WINDOWS\System32\vssvc.exe[3244] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002B03FC

.text C:\WINDOWS\System32\vssvc.exe[3244] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003F1014

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003F0804

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003F0A08

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003F0C0C

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003F0E10

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003F01F8

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003F03FC

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003F0600

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00AA0A08

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00AA0804

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00AA0600

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 00AA01F8

.text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 00AA03FC

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 01751014

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 01750804

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 01750A08

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 01750C0C

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 01750E10

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 017501F8

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 017503FC

.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 01750600

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 04DB1014

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 04DB0804

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 04DB0A08

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 04DB0C0C

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 04DB0E10

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 04DB01F8

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 04DB03FC

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 04DB0600

.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[3612] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[3612] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[3612] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[3612] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00DC1014

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00DC0804

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00DC0A08

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00DC0C0C

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00DC0E10

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00DC01F8

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 00DC03FC

.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00DC0600

.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3672] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3672] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3672] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3672] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002701F8

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002703FC

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 02760A08

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 02760804

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 02760600

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 027601F8

.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 027603FC

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003E1014

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003E0804

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003E0A08

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003E0C0C

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003E0E10

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003E01F8

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003E03FC

.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003E0600

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

Device ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)

Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)

Device DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\ndasrofs \Device\NdasRofsControl ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

Device A5ADBC8A

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs A5B30400

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

Device ndasrofs.sys (NDAS RO File System Driver/XIMETA, Inc.)

---- Files - GMER 1.0.15 ----

File C:\avast! sandbox 0 bytes

File C:\avast! sandbox\S-1-5-21-1553018746-3710091088-2946514685-1005 0 bytes

File C:\avast! sandbox\S-1-5-21-1553018746-3710091088-2946514685-1005\sfzone 0 bytes

File C:\avast! sandbox\S-1-5-21-1553018746-3710091088-2946514685-1005\sfzone\C 0 bytes

File C:\avast! sandbox\S-1-5-21-1553018746-3710091088-2946514685-1005\sfzone\snx_fs.dat 180 bytes

File C:\avast! sandbox\snx_rhive 1310720 bytes

File C:\avast! sandbox\snx_rhive.LOG 1024 bytes

---- EOF - GMER 1.0.15 ----
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
nothing obvious but some strange readings

