1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

no access to secure sites or sending emails

Discussion in 'Windows XP' started by lite_fingers, Dec 30, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. lite_fingers

    lite_fingers Thread Starter

    Joined:
    Dec 30, 2012
    Messages:
    11
    I have had the computer for 5 years only now has the following problems developed

    1) I can not access secure web sites including the Windows update site. I have tried with both FireFox and IE 8. In both cases the message is wating for securesite.com and the loading fails due to timing out.

    I have no problem accessing unsecured sites

    2) At the same time my email server Thunderbird can only receive email but can not send. When attempting to send emails the message is connection to STMP server timed out.

    I have tried the recommended fixes with no success

    a) cleared SSL
    b) checked clock
    c) re-registered dll's
    d) reset IE to defaults
    e) changed ports
    f) turned off firewall
    g) changed wireless to Proset from Windows and back
    h) did straight wired connection to router for internet
    i) did a system restore to a time I was still getting and sending emails

    I tried to preview post and it failed. Tried to post it failed had to borrow a computer to submit.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 2, 32 bit
    Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz, x86 Family 6 Model 15 Stepping 6
    Processor Count: 2
    RAM: 2045 Mb
    Graphics Card: ATI Mobility Radeon X1400, 512 Mb
    Hard Drives: C: Total - 110791 MB, Free - 23400 MB;
    Motherboard: Intel Corporation, MPAD-MSAE Customer Reference Boards
    Antivirus: avast! Antivirus, Updated: Yes, On-Demand Scanner: Enabled
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    I am not sure if this is malware related but lets see what this shows us
    follow advice here and post the logs those programs make
     
  3. lite_fingers

    lite_fingers Thread Starter

    Joined:
    Dec 30, 2012
    Messages:
    11
    As requested


    dds scan

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
    Run by H at 10:45:37 on 2012-12-30
    Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.2046.820 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\netdde.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\clipsrv.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
    C:\Program Files\NDAS\System\ndassvc.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\ThpSrv.exe
    C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\thpsrv.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\NDAS\System\ndasmgmt.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Documents and Settings\H\Desktop\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: QuickNet BHO: {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - LocalServer32 - <no file>
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
    mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
    mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
    mRun: [ThpSrv] thpsrv /logon
    mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
    mRun: [TPSMain] TPSMain.exe
    mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [EM_EXEC] c:\progra~1\mousew~1\system\EM_EXEC.EXE
    mRun: [Conime] c:\windows\system32\conime.exe
    mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
    mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    StartupFolder: c:\docume~1\hendri~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\h\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\hendri~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ndasde~1.lnk - c:\program files\ndas\system\ndasmgmt.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1356329830531
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{1F504DE1-472F-40A1-950C-072851D7A0F7} : DHCPNameServer = 192.168.2.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: psfus - psqlpwd.dll
    SSODL: sysaplapp - <orphaned>
    LSA: Notification Packages = scecli psqlpwd
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\h\application data\mozilla\firefox\profiles\pb9md6rm.default\
    FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - ExtSQL: 2012-12-16 11:30; [email protected]_easiestyoutube; c:\documents and settings\h\application data\mozilla\firefox\profiles\pb9md6rm.default\extensions\[email protected]_easiestyoutube.xpi
    FF - ExtSQL: !HIDDEN! 2009-10-12 08:56; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-20 64160]
    R0 lfsfilt;NDAS Lean File Sharing Service;c:\windows\system32\drivers\lfsfilt.sys [2009-8-22 329704]
    R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2009-8-22 119784]
    R0 ndasfs;ndasfs;c:\windows\system32\drivers\ndasfs.sys [2009-8-22 340456]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-5-30 6144]
    R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-2-26 20624]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-9-24 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-6-25 361032]
    R1 ndasfat;NDAS FAT File System Service;c:\windows\system32\drivers\ndasfat.sys [2009-8-22 479720]
    R1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\drivers\ndasrofs.sys [2009-8-22 787432]
    R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2006-5-18 5888]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-25 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-24 44808]
    R2 BackupService;BackupService;c:\documents and settings\h\application data\hp simplesave application\uUACTokenSvc.exe [2011-5-1 83512]
    R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
    R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656]
    R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
    R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2006-5-18 126976]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-5-10 110592]
    R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-5-10 1858048]
    R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-5-10 482304]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-5-18 35968]
    R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2009-8-22 385512]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9b92f7886483c;Google Update Service (gupdate1c9b92f7886483c);c:\program files\google\update\GoogleUpdate.exe [2009-4-9 133104]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-19 1684736]
    S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2009-8-22 378344]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-7-17 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== File Associations ===============
    .
    ShellExec: QPW.EXE: open="c:\corel\suite8\programs\QPW.EXE"
    ShellExec: QPW.EXE: print="c:\corel\suite8\programs\QPW.EXE"
    .
    =============== Created Last 30 ================
    .
    2012-12-29 01:25:23 87552 ----a-w- c:\windows\system32\iecont.dll
    2012-12-24 04:31:45 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2012-12-24 04:31:41 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2012-12-24 04:31:37 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2012-12-24 04:31:33 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2012-12-24 04:31:29 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2012-12-24 04:29:40 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
    2012-12-24 04:29:35 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
    2012-12-24 04:29:32 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2012-12-24 04:29:22 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
    2012-12-24 04:29:21 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2012-12-24 04:27:59 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys
    2012-12-24 04:26:59 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
    2012-12-24 04:25:58 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
    2012-12-24 04:24:57 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
    2012-12-24 04:23:58 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
    2012-12-24 04:22:57 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
    2012-12-24 04:21:59 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
    2012-12-24 04:20:56 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
    2012-12-24 04:19:56 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
    2012-12-24 04:18:58 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
    2012-12-24 04:17:57 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
    2012-12-24 04:16:59 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
    2012-12-24 04:15:59 7552 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
    2012-12-24 04:14:59 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
    2012-12-24 04:13:52 4274816 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
    2012-12-24 04:12:58 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
    2012-12-24 04:11:59 111104 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe
    2012-12-24 04:11:55 1309184 -c--a-w- c:\windows\system32\dllcache\mtlstrm.sys
    2012-12-24 04:11:55 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
    2012-12-24 04:11:40 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
    2012-12-24 04:11:39 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
    2012-12-24 04:11:31 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
    2012-12-24 04:11:08 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
    2012-12-24 04:11:05 40960 -c--a-w- c:\windows\system32\dllcache\msiregmv.exe
    2012-12-24 04:11:04 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
    2012-12-24 04:09:58 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
    2012-12-24 04:08:59 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
    2012-12-24 04:07:59 35328 -c--a-w- c:\windows\system32\dllcache\iprip.dll
    2012-12-24 04:06:57 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
    2012-12-24 04:05:58 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
    2012-12-24 04:04:59 39936 -c--a-w- c:\windows\system32\dllcache\hostmib.dll
    2012-12-24 04:03:58 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
    2012-12-24 04:02:58 72192 -c--a-w- c:\windows\system32\dllcache\es1969.sys
    2012-12-24 04:01:58 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
    2012-12-24 04:00:59 24064 -c--a-w- c:\windows\system32\dllcache\devldr32.exe
    2012-12-24 03:59:58 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
    2012-12-24 03:58:59 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys
    2012-12-24 03:57:59 34735 -c--a-w- c:\windows\system32\dllcache\ati1xsxx.sys
    2012-12-24 03:56:58 32827 -c--a-w- c:\windows\system32\dllcache\tcptest.exe
    2012-12-24 02:32:12 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-12-24 02:32:12 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-12-24 02:28:44 -------- d-----w- c:\documents and settings\h\application data\VSRevoGrouph
    2012-12-23 17:14:35 -------- d-sh--w- c:\documents and settings\h\IECompatCache
    2012-12-23 05:42:34 -------- d-----w- c:\documents and settings\h\application data\DriverCure
    2012-12-22 14:48:54 -------- d-sh--w- c:\documents and settings\h\PrivacIE
    2012-12-22 14:45:00 -------- d-sh--w- c:\documents and settings\h\IETldCache
    2012-12-22 07:46:10 -------- dc-h--w- c:\windows\ie8
    2012-12-11 00:40:15 -------- d-----r- c:\program files\Skype
    .
    ==================== Find3M ====================
    .
    2012-12-29 00:56:34 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-29 00:56:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-11-09 03:49:30 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-11-09 03:49:22 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-11-09 03:49:19 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-11-09 03:49:19 746984 -c--a-w- c:\windows\system32\deployJava1.dll
    2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 23:51:56 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr
    2009-09-20 18:13:37 157696 -c--a-w- c:\program files\JavaRa.exe
    2002-01-18 22:50:52 398848 -c--a-w- c:\program files\ReActiva.exe
    .
    ============= FINISH: 10:46:44.64 ===============

    Highjack log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:41:05 AM, on 30/12/2012
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\netdde.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\clipsrv.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
    C:\Program Files\NDAS\System\ndassvc.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ThpSrv.exe
    C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\thpsrv.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\NDAS\System\ndasmgmt.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\H\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: QuickNet - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
    O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - S-1-5-18 Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'SYSTEM')
    O4 - .DEFAULT Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
    O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1356329830531
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: sysaplapp - {2F2BAF08-F215-5FF7-59B0-015013542A3F} - (no file)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: BackupService - ArcSoft, Inc. - C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c9b92f7886483c) (gupdate1c9b92f7886483c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
    O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

    --
    End of file - 12858 bytes

    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 30/05/2007 2:32:30 PM
    System Uptime: 29/12/2012 11:27:17 PM (11 hours ago)
    .
    Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
    Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz | U1 | 2161/mhz
    Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz | U1 | 2161/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 108 GiB total, 22.699 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/Wireless 3945ABG Network Connection
    Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10408086&REV_02\4&2803E7C1&0&00E2
    Manufacturer: Intel Corporation
    Name: Intel(R) PRO/Wireless 3945ABG Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10408086&REV_02\4&2803E7C1&0&00E2
    Service: NETw5x32
    .
    ==== System Restore Points ===================
    .
    RP1470: 08/11/2012 1:00:56 AM - System Checkpoint
    RP1471: 08/11/2012 10:49:05 PM - Installed Java 7 Update 9
    RP1472: 09/11/2012 11:40:24 PM - System Checkpoint
    RP1473: 10/11/2012 11:44:29 PM - System Checkpoint
    RP1474: 12/11/2012 4:41:48 PM - System Checkpoint
    RP1475: 13/11/2012 6:21:44 PM - System Checkpoint
    RP1476: 14/11/2012 11:23:50 PM - System Checkpoint
    RP1477: 15/11/2012 11:32:14 PM - System Checkpoint
    RP1478: 17/11/2012 1:14:30 AM - System Checkpoint
    RP1479: 18/11/2012 7:20:31 PM - System Checkpoint
    RP1480: 19/11/2012 8:34:03 PM - System Checkpoint
    RP1481: 22/11/2012 1:07:55 PM - System Checkpoint
    RP1482: 24/11/2012 1:45:32 AM - System Checkpoint
    RP1483: 25/11/2012 8:13:46 PM - System Checkpoint
    RP1484: 26/11/2012 9:07:15 PM - System Checkpoint
    RP1485: 27/11/2012 9:51:29 PM - System Checkpoint
    RP1486: 28/11/2012 11:09:15 PM - System Checkpoint
    RP1487: 30/11/2012 12:29:34 AM - System Checkpoint
    RP1488: 01/12/2012 2:42:00 AM - System Checkpoint
    RP1489: 01/12/2012 3:21:05 AM - Made by Regsofts
    RP1490: 01/12/2012 3:28:19 AM - Made by Regsofts
    RP1491: 02/12/2012 5:24:57 PM - System Checkpoint
    RP1492: 03/12/2012 8:24:03 PM - System Checkpoint
    RP1493: 04/12/2012 8:24:31 PM - System Checkpoint
    RP1494: 05/12/2012 8:35:43 PM - System Checkpoint
    RP1495: 08/12/2012 4:29:24 PM - System Checkpoint
    RP1496: 10/12/2012 2:31:06 PM - System Checkpoint
    RP1497: 12/12/2012 9:34:45 AM - System Checkpoint
    RP1498: 13/12/2012 4:12:10 PM - System Checkpoint
    RP1499: 14/12/2012 2:47:09 AM - Made by Regsofts
    RP1500: 14/12/2012 3:08:33 AM - Made by Regsofts
    RP1501: 15/12/2012 11:09:31 PM - System Checkpoint
    RP1502: 16/12/2012 1:54:28 AM - Made by Regsofts
    RP1503: 17/12/2012 10:39:26 AM - System Checkpoint
    RP1504: 18/12/2012 2:31:03 PM - System Checkpoint
    RP1505: 21/12/2012 10:41:51 AM - System Checkpoint
    RP1506: 21/12/2012 2:54:49 PM - Made by Regsofts
    RP1507: 21/12/2012 7:14:12 PM - Installed Java 7 Update 10
    RP1508: 22/12/2012 2:47:18 AM - Installed Windows Internet Explorer 8.
    RP1509: 22/12/2012 4:53:44 PM - Installed Microsoft Fix it 50102
    RP1510: 23/12/2012 1:00:54 AM - Made by Regsofts
    RP1511: 23/12/2012 1:48:20 AM - Made by Regsofts
    RP1512: 23/12/2012 9:27:26 PM - Restore Operation
    RP1513: 24/12/2012 12:52:22 AM - Made by Regsofts
    RP1514: 24/12/2012 12:58:26 AM - Revo Uninstaller's restore point - Eusing Cleaner
    RP1515: 25/12/2012 1:31:32 AM - System Checkpoint
    RP1516: 26/12/2012 10:52:46 AM - System Checkpoint
    RP1517: 27/12/2012 9:17:56 PM - System Checkpoint
    RP1518: 29/12/2012 1:07:09 AM - Made by Regsofts
    RP1519: 29/12/2012 1:13:40 AM - Made by Regsofts
    RP1520: 29/12/2012 1:57:15 AM - Made by Regsofts
    RP1521: 29/12/2012 2:12:34 AM - Made by Regsofts
    RP1522: 29/12/2012 2:25:16 AM - Revo Uninstaller's restore point - Ask Toolbar
    RP1523: 29/12/2012 2:25:36 AM - Removed Ask Toolbar.
    RP1524: 29/12/2012 2:22:40 PM - Removed Canon Camera WIA Driver
    RP1525: 29/12/2012 2:23:14 PM - Removed Canon Camera WIA Driver
    RP1526: 29/12/2012 10:02:06 PM - Installed Windows Internet Explorer 8.
    .
    ==== Installed Programs ======================
    .
    Adobe Acrobat 8 Standard
    Adobe Acrobat 6.0 Professional - English, Français, Deutsch
    Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
    Adobe Acrobat 8.3.1 - CPSID_83708
    Adobe Acrobat 8.3.1 Standard
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop 6.0
    Adobe Reader 7.0.5
    Adobe SVG Viewer
    aiofw
    aioprnt
    aioscnnr
    Anti-Twin (Installation 05/09/2011)
    Apple Application Support
    ArcSoft Panorama Maker 5
    ArcSoft PhotoStudio 5.5
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    AutoCAD 2000
    AutoCAD 2000 Migration Assistance
    AutoUpdate
    avast! Pro Antivirus
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    C4USelfUpdater
    Canon Camera WIA Driver
    Canon Camera WIA Driver 6.2.5
    Canon CanoScan Toolbox 4.6
    CD/DVD Drive Acoustic Silencer
    center
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    Dropbox
    DVD-RAM Driver
    Encom Compass Scout
    Encom Discover 9.0
    ESRI ArcExplorer 2.0
    Free Window Registry Repair
    Garmin Trip and Waypoint Manager v4
    Geosoft Plug-In for MapInfo
    Google Earth
    Google Update Helper
    GPSBabel 1.4.2
    GPSU version 5.00
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB893357)
    Hotfix for Windows XP (KB894871)
    Hotfix for Windows XP (KB895200)
    Hotfix for Windows XP (KB896256)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB935448)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel PROSet Wireless
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless WiFi Software
    InterVideo WinDVD Creator 2
    InterVideo WinDVD for TOSHIBA
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 23
    KODAK AiO Home Center
    ksDIP
    LSI V92 MOH Application
    Manual CanoScan 4200F
    MapImagery
    MapInfo Professional 8.0
    MapInfo Professional Data
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MouseWare 9.60
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 17.0 (x86 en-US)
    mProSafe
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    MSXML4SP2
    mWlsSafe
    NDAS Software 3.61.2056
    Nikon Message Center 2
    OmniPage SE 2.0
    OpenOffice.org 3.0
    PreReq
    Protector Suite 5.4
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.91
    SD Secure Module
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939653)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981350)
    Security Update for Windows XP (KB982381)
    SES Driver
    Skype™ 6.0
    SMSC IrCC V5.1.3600.9
    Soap 3.0 Toolkit
    Sonic DLA
    Sonic RecordNow!
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA HDD Protection
    TOSHIBA Hotkey Utility
    TOSHIBA Mobile Extension3 for Windows XP V3.79.00.XP.C
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Modem
    Toshiba Tbiosdrv Driver
    TOSHIBA TouchPad ON/Off Utility
    TOSHIBA Utilities
    TOSHIBA Zooming Utility
    UFile 2009
    UFile 2010
    UFile 2011
    UFile Updater 2010
    UFile Updater 2011
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB912945)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    VC80CRTRedist - 8.0.50727.6195
    ViewNX 2
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WD SmartWare
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Live OneCare safety scanner
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB884018
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885855
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB889673
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893056
    Winmail Reader 1.1.12
    WinZip 15.5
    .
    ==== Event Viewer Messages From Past Week ========
    .
    30/12/2012 3:15:35 AM, error: NetDDE [206] - Listen failed: 09: No resource was available.
    30/12/2012 1:43:22 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
    29/12/2012 3:21:37 PM, error: NetDDE [213] - Unknown Error Code returned by Lana number 0 while adding node name to network: 0x23
    29/12/2012 3:21:37 PM, error: NetDDE [206] - Listen failed: 01: An illegal buffer length was supplied.
    29/12/2012 2:10:45 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0019D2BA716E. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    29/12/2012 12:19:03 PM, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 340 (0x154).
    28/12/2012 3:30:33 PM, error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The system cannot find the file specified.
    28/12/2012 3:30:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Net.Tcp Port Sharing Service service to connect.
    28/12/2012 3:30:33 PM, error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    26/12/2012 7:35:27 PM, error: NetDDE [211] - NetBIOS Adapter Status Query on Lana number 0 failed: 0x23
    26/12/2012 1:45:25 PM, error: NetDDE [213] - Unknown Error Code returned by Lana number 1 while adding node name to network: 0x23
    26/12/2012 1:37:33 PM, error: Service Control Manager [7024] - The Messenger service terminated with service-specific error 2270 (0x8DE).
    26/12/2012 1:37:19 PM, error: NetDDE [206] - Listen failed: 15:
    26/12/2012 1:37:11 PM, error: NetDDE [206] - Listen failed: 08: The session number was out of range.
    24/12/2012 4:28:31 PM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.
    23/12/2012 4:55:14 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    .
    ==== End Of File ===========================


    GMER 1.0.15.15641 - http://www.gmer.net

    Rootkit scan 2012-12-30 22:45:42

    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC7DP

    Running: 4bbgjohu.exe; Driver: C:\DOCUME~1\HENDRI~1\LOCALS~1\Temp\pwlcipoc.sys

    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA959F4BA]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA96C4C22]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA959FED6]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA95E1811]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA95AAFA8]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA95AAFF4]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA95AB176]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA95E11C5]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA95AAF16]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA95AB038]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA95AAF5E]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA95A011C]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA95AB130]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA95A093E]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA959F508]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA95E1ED7]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA95E218D]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA95A41C2]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA95E1D42]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA95E1BAD]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA96C4CEA]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA959F170]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA959F556]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA95A4534]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA95A13A6]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA95AAFD2]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA95AB016]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA95AB19A]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA95E1521]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA95AAF3C]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA95A3C3E]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA95AB0BA]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA95AAF86]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA95A3F14]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA95AB154]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA96C4E4A]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA95E1A28]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA95A1272]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA95E187A]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA95A0DD4]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA96D17D2]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA95E0838]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA959F5A4]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA959F5F2]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA95A07BE]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA959F1FA]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA959F3AA]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA95E1FDE]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA959F350]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA95A0AF8]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA95A0C54]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA959F41A]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA95A04D4]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA95A0636]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA96C341C]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA959F640]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA959FF1A]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA96DDE56]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution + 1C2 804E4A1C 4 Bytes JMP DAA96C4C

    .text ntoskrnl.exe!ZwYieldExecution + 3C2 804E4C1C 12 Bytes [A4, F5, 59, A9, F2, F5, 59, ...]