see what this shows & fixes

Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

post back with its log

By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
 

lite_fingers

Thread Starter
Joined
Dec 30, 2012
Messages
11
tdds scan nothing

14:14:42.0296 4520 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:14:42.0312 4520 ============================================================
14:14:42.0312 4520 Current date / time: 2012/12/31 14:14:42.0312
14:14:42.0312 4520 SystemInfo:
14:14:42.0312 4520
14:14:42.0312 4520 OS Version: 5.1.2600 ServicePack: 2.0
14:14:42.0312 4520 Product type: Workstation
14:14:42.0312 4520 ComputerName: HVGS2007
14:14:42.0312 4520 UserName: Hendrik Veldhuyzen
14:14:42.0312 4520 Windows directory: C:\WINDOWS
14:14:42.0312 4520 System windows directory: C:\WINDOWS
14:14:42.0312 4520 Processor architecture: Intel x86
14:14:42.0312 4520 Number of processors: 2
14:14:42.0312 4520 Page size: 0x1000
14:14:42.0312 4520 Boot type: Normal boot
14:14:42.0312 4520 ============================================================
14:14:44.0578 4520 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:14:44.0625 4520 ============================================================
14:14:44.0625 4520 \Device\Harddisk0\DR0:
14:14:44.0625 4520 MBR partitions:
14:14:44.0625 4520 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xD863FED
14:14:44.0625 4520 ============================================================
14:14:44.0625 4520 C: <-> \Device\Harddisk0\DR0\Partition1
14:14:44.0625 4520 ============================================================
14:14:44.0625 4520 Initialize success
14:14:44.0625 4520 ============================================================
14:16:08.0296 6080 ============================================================
14:16:08.0296 6080 Scan started
14:16:08.0296 6080 Mode: Manual;
14:16:08.0296 6080 ============================================================
14:16:09.0093 6080 ================ Scan system memory ========================
14:16:13.0218 6080 System memory - ok
14:16:13.0218 6080 ================ Scan services =============================
14:16:13.0750 6080 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
14:16:13.0750 6080 Aavmker4 - ok
14:16:13.0750 6080 Abiosdsk - ok
14:16:13.0781 6080 abp480n5 - ok
14:16:14.0031 6080 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
14:16:14.0093 6080 ACDaemon - ok
14:16:14.0218 6080 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:16:14.0312 6080 ACPI - ok
14:16:14.0343 6080 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:16:14.0359 6080 ACPIEC - ok
14:16:14.0359 6080 adpu160m - ok
14:16:14.0468 6080 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
14:16:14.0546 6080 aec - ok
14:16:14.0640 6080 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:16:14.0703 6080 AFD - ok
14:16:14.0750 6080 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
14:16:14.0765 6080 AgereModemAudio - ok
14:16:15.0390 6080 [ 07758C2196A62F207F77556311E7459A ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:16:15.0953 6080 AgereSoftModem - ok
14:16:15.0968 6080 Aha154x - ok
14:16:15.0968 6080 aic78u2 - ok
14:16:15.0968 6080 aic78xx - ok
14:16:16.0000 6080 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:16:16.0000 6080 Alerter - ok
14:16:16.0046 6080 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
14:16:16.0078 6080 ALG - ok
14:16:16.0078 6080 AliIde - ok
14:16:17.0000 6080 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
14:16:17.0890 6080 Ambfilt - ok
14:16:17.0890 6080 amsint - ok
14:16:17.0984 6080 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:16:18.0046 6080 AppMgmt - ok
14:16:18.0125 6080 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:16:18.0156 6080 Arp1394 - ok
14:16:18.0156 6080 asc - ok
14:16:18.0171 6080 asc3350p - ok
14:16:18.0171 6080 asc3550 - ok
14:16:18.0390 6080 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:16:18.0468 6080 aspnet_state - ok
14:16:18.0515 6080 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
14:16:18.0515 6080 aswFsBlk - ok
14:16:18.0578 6080 [ E2FEE0486D68BF85355D3EDA1A24FF68 ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
14:16:18.0578 6080 aswKbd - ok
14:16:18.0671 6080 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
14:16:18.0703 6080 aswMon2 - ok
14:16:18.0781 6080 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
14:16:18.0796 6080 aswRdr - ok
14:16:19.0218 6080 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
14:16:19.0578 6080 aswSnx - ok
14:16:19.0796 6080 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
14:16:19.0968 6080 aswSP - ok
14:16:20.0015 6080 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
14:16:20.0046 6080 aswTdi - ok
14:16:20.0062 6080 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:16:20.0078 6080 AsyncMac - ok
14:16:20.0156 6080 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:16:20.0156 6080 atapi - ok
14:16:20.0171 6080 Atdisk - ok
14:16:20.0406 6080 [ C4B5144443A368741E6427FAA44C5491 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:16:20.0609 6080 Ati HotKey Poller - ok
14:16:21.0390 6080 [ 221F0A33229CCE7BF2F7640D3BB8845D ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:16:22.0171 6080 ati2mtag - ok
14:16:22.0234 6080 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:16:22.0265 6080 Atmarpc - ok
14:16:22.0328 6080 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:16:22.0343 6080 AudioSrv - ok
14:16:22.0390 6080 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:16:22.0390 6080 audstub - ok
14:16:22.0515 6080 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
14:16:22.0515 6080 avast! Antivirus - ok
14:16:22.0765 6080 [ 68B86DD9D455A6A8DE6D13C84FB5CE31 ] BackupService C:\Documents and Settings\Hendrik Veldhuyzen\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
14:16:22.0812 6080 BackupService - ok
14:16:22.0843 6080 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:16:22.0843 6080 Beep - ok
14:16:23.0078 6080 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
14:16:23.0281 6080 BITS - ok
14:16:23.0484 6080 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:16:23.0609 6080 Bonjour Service - ok
14:16:23.0687 6080 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
14:16:23.0734 6080 Browser - ok
14:16:23.0765 6080 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:16:23.0781 6080 cbidf2k - ok
14:16:23.0781 6080 cd20xrnt - ok
14:16:23.0812 6080 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:16:23.0843 6080 Cdaudio - ok
14:16:23.0890 6080 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:16:23.0921 6080 Cdfs - ok
14:16:23.0953 6080 [ 351735695E9EAD93DE6AF85D8BEB1CA8 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys
14:16:23.0968 6080 cdrbsdrv - ok
14:16:24.0031 6080 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:16:24.0046 6080 Cdrom - ok
14:16:24.0171 6080 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
14:16:24.0187 6080 CFSvcs - ok
14:16:24.0203 6080 Changer - ok
14:16:24.0234 6080 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:16:24.0250 6080 CiSvc - ok
14:16:24.0265 6080 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:16:24.0281 6080 ClipSrv - ok
14:16:24.0437 6080 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:16:24.0578 6080 clr_optimization_v2.0.50727_32 - ok
14:16:24.0671 6080 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:16:24.0812 6080 clr_optimization_v4.0.30319_32 - ok
14:16:24.0843 6080 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:16:24.0859 6080 CmBatt - ok
14:16:24.0859 6080 CmdIde - ok
14:16:24.0906 6080 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:16:24.0906 6080 Compbatt - ok
14:16:24.0906 6080 COMSysApp - ok
14:16:24.0921 6080 Cpqarray - ok
14:16:25.0000 6080 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:16:25.0031 6080 CryptSvc - ok
14:16:25.0031 6080 dac2w2k - ok
14:16:25.0031 6080 dac960nt - ok
14:16:25.0296 6080 [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:16:25.0500 6080 DcomLaunch - ok
14:16:25.0593 6080 [ EF545E1A4B043DA4C84E230DD471C55F ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:16:25.0640 6080 Dhcp - ok
14:16:25.0671 6080 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:16:25.0687 6080 Disk - ok
14:16:25.0750 6080 [ EE4325BECEF51B8C32B4329097E4F301 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
14:16:25.0765 6080 DLABOIOM - ok
14:16:25.0765 6080 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
14:16:25.0765 6080 DLACDBHM - ok
14:16:25.0796 6080 [ 1E6C6597833A04C2157BE7B39EA92CE1 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
14:16:25.0796 6080 DLADResN - ok
14:16:25.0859 6080 [ 752376E109A090970BFA9722F0F40B03 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
14:16:25.0890 6080 DLAIFS_M - ok
14:16:25.0921 6080 [ 62EE7902E74B90BF1CCC4643FC6C07A7 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
14:16:25.0937 6080 DLAOPIOM - ok
14:16:25.0937 6080 [ 5C220124C5AFEAEE84A9BB89D685C17B ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
14:16:25.0937 6080 DLAPoolM - ok
14:16:25.0968 6080 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
14:16:25.0968 6080 DLARTL_N - ok
14:16:26.0031 6080 [ 4EBB78D9BBF072119363B35B9B3E518F ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
14:16:26.0078 6080 DLAUDFAM - ok
14:16:26.0125 6080 [ 333B770E52D2CEA7BD86391120466E43 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
14:16:26.0156 6080 DLAUDF_M - ok
14:16:26.0171 6080 dmadmin - ok
14:16:26.0625 6080 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:16:27.0031 6080 dmboot - ok
14:16:27.0125 6080 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:16:27.0203 6080 dmio - ok
14:16:27.0234 6080 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:16:27.0234 6080 dmload - ok
14:16:27.0296 6080 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
14:16:27.0312 6080 dmserver - ok
14:16:27.0359 6080 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:16:27.0390 6080 DMusic - ok
14:16:27.0453 6080 [ AAC8FFBFD61E784FA3BAC851D4A0BD5F ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:16:27.0484 6080 Dnscache - ok
14:16:27.0484 6080 dpti2o - ok
14:16:27.0500 6080 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:16:27.0515 6080 drmkaud - ok
14:16:27.0562 6080 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
14:16:27.0609 6080 DRVMCDB - ok
14:16:27.0640 6080 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
14:16:27.0656 6080 DRVNDDM - ok
14:16:27.0750 6080 [ C9FFBD6B8EDC46CD3D13E3C6DB914FB7 ] DVD-RAM_Service C:\WINDOWS\system32\DVDRAMSV.exe
14:16:27.0812 6080 DVD-RAM_Service - ok
14:16:27.0937 6080 [ E1FA10ED8F9F700C1BE1EAE05A80EF57 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
14:16:28.0015 6080 e1express - ok
14:16:28.0062 6080 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:16:28.0078 6080 ERSvc - ok
14:16:28.0156 6080 [ 4712531AB7A01B7EE059853CA17D39BD ] Eventlog C:\WINDOWS\system32\services.exe
14:16:28.0234 6080 Eventlog - ok
14:16:28.0390 6080 [ A4AB3DCA4A383F0DF4988ABDEB84F9A4 ] EventSystem C:\WINDOWS\system32\es.dll
14:16:28.0515 6080 EventSystem - ok
14:16:29.0046 6080 [ 53CCA6B4DF0977074E85C9A18F42B5CC ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:16:29.0515 6080 EvtEng - ok
14:16:29.0625 6080 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:16:29.0687 6080 Fastfat - ok
14:16:29.0796 6080 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:16:29.0875 6080 FastUserSwitchingCompatibility - ok
14:16:29.0890 6080 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
14:16:29.0906 6080 Fdc - ok
14:16:29.0984 6080 [ 3314F3134AC59771A133A0CD3D343FFF ] FdRedir C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
14:16:30.0000 6080 FdRedir - ok
14:16:30.0031 6080 [ 7B33F094A7A42A0225C344F5B25B1B05 ] FileDisk2 C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
14:16:30.0046 6080 FileDisk2 - ok
14:16:30.0093 6080 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:16:30.0109 6080 Fips - ok
14:16:30.0546 6080 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:16:30.0546 6080 FLEXnet Licensing Service - ok
14:16:30.0562 6080 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
14:16:30.0578 6080 Flpydisk - ok
14:16:30.0671 6080 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:16:30.0718 6080 FltMgr - ok
14:16:30.0828 6080 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:16:30.0859 6080 FontCache3.0.0.0 - ok
14:16:30.0921 6080 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:16:30.0921 6080 Fs_Rec - ok
14:16:31.0000 6080 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:16:31.0046 6080 Ftdisk - ok
14:16:31.0078 6080 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:16:31.0093 6080 Gpc - ok
14:16:31.0156 6080 [ CD007D03A9284BFE67D49C01213132BF ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
14:16:31.0156 6080 grmnusb - ok
14:16:31.0328 6080 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9b92f7886483c C:\Program Files\Google\Update\GoogleUpdate.exe
14:16:31.0390 6080 gupdate1c9b92f7886483c - ok
14:16:31.0468 6080 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:16:31.0468 6080 gupdatem - ok
14:16:31.0546 6080 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:16:31.0625 6080 HDAudBus - ok
14:16:31.0703 6080 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:16:31.0734 6080 helpsvc - ok
14:16:31.0781 6080 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:16:31.0796 6080 HidServ - ok