    .text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CC4 12 Bytes [F8, 0A, 5A, A9, 54, 0C, 5A, ...] {CLC ; OR BL, [EDX-0x57]; PUSH ESP; OR AL, 0x5a; TEST EAX, 0xa959f41a}

    PAGE ntoskrnl.exe!ObInsertObject 8056DBBF 5 Bytes JMP A96DC810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

    PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80576BAE 4 Bytes CALL A95A1A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    PAGE ntoskrnl.exe!ZwCreateProcessEx 8058C938 7 Bytes JMP A96DDE5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

    PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E38C6 5 Bytes JMP A96DACF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

    .text win32k.sys!EngFreeUserMem + 674 BF809B45 5 Bytes JMP A95A5B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngFreeUserMem + 35D0 BF80CAA1 5 Bytes JMP A95A5A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngDeleteSurface + 45 BF80FBC0 5 Bytes JMP A95A59F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11F0 BF81C962 5 Bytes JMP A95A50A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngPaint + 4EF BF8255ED 5 Bytes JMP A95A47C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngUnmapFontFileFD + 1E5F BF8341A1 5 Bytes JMP A95A5CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngUnmapFontFileFD + 237D BF8346BF 5 Bytes JMP A95A58FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngUnmapFontFileFD + 4564 BF8368A6 5 Bytes JMP A95A5EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngUnmapFontFileFD + EE3F BF841181 5 Bytes JMP A95A4834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!FONTOBJ_pxoGetXform + DE42 BF85AD4E 5 Bytes JMP A95A4688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngMulDiv + B5F2 BF8670A0 5 Bytes JMP A95A5090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!XLATEOBJ_iXlate + 3474 BF87111B 5 Bytes JMP A95A4C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!XLATEOBJ_iXlate + 34FF BF8711A6 4 Bytes JMP A95A4EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngStretchBlt + 35C1 BF87593B 5 Bytes JMP A95A5A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngGetCurrentCodePage + 35FB BF894195 5 Bytes JMP A95A4CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngGetCurrentCodePage + 411E BF894CB8 5 Bytes JMP A95A4E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngGetLastError + 1606 BF8B1EF6 5 Bytes JMP A95A5182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngGradientFill + 3AA1 BF8B6854 5 Bytes JMP A95A5BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngStretchBltROP + 33F7 BF8BA1A0 5 Bytes JMP A95A516A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngStretchBltROP + 34B7 BF8BA260 5 Bytes JMP A95A4670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngStretchBltROP + 8A22 BF8BF7CB 5 Bytes JMP A95A5E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngAlphaBlend + 3E8 BF8C333C 4 Bytes JMP A95A4944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngFillPath + 1517 BF8EB97D 5 Bytes JMP A95A4A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngFillPath + 1797 BF8EBBFD 5 Bytes JMP A95A4B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngFillPath + B223 BF8F5689 5 Bytes JMP A95A50C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F9A43 5 Bytes JMP A95A456A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngCreateClip + 19C1 BF913245 5 Bytes JMP A95A4760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngCreateClip + 2595 BF913E19 5 Bytes JMP A95A48F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngCreateClip + 4EF4 BF916778 5 Bytes JMP A95A4FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngPlgBlt + 18EC BF94468A 5 Bytes JMP A95A5D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[148] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[148] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[252] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[252] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\agrsmsvc.exe[264] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\agrsmsvc.exe[264] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\System32\alg.exe[268] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\System32\alg.exe[268] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe[316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe[316] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\RAMASST.exe[428] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

    .text C:\WINDOWS\system32\RAMASST.exe[428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\RAMASST.exe[428] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

    .text C:\WINDOWS\system32\RAMASST.exe[428] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[516] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[516] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[516] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\Ati2evxx.exe[580] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\Ati2evxx.exe[580] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[616] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[616] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[676] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[676] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\Explorer.EXE[680] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\clipsrv.exe[756] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\clipsrv.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\TPSMain.exe[836] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\WINDOWS\system32\TPSMain.exe[836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\TPSMain.exe[836] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\WINDOWS\system32\TPSMain.exe[836] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00B31014

    .text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00B30804

    .text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00B30A08

    .text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00B30C0C

    .text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00B30E10

    .text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00B301F8

    .text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 00B303FC

    .text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00B30600

    .text C:\WINDOWS\System32\smss.exe[852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\ltmoh\Ltmoh.exe[872] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Program Files\ltmoh\Ltmoh.exe[872] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\ltmoh\Ltmoh.exe[872] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Program Files\ltmoh\Ltmoh.exe[872] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\TPSBattM.exe[900] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

    .text C:\WINDOWS\system32\TPSBattM.exe[900] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\TPSBattM.exe[900] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

    .text C:\WINDOWS\system32\TPSBattM.exe[900] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[932] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[932] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\csrss.exe[944] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\csrss.exe[944] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\winlogon.exe[980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\winlogon.exe[980] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\services.exe[1032] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\services.exe[1032] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\lsass.exe[1052] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\lsass.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\thpsrv.exe[1200] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\thpsrv.exe[1200] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\Ati2evxx.exe[1288] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\Ati2evxx.exe[1288] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\spoolsv.exe[1352] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\spoolsv.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\DVDRAMSV.exe[1384] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\DVDRAMSV.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1432] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE[1480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE[1480] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\System32\svchost.exe[1500] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

    .text C:\WINDOWS\RTHDCPL.EXE[1572] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 02561014

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 02560804

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 02560A08

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 02560C0C

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 02560E10

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 025601F8

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 025603FC

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 02560600

    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1644] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1644] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

    .text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

    .text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 01060A08

    .text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 01060804

    .text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 01060600

    .text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 010601F8

    .text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 010603FC

    .text C:\WINDOWS\system32\svchost.exe[1824] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002C01F8

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002C03FC

    .text C:\WINDOWS\system32\ctfmon.exe[1916] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 009B1014

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 009B0804

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 009B0A08

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 009B0C0C

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 009B0E10

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 009B01F8

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 009B03FC

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 009B0600

    .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Bonjour\mDNSResponder.exe[1960] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Bonjour\mDNSResponder.exe[1960] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\netdde.exe[1968] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\netdde.exe[1968] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\System32\svchost.exe[2120] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\System32\svchost.exe[2120] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Java\jre7\bin\jqs.exe[2172] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Java\jre7\bin\jqs.exe[2172] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[2256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[2256] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\NDAS\System\ndassvc.exe[2328] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\NDAS\System\ndassvc.exe[2328] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\System32\svchost.exe[2360] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\System32\svchost.exe[2360] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\NDAS\System\ndasmgmt.exe[2580] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002B01F8

    .text C:\Program Files\NDAS\System\ndasmgmt.exe[2580] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\NDAS\System\ndasmgmt.exe[2580] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002B03FC

    .text C:\Program Files\NDAS\System\ndasmgmt.exe[2580] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003D0A08

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003D0804

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003D0600

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003D01F8

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003D03FC

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003E1014

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003E0804

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003E0A08

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003E0C0C

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003E0E10

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003E01F8

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003E03FC

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003E0600

    .text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2868] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2868] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 01280A08

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 01280804

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 01280600

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 012801F8

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 012803FC

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00DF1014

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00DF0804

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00DF0A08

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00DF0C0C

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00DF0E10

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00DF01F8

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 00DF03FC

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00DF0600

    .text C:\Program Files\WinZip\WZQKPICK.EXE[2976] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Program Files\WinZip\WZQKPICK.EXE[2976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\WinZip\WZQKPICK.EXE[2976] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Program Files\WinZip\WZQKPICK.EXE[2976] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003801F8

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003803FC

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 01131014

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 01130804

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 01130A08

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 01130C0C

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 01130E10

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 011301F8

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 011303FC

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 01130600

    .text C:\WINDOWS\system32\svchost.exe[3060] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002B01F8

    .text C:\WINDOWS\system32\svchost.exe[3060] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[3060] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002B03FC

    .text C:\WINDOWS\system32\svchost.exe[3060] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 008E1014

    .text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 008E0804

    .text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 008E0A08

    .text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 008E0C0C

    .text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 008E0E10

    .text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 008E01F8

    .text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 008E03FC

    .text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 008E0600

    .text C:\WINDOWS\system32\ThpSrv.exe[3084] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\WINDOWS\system32\ThpSrv.exe[3084] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\ThpSrv.exe[3084] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\WINDOWS\system32\ThpSrv.exe[3084] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 01931014

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 01930804

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 01930A08

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 01930C0C

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 01930E10

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 019301F8

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 019303FC

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 01930600

    .text C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE[3184] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE[3184] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE[3184] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE[3184] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002A01F8

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002A03FC

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00711014

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00710804

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00710A08

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00710C0C

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00710E10

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 007101F8

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 007103FC

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00710600

    .text C:\WINDOWS\System32\vssvc.exe[3244] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002B01F8

    .text C:\WINDOWS\System32\vssvc.exe[3244] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\System32\vssvc.exe[3244] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002B03FC

    .text C:\WINDOWS\System32\vssvc.exe[3244] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003F1014

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003F0804

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003F0A08

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003F0C0C

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003F0E10

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003F01F8

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003F03FC

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003F0600

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00AA0A08

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00AA0804

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00AA0600

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 00AA01F8

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 00AA03FC

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 01751014

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 01750804

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 01750A08

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 01750C0C

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 01750E10

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 017501F8

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 017503FC

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 01750600

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 04DB1014

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 04DB0804

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 04DB0A08

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 04DB0C0C

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 04DB0E10

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 04DB01F8

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 04DB03FC

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 04DB0600

    .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[3612] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

    .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[3612] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[3612] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

    .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[3612] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00DC1014

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00DC0804

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00DC0A08

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00DC0C0C

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00DC0E10

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00DC01F8

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 00DC03FC

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00DC0600

    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3672] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3672] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3672] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3672] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002701F8

    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002703FC

    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 02760A08

    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 02760804

    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 02760600

    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 027601F8

    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 027603FC

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003E1014

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003E0804

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003E0A08

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003E0C0C

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003E0E10

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003E01F8

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003E03FC

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003E0600

    ---- Devices - GMER 1.0.15 ----

    Device aswSP.SYS (avast! self protection module/AVAST Software)

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    Device ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)

    Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)

    Device DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \FileSystem\ndasrofs \Device\NdasRofsControl ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

    Device A5ADBC8A

    AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs A5B30400

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    Device ndasrofs.sys (NDAS RO File System Driver/XIMETA, Inc.)