14:16:31.0843 6080 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:16:31.0859 6080 HidUsb - ok
14:16:31.0859 6080 hpn - ok
14:16:31.0921 6080 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:16:31.0953 6080 HPZid412 - ok
14:16:31.0984 6080 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:16:32.0000 6080 HPZipr12 - ok
14:16:32.0015 6080 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:16:32.0031 6080 HPZius12 - ok
14:16:32.0218 6080 [ CB77BB47E67E84DEB17BA29632501730 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:16:32.0359 6080 HTTP - ok
14:16:32.0421 6080 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:16:32.0437 6080 HTTPFilter - ok
14:16:32.0437 6080 i2omgmt - ok
14:16:32.0437 6080 i2omp - ok
14:16:32.0500 6080 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:16:32.0531 6080 i8042prt - ok
14:16:32.0656 6080 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:16:32.0703 6080 IDriverT - ok
14:16:33.0015 6080 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:16:33.0281 6080 idsvc - ok
14:16:33.0328 6080 [ 0B556E950404D90D097C687E65238730 ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
14:16:33.0343 6080 IFXTPM - ok
14:16:33.0390 6080 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:16:33.0421 6080 Imapi - ok
14:16:33.0515 6080 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:16:33.0562 6080 ImapiService - ok
14:16:33.0578 6080 ini910u - ok
14:16:36.0171 6080 [ FFF40B71C4845188A2CB2DFBC480B855 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:16:36.0203 6080 IntcAzAudAddService - ok
14:16:36.0218 6080 IntelIde - ok
14:16:36.0250 6080 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:16:36.0281 6080 intelppm - ok
14:16:36.0328 6080 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:16:36.0343 6080 Ip6Fw - ok
14:16:36.0375 6080 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:16:36.0390 6080 IpFilterDriver - ok
14:16:36.0421 6080 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:16:36.0421 6080 IpInIp - ok
14:16:36.0500 6080 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:16:36.0562 6080 IpNat - ok
14:16:36.0609 6080 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:16:36.0640 6080 IPSec - ok
14:16:36.0718 6080 [ 86C204836FEEC22510D434982D4221B8 ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
14:16:36.0750 6080 irda - ok
14:16:36.0781 6080 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:16:36.0781 6080 IRENUM - ok
14:16:36.0828 6080 [ 64F4D0BFB317EC15E8F35F92A6BFC54E ] Irmon C:\WINDOWS\System32\irmon.dll
14:16:36.0843 6080 Irmon - ok
14:16:36.0906 6080 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:16:36.0921 6080 isapnp - ok
14:16:36.0937 6080 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
14:16:36.0953 6080 Iviaspi - ok
14:16:37.0234 6080 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:16:37.0328 6080 JavaQuickStarterService - ok
14:16:37.0343 6080 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:16:37.0359 6080 Kbdclass - ok
14:16:37.0421 6080 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:16:37.0421 6080 kbdhid - ok
14:16:37.0546 6080 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:16:37.0546 6080 kmixer - ok
14:16:37.0812 6080 [ 1A8D8CB042E2724385227F1A19A8DECC ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
14:16:37.0953 6080 Kodak AiO Network Discovery Service - ok
14:16:38.0046 6080 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:16:38.0093 6080 KSecDD - ok
14:16:38.0171 6080 [ 166C7266F8CC653FC252486A46877390 ] l8042pr2 C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
14:16:38.0203 6080 l8042pr2 - ok
14:16:38.0281 6080 [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:16:38.0343 6080 lanmanserver - ok
14:16:38.0453 6080 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:16:38.0515 6080 lanmanworkstation - ok
14:16:38.0593 6080 [ 419590EBE7855215BB157EA0CF0D0531 ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
14:16:38.0625 6080 Lbd - ok
14:16:38.0625 6080 lbrtfdc - ok
14:16:38.0812 6080 [ F02AAC87C4AD651A44C55BB92048500B ] lfsfilt C:\WINDOWS\system32\DRIVERS\lfsfilt.sys
14:16:38.0953 6080 lfsfilt - ok
14:16:39.0000 6080 [ A1577A20EB5C1859C79EC643ECED6F6F ] LHidFlt2 C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys
14:16:39.0015 6080 LHidFlt2 - ok
14:16:39.0046 6080 [ 8CBC68215E5B3B92566B10A3C23D5102 ] LKbdFlt2 C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
14:16:39.0046 6080 LKbdFlt2 - ok
14:16:39.0093 6080 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:16:39.0109 6080 LmHosts - ok
14:16:39.0187 6080 [ 6A62A0409BBF276CC46B560D0A83D376 ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
14:16:39.0218 6080 LMouFlt2 - ok
14:16:39.0343 6080 [ FA8828EF4EDCD5514A010B9082795FFA ] lpx C:\WINDOWS\system32\DRIVERS\lpx.sys
14:16:39.0390 6080 lpx - ok
14:16:39.0453 6080 [ 7EFAC183A25B30FB5D64CC9D484B1EB6 ] meiudf C:\WINDOWS\system32\Drivers\meiudf.sys
14:16:39.0500 6080 meiudf - ok
14:16:39.0546 6080 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:16:39.0562 6080 Messenger - ok
14:16:39.0609 6080 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:16:39.0609 6080 mnmdd - ok
14:16:39.0640 6080 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:16:39.0656 6080 mnmsrvc - ok
14:16:39.0703 6080 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:16:39.0718 6080 Modem - ok
14:16:40.0656 6080 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
14:16:41.0531 6080 Monfilt - ok
14:16:41.0578 6080 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:16:41.0593 6080 Mouclass - ok
14:16:41.0640 6080 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:16:41.0640 6080 mouhid - ok
14:16:41.0687 6080 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:16:41.0703 6080 MountMgr - ok
14:16:41.0812 6080 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:16:41.0859 6080 MozillaMaintenance - ok
14:16:41.0875 6080 mraid35x - ok
14:16:41.0984 6080 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:16:42.0062 6080 MRxDAV - ok
14:16:42.0515 6080 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:16:42.0718 6080 MRxSmb - ok
14:16:42.0765 6080 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:16:42.0781 6080 MSDTC - ok
14:16:42.0828 6080 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:16:42.0843 6080 Msfs - ok
14:16:42.0843 6080 MSIServer - ok
14:16:42.0875 6080 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:16:42.0875 6080 MSKSSRV - ok
14:16:42.0890 6080 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:16:42.0890 6080 MSPCLOCK - ok
14:16:42.0906 6080 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:16:42.0906 6080 MSPQM - ok
14:16:42.0937 6080 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:16:42.0953 6080 mssmbios - ok