    ---- Files - GMER 1.0.15 ----

    File C:\avast! sandbox 0 bytes

    File C:\avast! sandbox\S-1-5-21-1553018746-3710091088-2946514685-1005 0 bytes

    File C:\avast! sandbox\S-1-5-21-1553018746-3710091088-2946514685-1005\sfzone 0 bytes

    File C:\avast! sandbox\S-1-5-21-1553018746-3710091088-2946514685-1005\sfzone\C 0 bytes

    File C:\avast! sandbox\S-1-5-21-1553018746-3710091088-2946514685-1005\sfzone\snx_fs.dat 180 bytes

    File C:\avast! sandbox\snx_rhive 1310720 bytes

    File C:\avast! sandbox\snx_rhive.LOG 1024 bytes

    ---- EOF - GMER 1.0.15 ----
     
  4. lite_fingers

    lite_fingers Thread Starter

    Joined:
    Dec 30, 2012
    Messages:
    11
    As requested


    dds scan

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
    Run by H at 10:45:37 on 2012-12-30
    Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.2046.820 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\netdde.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\clipsrv.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
    C:\Program Files\NDAS\System\ndassvc.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\ThpSrv.exe
    C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\thpsrv.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\NDAS\System\ndasmgmt.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Documents and Settings\H\Desktop\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: QuickNet BHO: {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - LocalServer32 - <no file>
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
    mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
    mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
    mRun: [ThpSrv] thpsrv /logon
    mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
    mRun: [TPSMain] TPSMain.exe
    mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [EM_EXEC] c:\progra~1\mousew~1\system\EM_EXEC.EXE
    mRun: [Conime] c:\windows\system32\conime.exe
    mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
    mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    StartupFolder: c:\docume~1\hendri~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\h\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\hendri~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ndasde~1.lnk - c:\program files\ndas\system\ndasmgmt.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1356329830531
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{1F504DE1-472F-40A1-950C-072851D7A0F7} : DHCPNameServer = 192.168.2.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: psfus - psqlpwd.dll
    SSODL: sysaplapp - <orphaned>
    LSA: Notification Packages = scecli psqlpwd
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\h\application data\mozilla\firefox\profiles\pb9md6rm.default\
    FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - ExtSQL: 2012-12-16 11:30; [email protected]_easiestyoutube; c:\documents and settings\h\application data\mozilla\firefox\profiles\pb9md6rm.default\extensions\[email protected]_easiestyoutube.xpi
    FF - ExtSQL: !HIDDEN! 2009-10-12 08:56; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-20 64160]
    R0 lfsfilt;NDAS Lean File Sharing Service;c:\windows\system32\drivers\lfsfilt.sys [2009-8-22 329704]
    R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2009-8-22 119784]
    R0 ndasfs;ndasfs;c:\windows\system32\drivers\ndasfs.sys [2009-8-22 340456]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-5-30 6144]
    R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-2-26 20624]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-9-24 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-6-25 361032]
    R1 ndasfat;NDAS FAT File System Service;c:\windows\system32\drivers\ndasfat.sys [2009-8-22 479720]
    R1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\drivers\ndasrofs.sys [2009-8-22 787432]
    R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2006-5-18 5888]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-25 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-24 44808]
    R2 BackupService;BackupService;c:\documents and settings\h\application data\hp simplesave application\uUACTokenSvc.exe [2011-5-1 83512]
    R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
    R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656]
    R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
    R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2006-5-18 126976]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-5-10 110592]
    R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-5-10 1858048]
    R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-5-10 482304]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-5-18 35968]
    R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2009-8-22 385512]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9b92f7886483c;Google Update Service (gupdate1c9b92f7886483c);c:\program files\google\update\GoogleUpdate.exe [2009-4-9 133104]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-19 1684736]
    S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2009-8-22 378344]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-7-17 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== File Associations ===============
    .
    ShellExec: QPW.EXE: open="c:\corel\suite8\programs\QPW.EXE"
    ShellExec: QPW.EXE: print="c:\corel\suite8\programs\QPW.EXE"
    .
    =============== Created Last 30 ================
    .
    2012-12-29 01:25:23 87552 ----a-w- c:\windows\system32\iecont.dll
    2012-12-24 04:31:45 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2012-12-24 04:31:41 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2012-12-24 04:31:37 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2012-12-24 04:31:33 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2012-12-24 04:31:29 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2012-12-24 04:29:40 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
    2012-12-24 04:29:35 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
    2012-12-24 04:29:32 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2012-12-24 04:29:22 19328 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
    2012-12-24 04:29:21 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2012-12-24 04:27:59 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys
    2012-12-24 04:26:59 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
    2012-12-24 04:25:58 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
    2012-12-24 04:24:57 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
    2012-12-24 04:23:58 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
    2012-12-24 04:22:57 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
    2012-12-24 04:21:59 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
    2012-12-24 04:20:56 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
    2012-12-24 04:19:56 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
    2012-12-24 04:18:58 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
    2012-12-24 04:17:57 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
    2012-12-24 04:16:59 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
    2012-12-24 04:15:59 7552 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
    2012-12-24 04:14:59 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
    2012-12-24 04:13:52 4274816 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
    2012-12-24 04:12:58 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
    2012-12-24 04:11:59 111104 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe
    2012-12-24 04:11:55 1309184 -c--a-w- c:\windows\system32\dllcache\mtlstrm.sys
    2012-12-24 04:11:55 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
    2012-12-24 04:11:40 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
    2012-12-24 04:11:39 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
    2012-12-24 04:11:31 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
    2012-12-24 04:11:08 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
    2012-12-24 04:11:05 40960 -c--a-w- c:\windows\system32\dllcache\msiregmv.exe
    2012-12-24 04:11:04 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
    2012-12-24 04:09:58 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
    2012-12-24 04:08:59 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
    2012-12-24 04:07:59 35328 -c--a-w- c:\windows\system32\dllcache\iprip.dll
    2012-12-24 04:06:57 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
    2012-12-24 04:05:58 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
    2012-12-24 04:04:59 39936 -c--a-w- c:\windows\system32\dllcache\hostmib.dll
    2012-12-24 04:03:58 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
    2012-12-24 04:02:58 72192 -c--a-w- c:\windows\system32\dllcache\es1969.sys
    2012-12-24 04:01:58 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
    2012-12-24 04:00:59 24064 -c--a-w- c:\windows\system32\dllcache\devldr32.exe
    2012-12-24 03:59:58 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys
    2012-12-24 03:58:59 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys
    2012-12-24 03:57:59 34735 -c--a-w- c:\windows\system32\dllcache\ati1xsxx.sys
    2012-12-24 03:56:58 32827 -c--a-w- c:\windows\system32\dllcache\tcptest.exe
    2012-12-24 02:32:12 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-12-24 02:32:12 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-12-24 02:28:44 -------- d-----w- c:\documents and settings\h\application data\VSRevoGrouph
    2012-12-23 17:14:35 -------- d-sh--w- c:\documents and settings\h\IECompatCache
    2012-12-23 05:42:34 -------- d-----w- c:\documents and settings\h\application data\DriverCure
    2012-12-22 14:48:54 -------- d-sh--w- c:\documents and settings\h\PrivacIE
    2012-12-22 14:45:00 -------- d-sh--w- c:\documents and settings\h\IETldCache
    2012-12-22 07:46:10 -------- dc-h--w- c:\windows\ie8
    2012-12-11 00:40:15 -------- d-----r- c:\program files\Skype
    .
    ==================== Find3M ====================
    .
    2012-12-29 00:56:34 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-29 00:56:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-11-09 03:49:30 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-11-09 03:49:22 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-11-09 03:49:19 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-11-09 03:49:19 746984 -c--a-w- c:\windows\system32\deployJava1.dll
    2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 23:51:56 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr
    2009-09-20 18:13:37 157696 -c--a-w- c:\program files\JavaRa.exe
    2002-01-18 22:50:52 398848 -c--a-w- c:\program files\ReActiva.exe
    .
    ============= FINISH: 10:46:44.64 ===============

    Highjack log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:41:05 AM, on 30/12/2012
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\netdde.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\clipsrv.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
    C:\Program Files\NDAS\System\ndassvc.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ThpSrv.exe
    C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\thpsrv.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\NDAS\System\ndasmgmt.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\H\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: QuickNet - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
    O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - S-1-5-18 Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'SYSTEM')
    O4 - .DEFAULT Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
    O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1356329830531
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: sysaplapp - {2F2BAF08-F215-5FF7-59B0-015013542A3F} - (no file)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: BackupService - ArcSoft, Inc. - C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c9b92f7886483c) (gupdate1c9b92f7886483c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
    O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