14:16:43.0015 6080 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:16:43.0062 6080 Mup - ok
14:16:43.0531 6080 [ A7CD17E33424F6525E3AB7052D832DBC ] ndasbus C:\WINDOWS\system32\DRIVERS\ndasbus.sys
14:16:43.0718 6080 ndasbus - ok
14:16:43.0953 6080 [ FA56687905BAE83CD911688DB29AF7E1 ] ndasfat C:\WINDOWS\system32\DRIVERS\ndasfat.sys
14:16:44.0187 6080 ndasfat - ok
14:16:44.0578 6080 [ A1C79634D06A9DE1146730DC5D9535E4 ] ndasfs C:\WINDOWS\system32\DRIVERS\ndasfs.sys
14:16:44.0734 6080 ndasfs - ok
14:16:45.0140 6080 [ 65FB3697B31B2966F941E90E726CEE83 ] ndasrofs C:\WINDOWS\system32\DRIVERS\ndasrofs.sys
14:16:45.0703 6080 ndasrofs - ok
14:16:45.0937 6080 [ D2C148B2B064EF02EB5BD927B06EF5E6 ] ndasscsi C:\WINDOWS\system32\DRIVERS\ndasscsi.sys
14:16:46.0125 6080 ndasscsi - ok
14:16:46.0484 6080 [ D92BB3E9CDF6D03B2905F8CFD2CDED3C ] ndassvc C:\Program Files\NDAS\System\ndassvc.exe
14:16:46.0625 6080 ndassvc - ok
14:16:46.0718 6080 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:16:46.0812 6080 NDIS - ok
14:16:46.0843 6080 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:16:46.0859 6080 NdisTapi - ok
14:16:46.0875 6080 [ 8D3CE6B579CDE8D37ACC690B67DC2106 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:16:46.0875 6080 Ndisuio - ok
14:16:46.0921 6080 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:16:46.0968 6080 NdisWan - ok
14:16:47.0000 6080 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:16:47.0031 6080 NDProxy - ok
14:16:47.0078 6080 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
14:16:47.0109 6080 Net Driver HPZ12 - ok
14:16:47.0140 6080 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:16:47.0156 6080 NetBIOS - ok
14:16:47.0265 6080 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:16:47.0343 6080 NetBT - ok
14:16:47.0406 6080 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
14:16:47.0453 6080 NetDDE - ok
14:16:47.0500 6080 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:16:47.0500 6080 NetDDEdsdm - ok
14:16:47.0531 6080 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
14:16:47.0546 6080 Netdevio - ok
14:16:47.0593 6080 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:16:47.0609 6080 Netlogon - ok
14:16:47.0718 6080 [ 36739B39267914BA69AD0610A0299732 ] Netman C:\WINDOWS\System32\netman.dll
14:16:47.0718 6080 Netman - ok
14:16:47.0828 6080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:16:47.0921 6080 NetTcpPortSharing - ok
14:16:50.0093 6080 [ CCDB8DB66ACD3C0A6C8E171B79F60AC4 ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
14:16:52.0187 6080 NETw5x32 - ok
14:16:52.0234 6080 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:16:52.0265 6080 NIC1394 - ok
14:16:52.0421 6080 [ 097722F235A1FB698BF9234E01B52637 ] Nla C:\WINDOWS\System32\mswsock.dll
14:16:52.0437 6080 Nla - ok
14:16:52.0500 6080 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:16:52.0515 6080 Npfs - ok
14:16:52.0843 6080 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:16:53.0109 6080 Ntfs - ok
14:16:53.0125 6080 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:16:53.0125 6080 NtLmSsp - ok
14:16:53.0343 6080 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:16:53.0484 6080 NtmsSvc - ok
14:16:53.0531 6080 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:16:53.0531 6080 Null - ok
14:16:53.0562 6080 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:16:53.0562 6080 NwlnkFlt - ok
14:16:53.0593 6080 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:16:53.0609 6080 NwlnkFwd - ok
14:16:53.0656 6080 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:16:53.0687 6080 ohci1394 - ok
14:16:53.0734 6080 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:16:53.0765 6080 Parport - ok
14:16:53.0796 6080 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:16:53.0796 6080 PartMgr - ok
14:16:53.0812 6080 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:16:53.0828 6080 ParVdm - ok
14:16:53.0890 6080 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:16:53.0921 6080 PCI - ok
14:16:53.0921 6080 PCIDump - ok
14:16:53.0953 6080 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:16:53.0953 6080 PCIIde - ok
14:16:54.0046 6080 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:16:54.0109 6080 Pcmcia - ok
14:16:54.0109 6080 PDCOMP - ok
14:16:54.0109 6080 PDFRAME - ok
14:16:54.0109 6080 PDRELI - ok
14:16:54.0125 6080 PDRFRAME - ok
14:16:54.0125 6080 perc2 - ok
14:16:54.0125 6080 perc2hib - ok
14:16:54.0140 6080 [ 444F122E68DB44C0589227781F3C8B3F ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
14:16:54.0156 6080 Pfc - ok
14:16:54.0234 6080 [ 4712531AB7A01B7EE059853CA17D39BD ] PlugPlay C:\WINDOWS\system32\services.exe
14:16:54.0234 6080 PlugPlay - ok
14:16:54.0281 6080 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
14:16:54.0312 6080 Pml Driver HPZ12 - ok
14:16:54.0343 6080 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:16:54.0343 6080 PolicyAgent - ok
14:16:54.0375 6080 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:16:54.0390 6080 PptpMiniport - ok
14:16:54.0406 6080 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:16:54.0406 6080 ProtectedStorage - ok
14:16:54.0453 6080 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:16:54.0484 6080 PSched - ok
14:16:54.0500 6080 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:16:54.0515 6080 Ptilink - ok
14:16:54.0546 6080 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:16:54.0562 6080 PxHelp20 - ok
14:16:54.0562 6080 ql1080 - ok
14:16:54.0562 6080 Ql10wnt - ok
14:16:54.0562 6080 ql12160 - ok
14:16:54.0578 6080 ql1240 - ok
14:16:54.0578 6080 ql1280 - ok
14:16:54.0593 6080 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:16:54.0609 6080 RasAcd - ok
14:16:54.0718 6080 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:16:54.0750 6080 RasAuto - ok
14:16:54.0781 6080 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:16:54.0796 6080 Rasirda - ok
14:16:54.0828 6080 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:16:54.0859 6080 Rasl2tp - ok
14:16:54.0984 6080 [ 49B5EED5FB89D39456A2F616CCD8BA5D ] RasMan C:\WINDOWS\System32\rasmans.dll
14:16:55.0078 6080 RasMan - ok
14:16:55.0109 6080 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:16:55.0125 6080 RasPppoe - ok
14:16:55.0156 6080 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:16:55.0171 6080 Raspti - ok
14:16:55.0312 6080 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:16:55.0390 6080 Rdbss - ok
14:16:55.0421 6080 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:16:55.0421 6080 RDPCDD - ok
14:16:55.0531 6080 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:16:55.0625 6080 rdpdr - ok
14:16:55.0718 6080 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:16:55.0781 6080 RDPWD - ok
14:16:55.0875 6080 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:16:55.0937 6080 RDSessMgr - ok
14:16:55.0984 6080 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:16:56.0015 6080 redbook - ok
14:16:56.0296 6080 [ 7C4391419852DFC331F6AF620C33AF3C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:16:56.0531 6080 RegSrvc - ok
14:16:56.0578 6080 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:16:56.0609 6080 RemoteAccess - ok
14:16:56.0671 6080 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:16:56.0703 6080 RemoteRegistry - ok
14:16:56.0765 6080 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
14:16:56.0796 6080 RpcLocator - ok
14:16:57.0015 6080 [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:16:57.0031 6080 RpcSs - ok
14:16:57.0125 6080 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:16:57.0187 6080 RSVP - ok
14:16:57.0718 6080 [ 55CCC8CED5778556F6B516B3858AC970 ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
14:16:58.0171 6080 S24EventMonitor - ok
14:16:58.0234 6080 [ 96B4494D4734970F47C566E098C4F527 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
14:16:58.0234 6080 s24trans - ok
14:16:58.0265 6080 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
14:16:58.0281 6080 SamSs - ok
14:16:58.0359 6080 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:16:58.0390 6080 SCardSvr - ok
14:16:58.0515 6080 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:16:58.0609 6080 Schedule - ok
14:16:58.0687 6080 [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:16:58.0734 6080 sdbus - ok
14:16:58.0781 6080 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:16:58.0796 6080 Secdrv - ok
14:16:58.0828 6080 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
14:16:58.0843 6080 seclogon - ok
14:16:58.0875 6080 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
14:16:58.0890 6080 SENS - ok
14:16:58.0906 6080 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:16:58.0921 6080 serenum - ok
14:16:58.0953 6080 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:16:58.0984 6080 Serial - ok
14:16:59.0031 6080 [ 1D9F1BEC651815741F088A8FB88E17EE ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
14:16:59.0031 6080 sffdisk - ok
14:16:59.0062 6080 [ 586499FD312FFD7F78553F408E71682E ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
14:16:59.0062 6080 sffp_sd - ok
14:16:59.0093 6080 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:16:59.0109 6080 Sfloppy - ok
14:16:59.0312 6080 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:16:59.0484 6080 SharedAccess - ok
14:16:59.0578 6080 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:16:59.0578 6080 ShellHWDetection - ok
14:16:59.0578 6080 Simbad - ok
14:16:59.0703 6080 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:16:59.0812 6080 SkypeUpdate - ok
14:16:59.0875 6080 [ FAEDD4AC72C5772672CCE88B3ADAFA56 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
14:16:59.0906 6080 SMCIRDA - ok
14:16:59.0984 6080 [ 94EEDE27FD7D46707BE49127922695A7 ] smihlp C:\Program Files\Protector Suite QL\smihlp.sys
14:16:59.0984 6080 smihlp - ok
14:16:59.0984 6080 Sparrow - ok
14:17:00.0015 6080 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:17:00.0015 6080 splitter - ok
14:17:00.0078 6080 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:17:00.0109 6080 Spooler - ok
14:17:00.0187 6080 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:17:00.0218 6080 sr - ok
14:17:00.0328 6080 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
14:17:00.0437 6080 srservice - ok
14:17:00.0609 6080 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:17:00.0781 6080 Srv - ok
14:17:00.0828 6080 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:17:00.0859 6080 SSDPSRV - ok
14:17:00.0906 6080 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
14:17:00.0906 6080 StillCam - ok
14:17:01.0109 6080 [ B6763F8534AC547CF1AF98AFDFF2EDC8 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:17:01.0296 6080 stisvc - ok
14:17:01.0328 6080 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:17:01.0328 6080 swenum - ok
14:17:01.0406 6080 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:17:01.0437 6080 swmidi - ok
14:17:01.0437 6080 SwPrv - ok
14:17:01.0437 6080 symc810 - ok
14:17:01.0437 6080 symc8xx - ok
14:17:01.0468 6080 sym_hi - ok
14:17:01.0468 6080 sym_u3 - ok
14:17:01.0593 6080 [ A6CC8C28D5AAD4179EF32F05BED55E91 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:17:01.0687 6080 SynTP - ok
14:17:01.0750 6080 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:17:01.0781 6080 sysaudio - ok
14:17:01.0843 6080 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:17:01.0890 6080 SysmonLog - ok
14:17:02.0031 6080 [ FB78839B36025AA286A51289ED28B73E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:17:02.0156 6080 TapiSrv - ok
14:17:02.0234 6080 [ 90861642FD6D8FAFB1408EE26FA93CB4 ] TAPPSRV C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
14:17:02.0265 6080 TAPPSRV - ok
14:17:02.0312 6080 [ 1F26D86828039C0B594399F7F2FFEF09 ] TBiosDrv C:\WINDOWS\system32\Drivers\Tbiosdrv.sys
14:17:02.0343 6080 TBiosDrv - ok
14:17:02.0578 6080 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:17:02.0750 6080 Tcpip - ok
14:17:02.0828 6080 [ FC6FE02F400308606A911640E72326B5 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
14:17:02.0843 6080 TcUsb - ok
14:17:02.0875 6080 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:17:02.0875 6080 TDPIPE - ok
14:17:02.0906 6080 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:17:02.0906 6080 TDTCP - ok
14:17:02.0953 6080 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:17:02.0984 6080 TermDD - ok
14:17:03.0171 6080 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
14:17:03.0343 6080 TermService - ok
14:17:03.0437 6080 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] Themes C:\WINDOWS\System32\shsvcs.dll
14:17:03.0453 6080 Themes - ok
14:17:03.0515 6080 [ 9A932560E9246B0D370FB97789BC0FD4 ] Thpdrv C:\WINDOWS\system32\DRIVERS\thpdrv.sys
14:17:03.0515 6080 Thpdrv - ok
14:17:03.0531 6080 [ 51B3DFBE72CE64FAF326C07CCBB5D632 ] Thpevm C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
14:17:03.0531 6080 Thpevm - ok
14:17:03.0640 6080 [ 737AC9EC5E8107B72152E4F9C0AE1694 ] Thpsrv C:\WINDOWS\system32\ThpSrv.exe
14:17:03.0734 6080 Thpsrv - ok
14:17:03.0906 6080 [ C424F991494E5674F2E9B3CF9F5F55D1 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
14:17:04.0046 6080 tifm21 - ok
14:17:04.0109 6080 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:17:04.0140 6080 TlntSvr - ok
14:17:04.0171 6080 [ 684BFB1E9ABB05D3F48C53F3CD16A3E6 ] TMEI3E C:\WINDOWS\system32\Drivers\TMEI3E.SYS
14:17:04.0171 6080 TMEI3E - ok