    --
    End of file - 12858 bytes

    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 30/05/2007 2:32:30 PM
    System Uptime: 29/12/2012 11:27:17 PM (11 hours ago)
    .
    Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
    Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz | U1 | 2161/mhz
    Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz | U1 | 2161/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 108 GiB total, 22.699 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/Wireless 3945ABG Network Connection
    Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10408086&REV_02\4&2803E7C1&0&00E2
    Manufacturer: Intel Corporation
    Name: Intel(R) PRO/Wireless 3945ABG Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10408086&REV_02\4&2803E7C1&0&00E2
    Service: NETw5x32
    .
    ==== System Restore Points ===================
    .
    RP1470: 08/11/2012 1:00:56 AM - System Checkpoint
    RP1471: 08/11/2012 10:49:05 PM - Installed Java 7 Update 9
    RP1472: 09/11/2012 11:40:24 PM - System Checkpoint
    RP1473: 10/11/2012 11:44:29 PM - System Checkpoint
    RP1474: 12/11/2012 4:41:48 PM - System Checkpoint
    RP1475: 13/11/2012 6:21:44 PM - System Checkpoint
    RP1476: 14/11/2012 11:23:50 PM - System Checkpoint
    RP1477: 15/11/2012 11:32:14 PM - System Checkpoint
    RP1478: 17/11/2012 1:14:30 AM - System Checkpoint
    RP1479: 18/11/2012 7:20:31 PM - System Checkpoint
    RP1480: 19/11/2012 8:34:03 PM - System Checkpoint
    RP1481: 22/11/2012 1:07:55 PM - System Checkpoint
    RP1482: 24/11/2012 1:45:32 AM - System Checkpoint
    RP1483: 25/11/2012 8:13:46 PM - System Checkpoint
    RP1484: 26/11/2012 9:07:15 PM - System Checkpoint
    RP1485: 27/11/2012 9:51:29 PM - System Checkpoint
    RP1486: 28/11/2012 11:09:15 PM - System Checkpoint
    RP1487: 30/11/2012 12:29:34 AM - System Checkpoint
    RP1488: 01/12/2012 2:42:00 AM - System Checkpoint
    RP1489: 01/12/2012 3:21:05 AM - Made by Regsofts
    RP1490: 01/12/2012 3:28:19 AM - Made by Regsofts
    RP1491: 02/12/2012 5:24:57 PM - System Checkpoint
    RP1492: 03/12/2012 8:24:03 PM - System Checkpoint
    RP1493: 04/12/2012 8:24:31 PM - System Checkpoint
    RP1494: 05/12/2012 8:35:43 PM - System Checkpoint
    RP1495: 08/12/2012 4:29:24 PM - System Checkpoint
    RP1496: 10/12/2012 2:31:06 PM - System Checkpoint
    RP1497: 12/12/2012 9:34:45 AM - System Checkpoint
    RP1498: 13/12/2012 4:12:10 PM - System Checkpoint
    RP1499: 14/12/2012 2:47:09 AM - Made by Regsofts
    RP1500: 14/12/2012 3:08:33 AM - Made by Regsofts
    RP1501: 15/12/2012 11:09:31 PM - System Checkpoint
    RP1502: 16/12/2012 1:54:28 AM - Made by Regsofts
    RP1503: 17/12/2012 10:39:26 AM - System Checkpoint
    RP1504: 18/12/2012 2:31:03 PM - System Checkpoint
    RP1505: 21/12/2012 10:41:51 AM - System Checkpoint
    RP1506: 21/12/2012 2:54:49 PM - Made by Regsofts
    RP1507: 21/12/2012 7:14:12 PM - Installed Java 7 Update 10
    RP1508: 22/12/2012 2:47:18 AM - Installed Windows Internet Explorer 8.
    RP1509: 22/12/2012 4:53:44 PM - Installed Microsoft Fix it 50102
    RP1510: 23/12/2012 1:00:54 AM - Made by Regsofts
    RP1511: 23/12/2012 1:48:20 AM - Made by Regsofts
    RP1512: 23/12/2012 9:27:26 PM - Restore Operation
    RP1513: 24/12/2012 12:52:22 AM - Made by Regsofts
    RP1514: 24/12/2012 12:58:26 AM - Revo Uninstaller's restore point - Eusing Cleaner
    RP1515: 25/12/2012 1:31:32 AM - System Checkpoint
    RP1516: 26/12/2012 10:52:46 AM - System Checkpoint
    RP1517: 27/12/2012 9:17:56 PM - System Checkpoint
    RP1518: 29/12/2012 1:07:09 AM - Made by Regsofts
    RP1519: 29/12/2012 1:13:40 AM - Made by Regsofts
    RP1520: 29/12/2012 1:57:15 AM - Made by Regsofts
    RP1521: 29/12/2012 2:12:34 AM - Made by Regsofts
    RP1522: 29/12/2012 2:25:16 AM - Revo Uninstaller's restore point - Ask Toolbar
    RP1523: 29/12/2012 2:25:36 AM - Removed Ask Toolbar.
    RP1524: 29/12/2012 2:22:40 PM - Removed Canon Camera WIA Driver
    RP1525: 29/12/2012 2:23:14 PM - Removed Canon Camera WIA Driver
    RP1526: 29/12/2012 10:02:06 PM - Installed Windows Internet Explorer 8.
    .
    ==== Installed Programs ======================
    .
    Adobe Acrobat 8 Standard
    Adobe Acrobat 6.0 Professional - English, Français, Deutsch
    Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
    Adobe Acrobat 8.3.1 - CPSID_83708
    Adobe Acrobat 8.3.1 Standard
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop 6.0
    Adobe Reader 7.0.5
    Adobe SVG Viewer
    aiofw
    aioprnt
    aioscnnr
    Anti-Twin (Installation 05/09/2011)
    Apple Application Support
    ArcSoft Panorama Maker 5
    ArcSoft PhotoStudio 5.5
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    AutoCAD 2000
    AutoCAD 2000 Migration Assistance
    AutoUpdate
    avast! Pro Antivirus
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    C4USelfUpdater
    Canon Camera WIA Driver
    Canon Camera WIA Driver 6.2.5
    Canon CanoScan Toolbox 4.6
    CD/DVD Drive Acoustic Silencer
    center
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    Dropbox
    DVD-RAM Driver
    Encom Compass Scout
    Encom Discover 9.0
    ESRI ArcExplorer 2.0
    Free Window Registry Repair
    Garmin Trip and Waypoint Manager v4
    Geosoft Plug-In for MapInfo
    Google Earth
    Google Update Helper
    GPSBabel 1.4.2
    GPSU version 5.00
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB893357)
    Hotfix for Windows XP (KB894871)
    Hotfix for Windows XP (KB895200)
    Hotfix for Windows XP (KB896256)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB935448)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel PROSet Wireless
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless WiFi Software
    InterVideo WinDVD Creator 2
    InterVideo WinDVD for TOSHIBA
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 23
    KODAK AiO Home Center
    ksDIP
    LSI V92 MOH Application
    Manual CanoScan 4200F
    MapImagery
    MapInfo Professional 8.0
    MapInfo Professional Data
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MouseWare 9.60
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 17.0 (x86 en-US)
    mProSafe
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    MSXML4SP2
    mWlsSafe
    NDAS Software 3.61.2056
    Nikon Message Center 2
    OmniPage SE 2.0
    OpenOffice.org 3.0
    PreReq
    Protector Suite 5.4
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.91
    SD Secure Module
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939653)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981350)
    Security Update for Windows XP (KB982381)
    SES Driver
    Skype™ 6.0
    SMSC IrCC V5.1.3600.9
    Soap 3.0 Toolkit
    Sonic DLA
    Sonic RecordNow!
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA HDD Protection
    TOSHIBA Hotkey Utility
    TOSHIBA Mobile Extension3 for Windows XP V3.79.00.XP.C
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Modem
    Toshiba Tbiosdrv Driver
    TOSHIBA TouchPad ON/Off Utility
    TOSHIBA Utilities
    TOSHIBA Zooming Utility
    UFile 2009
    UFile 2010
    UFile 2011
    UFile Updater 2010
    UFile Updater 2011
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB912945)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    VC80CRTRedist - 8.0.50727.6195
    ViewNX 2
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WD SmartWare
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Live OneCare safety scanner
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB884018
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885855
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB889673
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893056
    Winmail Reader 1.1.12
    WinZip 15.5
    .
    ==== Event Viewer Messages From Past Week ========
    .
    30/12/2012 3:15:35 AM, error: NetDDE [206] - Listen failed: 09: No resource was available.
    30/12/2012 1:43:22 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
    29/12/2012 3:21:37 PM, error: NetDDE [213] - Unknown Error Code returned by Lana number 0 while adding node name to network: 0x23
    29/12/2012 3:21:37 PM, error: NetDDE [206] - Listen failed: 01: An illegal buffer length was supplied.
    29/12/2012 2:10:45 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0019D2BA716E. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    29/12/2012 12:19:03 PM, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 340 (0x154).
    28/12/2012 3:30:33 PM, error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The system cannot find the file specified.
    28/12/2012 3:30:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Net.Tcp Port Sharing Service service to connect.
    28/12/2012 3:30:33 PM, error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    26/12/2012 7:35:27 PM, error: NetDDE [211] - NetBIOS Adapter Status Query on Lana number 0 failed: 0x23
    26/12/2012 1:45:25 PM, error: NetDDE [213] - Unknown Error Code returned by Lana number 1 while adding node name to network: 0x23
    26/12/2012 1:37:33 PM, error: Service Control Manager [7024] - The Messenger service terminated with service-specific error 2270 (0x8DE).
    26/12/2012 1:37:19 PM, error: NetDDE [206] - Listen failed: 15:
    26/12/2012 1:37:11 PM, error: NetDDE [206] - Listen failed: 08: The session number was out of range.
    24/12/2012 4:28:31 PM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.
    23/12/2012 4:55:14 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    .
    ==== End Of File ===========================


    GMER 1.0.15.15641 - http://www.gmer.net

    Rootkit scan 2012-12-30 22:45:42

    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC7DP

    Running: 4bbgjohu.exe; Driver: C:\DOCUME~1\HENDRI~1\LOCALS~1\Temp\pwlcipoc.sys

    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA959F4BA]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA96C4C22]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA959FED6]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA95E1811]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA95AAFA8]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA95AAFF4]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA95AB176]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA95E11C5]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA95AAF16]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA95AB038]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA95AAF5E]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA95A011C]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA95AB130]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA95A093E]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA959F508]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA95E1ED7]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA95E218D]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA95A41C2]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA95E1D42]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA95E1BAD]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA96C4CEA]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA959F170]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA959F556]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA95A4534]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA95A13A6]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA95AAFD2]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA95AB016]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA95AB19A]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA95E1521]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA95AAF3C]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA95A3C3E]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA95AB0BA]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA95AAF86]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA95A3F14]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA95AB154]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA96C4E4A]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA95E1A28]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA95A1272]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA95E187A]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA95A0DD4]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA96D17D2]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA95E0838]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA959F5A4]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA959F5F2]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA95A07BE]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA959F1FA]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA959F3AA]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA95E1FDE]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA959F350]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA95A0AF8]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA95A0C54]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA959F41A]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA95A04D4]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA95A0636]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA96C341C]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA959F640]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA959FF1A]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA96DDE56]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution + 1C2 804E4A1C 4 Bytes JMP DAA96C4C

    .text ntoskrnl.exe!ZwYieldExecution + 3C2 804E4C1C 12 Bytes [A4, F5, 59, A9, F2, F5, 59, ...]