14:17:04.0296 6080 [ FADEDA0B83992E1749C3476868DFB822 ] Tmesrv C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
14:17:04.0359 6080 Tmesrv - ok
14:17:04.0375 6080 TosIde - ok
14:17:04.0437 6080 [ CC069342EE0EAE55B32A0AE99CF6185C ] tosrfec C:\WINDOWS\system32\DRIVERS\tosrfec.sys
14:17:04.0437 6080 tosrfec - ok
14:17:04.0500 6080 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:17:04.0546 6080 TrkWks - ok
14:17:04.0562 6080 [ 676DB15DDF2E0FF6EC03068DEA428B8B ] TVALD C:\WINDOWS\system32\DRIVERS\NBSMI.sys
14:17:04.0562 6080 TVALD - ok
14:17:04.0593 6080 [ AD5A08838261D8226AB7FC20C70849CA ] TVALG C:\WINDOWS\system32\DRIVERS\TVALG.SYS
14:17:04.0593 6080 TVALG - ok
14:17:04.0640 6080 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:17:04.0656 6080 Udfs - ok
14:17:04.0671 6080 ultra - ok
14:17:04.0718 6080 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
14:17:04.0765 6080 UMWdf - ok
14:17:04.0984 6080 [ CED744117E91BDC0BEB810F7D8608183 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:17:05.0171 6080 Update - ok
14:17:05.0265 6080 [ ACA5D98663D879C6BAAFCEA7E2F1B710 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:17:05.0421 6080 upnphost - ok
14:17:05.0468 6080 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
14:17:05.0484 6080 UPS - ok
14:17:05.0546 6080 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
14:17:05.0578 6080 usbaudio - ok
14:17:05.0625 6080 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:17:05.0640 6080 usbccgp - ok
14:17:05.0703 6080 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:17:05.0718 6080 usbehci - ok
14:17:05.0765 6080 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:17:05.0796 6080 usbhub - ok
14:17:05.0843 6080 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:17:05.0859 6080 usbprint - ok
14:17:05.0875 6080 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:17:05.0890 6080 usbscan - ok
14:17:05.0921 6080 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:17:05.0937 6080 USBSTOR - ok
14:17:05.0968 6080 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:17:05.0984 6080 usbuhci - ok
14:17:06.0015 6080 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:17:06.0031 6080 VgaSave - ok
14:17:06.0031 6080 ViaIde - ok
14:17:06.0078 6080 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:17:06.0109 6080 VolSnap - ok
14:17:06.0296 6080 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
14:17:06.0453 6080 VSS - ok
14:17:06.0500 6080 [ C9A8BA443F809B70BCCCCD60CC73FA5C ] vulfnths C:\WINDOWS\System32\Drivers\vulfnth.sys
14:17:06.0500 6080 vulfnths - ok
14:17:06.0546 6080 [ 2D8C55889616F7767E9FB8ADEE37A02A ] vulfntrs C:\WINDOWS\System32\Drivers\vulfntr.sys
14:17:06.0562 6080 vulfntrs - ok
14:17:06.0671 6080 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
14:17:06.0765 6080 W32Time - ok
14:17:07.0500 6080 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
14:17:08.0203 6080 w39n51 - ok
14:17:08.0250 6080 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:17:08.0265 6080 Wanarp - ok
14:17:08.0328 6080 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
14:17:08.0328 6080 WDC_SAM - ok
14:17:08.0468 6080 [ 997F2E3B66F1A987DEE83947FB40A033 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
14:17:08.0531 6080 WDDMService - ok
14:17:09.0515 6080 [ 5BB2ED6A1070001038276C814BC8C1DE ] WDFME C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
14:17:10.0468 6080 WDFME - ok
14:17:10.0468 6080 WDICA - ok
14:17:10.0562 6080 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:17:10.0609 6080 wdmaud - ok
14:17:10.0890 6080 [ 3BA6FAF9276294285B88C2E6C85A4A09 ] WDSC C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
14:17:11.0125 6080 WDSC - ok
14:17:11.0187 6080 [ 265F534EF76832435AFBF771EC97176D ] WebClient C:\WINDOWS\System32\webclnt.dll
14:17:11.0218 6080 WebClient - ok
14:17:11.0390 6080 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:17:11.0468 6080 winmgmt - ok
14:17:11.0515 6080 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:17:11.0531 6080 WmdmPmSN - ok
14:17:11.0859 6080 [ E8E57B0F9EB03D1AABEC28D550C75116 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:17:12.0156 6080 Wmi - ok
14:17:12.0265 6080 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:17:12.0328 6080 WmiApSrv - ok
14:17:12.0796 6080 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:17:13.0171 6080 WPFFontCache_v0400 - ok
14:17:13.0218 6080 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:17:13.0218 6080 WS2IFSL - ok
14:17:13.0296 6080 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:17:13.0328 6080 wscsvc - ok
14:17:13.0375 6080 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:17:13.0390 6080 wuauserv - ok
14:17:13.0468 6080 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:17:13.0515 6080 WudfPf - ok
14:17:13.0562 6080 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:17:13.0609 6080 WudfRd - ok
14:17:13.0640 6080 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:17:13.0671 6080 WudfSvc - ok
14:17:13.0921 6080 [ 9BE3612A127478B34700BEF4ACBA554D ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:17:14.0171 6080 WZCSVC - ok
14:17:14.0250 6080 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:17:14.0312 6080 xmlprov - ok
14:17:14.0312 6080 ================ Scan global ===============================
14:17:14.0406 6080 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
14:17:14.0593 6080 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
14:17:14.0890 6080 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
14:17:15.0000 6080 [ 4712531AB7A01B7EE059853CA17D39BD ] C:\WINDOWS\system32\services.exe
14:17:15.0000 6080 [Global] - ok
14:17:15.0000 6080 ================ Scan MBR ==================================
14:17:15.0046 6080 [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk0\DR0
14:17:15.0375 6080 \Device\Harddisk0\DR0 - ok
14:17:15.0375 6080 ================ Scan VBR ==================================
14:17:15.0375 6080 [ D1DCD00C9A53F99DF22C5FAB7F50256F ] \Device\Harddisk0\DR0\Partition1
14:17:15.0375 6080 \Device\Harddisk0\DR0\Partition1 - ok
14:17:15.0375 6080 ============================================================
14:17:15.0375 6080 Scan finished
14:17:15.0375 6080 ============================================================
14:17:15.0421 4692 Detected object count: 0
14:17:15.0421 4692 Actual detected object count: 0
14:19:05.0734 5668 Deinitialize success
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
can other computers using the same router connect to all sites or do they have problem with secure sites or is it only this one computer having problems
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
looking at the error messages, the first thing to do is update to XP SP3 which you should have been on years ago