    .text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CC4 12 Bytes [F8, 0A, 5A, A9, 54, 0C, 5A, ...] {CLC ; OR BL, [EDX-0x57]; PUSH ESP; OR AL, 0x5a; TEST EAX, 0xa959f41a}

    PAGE ntoskrnl.exe!ObInsertObject 8056DBBF 5 Bytes JMP A96DC810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

    PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80576BAE 4 Bytes CALL A95A1A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    PAGE ntoskrnl.exe!ZwCreateProcessEx 8058C938 7 Bytes JMP A96DDE5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

    PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E38C6 5 Bytes JMP A96DACF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

    .text win32k.sys!EngFreeUserMem + 674 BF809B45 5 Bytes JMP A95A5B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngFreeUserMem + 35D0 BF80CAA1 5 Bytes JMP A95A5A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngDeleteSurface + 45 BF80FBC0 5 Bytes JMP A95A59F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11F0 BF81C962 5 Bytes JMP A95A50A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngPaint + 4EF BF8255ED 5 Bytes JMP A95A47C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngUnmapFontFileFD + 1E5F BF8341A1 5 Bytes JMP A95A5CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngUnmapFontFileFD + 237D BF8346BF 5 Bytes JMP A95A58FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngUnmapFontFileFD + 4564 BF8368A6 5 Bytes JMP A95A5EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngUnmapFontFileFD + EE3F BF841181 5 Bytes JMP A95A4834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!FONTOBJ_pxoGetXform + DE42 BF85AD4E 5 Bytes JMP A95A4688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngMulDiv + B5F2 BF8670A0 5 Bytes JMP A95A5090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!XLATEOBJ_iXlate + 3474 BF87111B 5 Bytes JMP A95A4C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!XLATEOBJ_iXlate + 34FF BF8711A6 4 Bytes JMP A95A4EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngStretchBlt + 35C1 BF87593B 5 Bytes JMP A95A5A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngGetCurrentCodePage + 35FB BF894195 5 Bytes JMP A95A4CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngGetCurrentCodePage + 411E BF894CB8 5 Bytes JMP A95A4E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngGetLastError + 1606 BF8B1EF6 5 Bytes JMP A95A5182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngGradientFill + 3AA1 BF8B6854 5 Bytes JMP A95A5BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngStretchBltROP + 33F7 BF8BA1A0 5 Bytes JMP A95A516A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngStretchBltROP + 34B7 BF8BA260 5 Bytes JMP A95A4670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngStretchBltROP + 8A22 BF8BF7CB 5 Bytes JMP A95A5E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngAlphaBlend + 3E8 BF8C333C 4 Bytes JMP A95A4944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngFillPath + 1517 BF8EB97D 5 Bytes JMP A95A4A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngFillPath + 1797 BF8EBBFD 5 Bytes JMP A95A4B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngFillPath + B223 BF8F5689 5 Bytes JMP A95A50C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F9A43 5 Bytes JMP A95A456A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngCreateClip + 19C1 BF913245 5 Bytes JMP A95A4760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngCreateClip + 2595 BF913E19 5 Bytes JMP A95A48F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngCreateClip + 4EF4 BF916778 5 Bytes JMP A95A4FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngPlgBlt + 18EC BF94468A 5 Bytes JMP A95A5D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[148] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[148] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[252] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[252] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\agrsmsvc.exe[264] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\agrsmsvc.exe[264] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\System32\alg.exe[268] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\System32\alg.exe[268] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe[316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Documents and Settings\H\Application Data\HP SimpleSave Application\uUACTokenSvc.exe[316] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\RAMASST.exe[428] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

    .text C:\WINDOWS\system32\RAMASST.exe[428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\RAMASST.exe[428] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

    .text C:\WINDOWS\system32\RAMASST.exe[428] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[516] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[516] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[516] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\Ati2evxx.exe[580] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\Ati2evxx.exe[580] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[616] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[616] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[676] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[676] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\Explorer.EXE[680] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\Explorer.EXE[680] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\clipsrv.exe[756] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\clipsrv.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\TPSMain.exe[836] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\WINDOWS\system32\TPSMain.exe[836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\TPSMain.exe[836] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\WINDOWS\system32\TPSMain.exe[836] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00B31014

    .text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00B30804

    .text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00B30A08

    .text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00B30C0C

    .text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00B30E10

    .text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00B301F8

    .text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 00B303FC

    .text C:\WINDOWS\system32\TPSMain.exe[836] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00B30600

    .text C:\WINDOWS\System32\smss.exe[852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\ltmoh\Ltmoh.exe[872] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Program Files\ltmoh\Ltmoh.exe[872] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\ltmoh\Ltmoh.exe[872] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Program Files\ltmoh\Ltmoh.exe[872] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\TPSBattM.exe[900] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

    .text C:\WINDOWS\system32\TPSBattM.exe[900] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\TPSBattM.exe[900] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

    .text C:\WINDOWS\system32\TPSBattM.exe[900] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[932] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[932] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\csrss.exe[944] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\csrss.exe[944] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\winlogon.exe[980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\winlogon.exe[980] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\services.exe[1032] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\services.exe[1032] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\lsass.exe[1052] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\lsass.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\thpsrv.exe[1200] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\thpsrv.exe[1200] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\Ati2evxx.exe[1288] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\Ati2evxx.exe[1288] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\spoolsv.exe[1352] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\spoolsv.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\DVDRAMSV.exe[1384] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\DVDRAMSV.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[1404] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1432] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE[1480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE[1480] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\System32\svchost.exe[1500] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\System32\svchost.exe[1500] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

    .text C:\WINDOWS\RTHDCPL.EXE[1572] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 02561014

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 02560804

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 02560A08

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 02560C0C

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 02560E10

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 025601F8

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 025603FC

    .text C:\WINDOWS\RTHDCPL.EXE[1572] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 02560600

    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1588] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1644] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1644] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

    .text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

    .text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 01060A08

    .text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 01060804

    .text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 01060600

    .text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 010601F8

    .text C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE[1712] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 010603FC

    .text C:\WINDOWS\system32\svchost.exe[1824] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[1824] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002C01F8

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002C03FC

    .text C:\WINDOWS\system32\ctfmon.exe[1916] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 009B1014

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 009B0804

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 009B0A08

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 009B0C0C

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 009B0E10

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 009B01F8

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 009B03FC

    .text C:\WINDOWS\system32\ctfmon.exe[1916] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 009B0600

    .text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Bonjour\mDNSResponder.exe[1960] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Bonjour\mDNSResponder.exe[1960] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\netdde.exe[1968] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\netdde.exe[1968] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\System32\svchost.exe[2120] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\System32\svchost.exe[2120] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Java\jre7\bin\jqs.exe[2172] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Java\jre7\bin\jqs.exe[2172] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[2256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[2256] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\NDAS\System\ndassvc.exe[2328] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\NDAS\System\ndassvc.exe[2328] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\System32\svchost.exe[2360] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\System32\svchost.exe[2360] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\NDAS\System\ndasmgmt.exe[2580] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002B01F8

    .text C:\Program Files\NDAS\System\ndasmgmt.exe[2580] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\NDAS\System\ndasmgmt.exe[2580] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002B03FC

    .text C:\Program Files\NDAS\System\ndasmgmt.exe[2580] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003D0A08

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003D0804

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003D0600

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003D01F8

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003D03FC

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003E1014

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003E0804

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003E0A08

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003E0C0C

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003E0E10

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003E01F8

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003E03FC

    .text C:\Documents and Settings\H\Application Data\Dropbox\bin\Dropbox.exe[2804] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003E0600

    .text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\System32\svchost.exe[2844] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2868] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2868] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 01280A08

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 01280804

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 01280600

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 012801F8

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 012803FC

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00DF1014

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00DF0804

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00DF0A08

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00DF0C0C

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00DF0E10

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00DF01F8

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 00DF03FC

    .text C:\Program Files\Protector Suite QL\psqltray.exe[2944] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00DF0600

    .text C:\Program Files\WinZip\WZQKPICK.EXE[2976] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Program Files\WinZip\WZQKPICK.EXE[2976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\WinZip\WZQKPICK.EXE[2976] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Program Files\WinZip\WZQKPICK.EXE[2976] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003801F8

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003803FC

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 01131014

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 01130804

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 01130A08

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 01130C0C

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 01130E10

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 011301F8

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 011303FC

    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3000] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 01130600

    .text C:\WINDOWS\system32\svchost.exe[3060] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002B01F8

    .text C:\WINDOWS\system32\svchost.exe[3060] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[3060] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002B03FC

    .text C:\WINDOWS\system32\svchost.exe[3060] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 008E1014

    .text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 008E0804

    .text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 008E0A08

    .text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 008E0C0C

    .text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 008E0E10

    .text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 008E01F8

    .text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 008E03FC

    .text C:\WINDOWS\system32\svchost.exe[3060] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 008E0600

    .text C:\WINDOWS\system32\ThpSrv.exe[3084] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\WINDOWS\system32\ThpSrv.exe[3084] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\ThpSrv.exe[3084] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\WINDOWS\system32\ThpSrv.exe[3084] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 01931014

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 01930804

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 01930A08

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 01930C0C

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 01930E10

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 019301F8

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 019303FC

    .text C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe[3100] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 01930600

    .text C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE[3184] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE[3184] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE[3184] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE[3184] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002A01F8

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002A03FC

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00711014

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00710804

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00710A08

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00710C0C

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00710E10

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 007101F8

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 007103FC

    .text C:\WINDOWS\system32\wdfmgr.exe[3188] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00710600

    .text C:\WINDOWS\System32\vssvc.exe[3244] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002B01F8

    .text C:\WINDOWS\System32\vssvc.exe[3244] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\WINDOWS\System32\vssvc.exe[3244] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002B03FC

    .text C:\WINDOWS\System32\vssvc.exe[3244] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003F1014

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003F0804

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003F0A08

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003F0C0C

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003F0E10

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003F01F8

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003F03FC

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003F0600

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00AA0A08

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00AA0804

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00AA0600

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 00AA01F8

    .text C:\Documents and Settings\H\Desktop\4bbgjohu.exe[3248] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 00AA03FC

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 01751014

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 01750804

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 01750A08

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 01750C0C

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 01750E10

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 017501F8

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 017503FC

    .text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3520] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 01750600

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 04DB1014

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 04DB0804

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 04DB0A08

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 04DB0C0C

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 04DB0E10

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 04DB01F8

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 04DB03FC

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3592] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 04DB0600

    .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[3612] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

    .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[3612] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[3612] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

    .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[3612] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00DC1014

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00DC0804

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00DC0A08

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00DC0C0C

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00DC0E10

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 00DC01F8

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 00DC03FC

    .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3660] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00DC0600

    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3672] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003601F8

    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3672] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3672] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003603FC

    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3672] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 002701F8

    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 002703FC

    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 02760A08

    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 02760804

    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 02760600

    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 027601F8

    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3832] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 027603FC

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003701F8

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003703FC

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003E1014

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003E0804

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003E0A08

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003E0C0C

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003E0E10

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003E01F8

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003E03FC

    .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe[3840] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003E0600

    ---- Devices - GMER 1.0.15 ----

    Device aswSP.SYS (avast! self protection module/AVAST Software)

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    Device ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)

    Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)

    Device DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \FileSystem\ndasrofs \Device\NdasRofsControl ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

    Device A5ADBC8A

    AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs A5B30400

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    Device ndasrofs.sys (NDAS RO File System Driver/XIMETA, Inc.)