Go here to download and save the full 316 MB SP3 upgrade.

After it's been downloaded and saved, do the following:

Double-click the saved SP3 upgrade file to start the upgrade process.

It'll take 30 - 60 minutes or more to complete, so be patient.

If you're not prompted to restart the computer after the upgrade is complete, do so.

Restart the computer again.
 

lite_fingers

Thread Starter
Joined
Dec 30, 2012
Messages
11
First regarding the wireless router

1) There is another computer on the syustem and there are no problems enbcountered

2) I have installed all the Service Pack 3 and updates to my computer At 3 hours 10 mintes I terminated the installation as it apeared to be hung up on the last cleaning the computer step (over 2 hours)

I have no idea why Microsoft would not tell me I needed the Service pack 3 when I tried for updates?

The Service pack is installed and all the updates were installed.

I still can not submit data on this site (using an other computer for this submission) It did solved my inability to get on secure web sites but has not solved my problem of sending emails.

When using this site I time out before the message is sent although after a long wait I could send an email.

I Called my ISP (who do not suppport Thunderbird) They suggested I cange ports no help. They suggested Icomplete a speed test My download speed exceeded my ISP claimed connection rate.

I could not get a upload connection.

Suggestions?
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
is it just thunderbird that has problems with mail or does it still have problems when you use OE to set up an account & check for or send mail
 

lite_fingers

Thread Starter
Joined
Dec 30, 2012
Messages
11
No I have tried to log in to Web Mail and look at saved messages. Result over 12 minutes of waiting nothing appeared although the browser seemed to occasionally communicate with a site but for most of the time the message at the bottom of the screeen was waiting for ******. com site. i never did see my mail folder nor could I get the web mail page although I did get it yesterday once after a long wait.
 

lite_fingers

Thread Starter
Joined
Dec 30, 2012
Messages
11
When the last message was sent, the browser went to "page unavailable connection reset" Ther was no indication the message had been successfuly sent and I was still logged in site I only discovered I was still logged in to the site and my message was submitted by using the back button
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
that is probably something to do with cookies being blocked but might just be a malware problem or you blocking adverts so the browser never gets to the page

I can't guarantee we can fix it but lets see what this does

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 

lite_fingers

Thread Starter
Joined
Dec 30, 2012
Messages
11
after 5 tries (last try was left for several hours) all that I have recorded as is as follows:

creating registry backup
checking startup
checking moduoles

Error: System was unable to find the specified key or value
checking processes
checking services
checking files
chekcing folders
checking registry - Quick scan

Error: The system was unable to find the specified registry key or value
checking registry - deep scan
Cecking Internet Explorer

Error: The system was unable to find the specified registry key or value

No error log was created
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
turn off antivirus before trying to run it
sometimes an AV will block tools from running
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top