    ---- Files - GMER 1.0.15 ----

    File C:\avast! sandbox 0 bytes

    File C:\avast! sandbox\S-1-5-21-1553018746-3710091088-2946514685-1005 0 bytes

    File C:\avast! sandbox\S-1-5-21-1553018746-3710091088-2946514685-1005\sfzone 0 bytes

    File C:\avast! sandbox\S-1-5-21-1553018746-3710091088-2946514685-1005\sfzone\C 0 bytes

    File C:\avast! sandbox\S-1-5-21-1553018746-3710091088-2946514685-1005\sfzone\snx_fs.dat 180 bytes

    File C:\avast! sandbox\snx_rhive 1310720 bytes

    File C:\avast! sandbox\snx_rhive.LOG 1024 bytes

    ---- EOF - GMER 1.0.15 ----
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    nothing obvious but some strange readings

    see what this shows & fixes

    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

    post back with its log

    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  6. lite_fingers

    lite_fingers Thread Starter

    Joined:
    Dec 30, 2012
    Messages:
    11
    tdds scan nothing

    14:14:42.0296 4520 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    14:14:42.0312 4520 ============================================================
    14:14:42.0312 4520 Current date / time: 2012/12/31 14:14:42.0312
    14:14:42.0312 4520 SystemInfo:
    14:14:42.0312 4520
    14:14:42.0312 4520 OS Version: 5.1.2600 ServicePack: 2.0
    14:14:42.0312 4520 Product type: Workstation
    14:14:42.0312 4520 ComputerName: HVGS2007
    14:14:42.0312 4520 UserName: Hendrik Veldhuyzen
    14:14:42.0312 4520 Windows directory: C:\WINDOWS
    14:14:42.0312 4520 System windows directory: C:\WINDOWS
    14:14:42.0312 4520 Processor architecture: Intel x86
    14:14:42.0312 4520 Number of processors: 2
    14:14:42.0312 4520 Page size: 0x1000
    14:14:42.0312 4520 Boot type: Normal boot
    14:14:42.0312 4520 ============================================================
    14:14:44.0578 4520 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    14:14:44.0625 4520 ============================================================
    14:14:44.0625 4520 \Device\Harddisk0\DR0:
    14:14:44.0625 4520 MBR partitions:
    14:14:44.0625 4520 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xD863FED
    14:14:44.0625 4520 ============================================================
    14:14:44.0625 4520 C: <-> \Device\Harddisk0\DR0\Partition1
    14:14:44.0625 4520 ============================================================
    14:14:44.0625 4520 Initialize success
    14:14:44.0625 4520 ============================================================
    14:16:08.0296 6080 ============================================================
    14:16:08.0296 6080 Scan started
    14:16:08.0296 6080 Mode: Manual;
    14:16:08.0296 6080 ============================================================
    14:16:09.0093 6080 ================ Scan system memory ========================
    14:16:13.0218 6080 System memory - ok
    14:16:13.0218 6080 ================ Scan services =============================
    14:16:13.0750 6080 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
    14:16:13.0750 6080 Aavmker4 - ok
    14:16:13.0750 6080 Abiosdsk - ok
    14:16:13.0781 6080 abp480n5 - ok
    14:16:14.0031 6080 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    14:16:14.0093 6080 ACDaemon - ok
    14:16:14.0218 6080 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    14:16:14.0312 6080 ACPI - ok
    14:16:14.0343 6080 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    14:16:14.0359 6080 ACPIEC - ok
    14:16:14.0359 6080 adpu160m - ok
    14:16:14.0468 6080 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
    14:16:14.0546 6080 aec - ok
    14:16:14.0640 6080 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    14:16:14.0703 6080 AFD - ok
    14:16:14.0750 6080 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
    14:16:14.0765 6080 AgereModemAudio - ok
    14:16:15.0390 6080 [ 07758C2196A62F207F77556311E7459A ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    14:16:15.0953 6080 AgereSoftModem - ok
    14:16:15.0968 6080 Aha154x - ok
    14:16:15.0968 6080 aic78u2 - ok
    14:16:15.0968 6080 aic78xx - ok
    14:16:16.0000 6080 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    14:16:16.0000 6080 Alerter - ok
    14:16:16.0046 6080 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
    14:16:16.0078 6080 ALG - ok
    14:16:16.0078 6080 AliIde - ok
    14:16:17.0000 6080 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
    14:16:17.0890 6080 Ambfilt - ok
    14:16:17.0890 6080 amsint - ok
    14:16:17.0984 6080 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    14:16:18.0046 6080 AppMgmt - ok
    14:16:18.0125 6080 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
    14:16:18.0156 6080 Arp1394 - ok
    14:16:18.0156 6080 asc - ok
    14:16:18.0171 6080 asc3350p - ok
    14:16:18.0171 6080 asc3550 - ok
    14:16:18.0390 6080 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    14:16:18.0468 6080 aspnet_state - ok
    14:16:18.0515 6080 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
    14:16:18.0515 6080 aswFsBlk - ok
    14:16:18.0578 6080 [ E2FEE0486D68BF85355D3EDA1A24FF68 ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
    14:16:18.0578 6080 aswKbd - ok
    14:16:18.0671 6080 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
    14:16:18.0703 6080 aswMon2 - ok
    14:16:18.0781 6080 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
    14:16:18.0796 6080 aswRdr - ok
    14:16:19.0218 6080 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
    14:16:19.0578 6080 aswSnx - ok
    14:16:19.0796 6080 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
    14:16:19.0968 6080 aswSP - ok
    14:16:20.0015 6080 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
    14:16:20.0046 6080 aswTdi - ok
    14:16:20.0062 6080 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    14:16:20.0078 6080 AsyncMac - ok
    14:16:20.0156 6080 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    14:16:20.0156 6080 atapi - ok
    14:16:20.0171 6080 Atdisk - ok
    14:16:20.0406 6080 [ C4B5144443A368741E6427FAA44C5491 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
    14:16:20.0609 6080 Ati HotKey Poller - ok
    14:16:21.0390 6080 [ 221F0A33229CCE7BF2F7640D3BB8845D ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    14:16:22.0171 6080 ati2mtag - ok
    14:16:22.0234 6080 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    14:16:22.0265 6080 Atmarpc - ok
    14:16:22.0328 6080 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    14:16:22.0343 6080 AudioSrv - ok
    14:16:22.0390 6080 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    14:16:22.0390 6080 audstub - ok
    14:16:22.0515 6080 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    14:16:22.0515 6080 avast! Antivirus - ok
    14:16:22.0765 6080 [ 68B86DD9D455A6A8DE6D13C84FB5CE31 ] BackupService C:\Documents and Settings\Hendrik Veldhuyzen\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
    14:16:22.0812 6080 BackupService - ok
    14:16:22.0843 6080 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    14:16:22.0843 6080 Beep - ok
    14:16:23.0078 6080 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
    14:16:23.0281 6080 BITS - ok
    14:16:23.0484 6080 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    14:16:23.0609 6080 Bonjour Service - ok
    14:16:23.0687 6080 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
    14:16:23.0734 6080 Browser - ok
    14:16:23.0765 6080 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    14:16:23.0781 6080 cbidf2k - ok
    14:16:23.0781 6080 cd20xrnt - ok
    14:16:23.0812 6080 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    14:16:23.0843 6080 Cdaudio - ok
    14:16:23.0890 6080 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    14:16:23.0921 6080 Cdfs - ok
    14:16:23.0953 6080 [ 351735695E9EAD93DE6AF85D8BEB1CA8 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys
    14:16:23.0968 6080 cdrbsdrv - ok
    14:16:24.0031 6080 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    14:16:24.0046 6080 Cdrom - ok
    14:16:24.0171 6080 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    14:16:24.0187 6080 CFSvcs - ok
    14:16:24.0203 6080 Changer - ok
    14:16:24.0234 6080 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
    14:16:24.0250 6080 CiSvc - ok
    14:16:24.0265 6080 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    14:16:24.0281 6080 ClipSrv - ok
    14:16:24.0437 6080 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    14:16:24.0578 6080 clr_optimization_v2.0.50727_32 - ok
    14:16:24.0671 6080 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    14:16:24.0812 6080 clr_optimization_v4.0.30319_32 - ok
    14:16:24.0843 6080 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    14:16:24.0859 6080 CmBatt - ok
    14:16:24.0859 6080 CmdIde - ok
    14:16:24.0906 6080 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    14:16:24.0906 6080 Compbatt - ok
    14:16:24.0906 6080 COMSysApp - ok
    14:16:24.0921 6080 Cpqarray - ok
    14:16:25.0000 6080 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    14:16:25.0031 6080 CryptSvc - ok
    14:16:25.0031 6080 dac2w2k - ok
    14:16:25.0031 6080 dac960nt - ok
    14:16:25.0296 6080 [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    14:16:25.0500 6080 DcomLaunch - ok
    14:16:25.0593 6080 [ EF545E1A4B043DA4C84E230DD471C55F ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    14:16:25.0640 6080 Dhcp - ok
    14:16:25.0671 6080 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    14:16:25.0687 6080 Disk - ok
    14:16:25.0750 6080 [ EE4325BECEF51B8C32B4329097E4F301 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    14:16:25.0765 6080 DLABOIOM - ok
    14:16:25.0765 6080 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    14:16:25.0765 6080 DLACDBHM - ok
    14:16:25.0796 6080 [ 1E6C6597833A04C2157BE7B39EA92CE1 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
    14:16:25.0796 6080 DLADResN - ok
    14:16:25.0859 6080 [ 752376E109A090970BFA9722F0F40B03 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    14:16:25.0890 6080 DLAIFS_M - ok
    14:16:25.0921 6080 [ 62EE7902E74B90BF1CCC4643FC6C07A7 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    14:16:25.0937 6080 DLAOPIOM - ok
    14:16:25.0937 6080 [ 5C220124C5AFEAEE84A9BB89D685C17B ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    14:16:25.0937 6080 DLAPoolM - ok
    14:16:25.0968 6080 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    14:16:25.0968 6080 DLARTL_N - ok
    14:16:26.0031 6080 [ 4EBB78D9BBF072119363B35B9B3E518F ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    14:16:26.0078 6080 DLAUDFAM - ok
    14:16:26.0125 6080 [ 333B770E52D2CEA7BD86391120466E43 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    14:16:26.0156 6080 DLAUDF_M - ok
    14:16:26.0171 6080 dmadmin - ok
    14:16:26.0625 6080 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    14:16:27.0031 6080 dmboot - ok
    14:16:27.0125 6080 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    14:16:27.0203 6080 dmio - ok
    14:16:27.0234 6080 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    14:16:27.0234 6080 dmload - ok
    14:16:27.0296 6080 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
    14:16:27.0312 6080 dmserver - ok
    14:16:27.0359 6080 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    14:16:27.0390 6080 DMusic - ok
    14:16:27.0453 6080 [ AAC8FFBFD61E784FA3BAC851D4A0BD5F ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    14:16:27.0484 6080 Dnscache - ok
    14:16:27.0484 6080 dpti2o - ok
    14:16:27.0500 6080 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    14:16:27.0515 6080 drmkaud - ok
    14:16:27.0562 6080 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    14:16:27.0609 6080 DRVMCDB - ok
    14:16:27.0640 6080 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    14:16:27.0656 6080 DRVNDDM - ok
    14:16:27.0750 6080 [ C9FFBD6B8EDC46CD3D13E3C6DB914FB7 ] DVD-RAM_Service C:\WINDOWS\system32\DVDRAMSV.exe
    14:16:27.0812 6080 DVD-RAM_Service - ok
    14:16:27.0937 6080 [ E1FA10ED8F9F700C1BE1EAE05A80EF57 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    14:16:28.0015 6080 e1express - ok
    14:16:28.0062 6080 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
    14:16:28.0078 6080 ERSvc - ok
    14:16:28.0156 6080 [ 4712531AB7A01B7EE059853CA17D39BD ] Eventlog C:\WINDOWS\system32\services.exe
    14:16:28.0234 6080 Eventlog - ok
    14:16:28.0390 6080 [ A4AB3DCA4A383F0DF4988ABDEB84F9A4 ] EventSystem C:\WINDOWS\system32\es.dll
    14:16:28.0515 6080 EventSystem - ok
    14:16:29.0046 6080 [ 53CCA6B4DF0977074E85C9A18F42B5CC ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    14:16:29.0515 6080 EvtEng - ok
    14:16:29.0625 6080 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    14:16:29.0687 6080 Fastfat - ok
    14:16:29.0796 6080 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    14:16:29.0875 6080 FastUserSwitchingCompatibility - ok
    14:16:29.0890 6080 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    14:16:29.0906 6080 Fdc - ok
    14:16:29.0984 6080 [ 3314F3134AC59771A133A0CD3D343FFF ] FdRedir C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
    14:16:30.0000 6080 FdRedir - ok
    14:16:30.0031 6080 [ 7B33F094A7A42A0225C344F5B25B1B05 ] FileDisk2 C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
    14:16:30.0046 6080 FileDisk2 - ok
    14:16:30.0093 6080 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    14:16:30.0109 6080 Fips - ok
    14:16:30.0546 6080 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    14:16:30.0546 6080 FLEXnet Licensing Service - ok
    14:16:30.0562 6080 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    14:16:30.0578 6080 Flpydisk - ok
    14:16:30.0671 6080 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    14:16:30.0718 6080 FltMgr - ok
    14:16:30.0828 6080 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    14:16:30.0859 6080 FontCache3.0.0.0 - ok
    14:16:30.0921 6080 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    14:16:30.0921 6080 Fs_Rec - ok
    14:16:31.0000 6080 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    14:16:31.0046 6080 Ftdisk - ok
    14:16:31.0078 6080 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    14:16:31.0093 6080 Gpc - ok
    14:16:31.0156 6080 [ CD007D03A9284BFE67D49C01213132BF ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
    14:16:31.0156 6080 grmnusb - ok
    14:16:31.0328 6080 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9b92f7886483c C:\Program Files\Google\Update\GoogleUpdate.exe
    14:16:31.0390 6080 gupdate1c9b92f7886483c - ok
    14:16:31.0468 6080 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    14:16:31.0468 6080 gupdatem - ok
    14:16:31.0546 6080 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    14:16:31.0625 6080 HDAudBus - ok
    14:16:31.0703 6080 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    14:16:31.0734 6080 helpsvc - ok
    14:16:31.0781 6080 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
    14:16:31.0796 6080 HidServ - ok
    14:16:31.0843 6080 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    14:16:31.0859 6080 HidUsb - ok
    14:16:31.0859 6080 hpn - ok
    14:16:31.0921 6080 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    14:16:31.0953 6080 HPZid412 - ok
    14:16:31.0984 6080 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    14:16:32.0000 6080 HPZipr12 - ok
    14:16:32.0015 6080 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    14:16:32.0031 6080 HPZius12 - ok
    14:16:32.0218 6080 [ CB77BB47E67E84DEB17BA29632501730 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    14:16:32.0359 6080 HTTP - ok
    14:16:32.0421 6080 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    14:16:32.0437 6080 HTTPFilter - ok
    14:16:32.0437 6080 i2omgmt - ok
    14:16:32.0437 6080 i2omp - ok
    14:16:32.0500 6080 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    14:16:32.0531 6080 i8042prt - ok
    14:16:32.0656 6080 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    14:16:32.0703 6080 IDriverT - ok
    14:16:33.0015 6080 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    14:16:33.0281 6080 idsvc - ok
    14:16:33.0328 6080 [ 0B556E950404D90D097C687E65238730 ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
    14:16:33.0343 6080 IFXTPM - ok
    14:16:33.0390 6080 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    14:16:33.0421 6080 Imapi - ok
    14:16:33.0515 6080 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
    14:16:33.0562 6080 ImapiService - ok
    14:16:33.0578 6080 ini910u - ok
    14:16:36.0171 6080 [ FFF40B71C4845188A2CB2DFBC480B855 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    14:16:36.0203 6080 IntcAzAudAddService - ok
    14:16:36.0218 6080 IntelIde - ok
    14:16:36.0250 6080 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    14:16:36.0281 6080 intelppm - ok
    14:16:36.0328 6080 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    14:16:36.0343 6080 Ip6Fw - ok
    14:16:36.0375 6080 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    14:16:36.0390 6080 IpFilterDriver - ok
    14:16:36.0421 6080 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    14:16:36.0421 6080 IpInIp - ok
    14:16:36.0500 6080 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    14:16:36.0562 6080 IpNat - ok
    14:16:36.0609 6080 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    14:16:36.0640 6080 IPSec - ok
    14:16:36.0718 6080 [ 86C204836FEEC22510D434982D4221B8 ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
    14:16:36.0750 6080 irda - ok
    14:16:36.0781 6080 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    14:16:36.0781 6080 IRENUM - ok
    14:16:36.0828 6080 [ 64F4D0BFB317EC15E8F35F92A6BFC54E ] Irmon C:\WINDOWS\System32\irmon.dll
    14:16:36.0843 6080 Irmon - ok
    14:16:36.0906 6080 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    14:16:36.0921 6080 isapnp - ok
    14:16:36.0937 6080 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
    14:16:36.0953 6080 Iviaspi - ok
    14:16:37.0234 6080 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    14:16:37.0328 6080 JavaQuickStarterService - ok
    14:16:37.0343 6080 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    14:16:37.0359 6080 Kbdclass - ok
    14:16:37.0421 6080 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    14:16:37.0421 6080 kbdhid - ok
    14:16:37.0546 6080 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    14:16:37.0546 6080 kmixer - ok
    14:16:37.0812 6080 [ 1A8D8CB042E2724385227F1A19A8DECC ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
    14:16:37.0953 6080 Kodak AiO Network Discovery Service - ok
    14:16:38.0046 6080 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    14:16:38.0093 6080 KSecDD - ok
    14:16:38.0171 6080 [ 166C7266F8CC653FC252486A46877390 ] l8042pr2 C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
    14:16:38.0203 6080 l8042pr2 - ok
    14:16:38.0281 6080 [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    14:16:38.0343 6080 lanmanserver - ok
    14:16:38.0453 6080 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    14:16:38.0515 6080 lanmanworkstation - ok
    14:16:38.0593 6080 [ 419590EBE7855215BB157EA0CF0D0531 ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
    14:16:38.0625 6080 Lbd - ok
    14:16:38.0625 6080 lbrtfdc - ok
    14:16:38.0812 6080 [ F02AAC87C4AD651A44C55BB92048500B ] lfsfilt C:\WINDOWS\system32\DRIVERS\lfsfilt.sys
    14:16:38.0953 6080 lfsfilt - ok
    14:16:39.0000 6080 [ A1577A20EB5C1859C79EC643ECED6F6F ] LHidFlt2 C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys
    14:16:39.0015 6080 LHidFlt2 - ok
    14:16:39.0046 6080 [ 8CBC68215E5B3B92566B10A3C23D5102 ] LKbdFlt2 C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
    14:16:39.0046 6080 LKbdFlt2 - ok
    14:16:39.0093 6080 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    14:16:39.0109 6080 LmHosts - ok
    14:16:39.0187 6080 [ 6A62A0409BBF276CC46B560D0A83D376 ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
    14:16:39.0218 6080 LMouFlt2 - ok
    14:16:39.0343 6080 [ FA8828EF4EDCD5514A010B9082795FFA ] lpx C:\WINDOWS\system32\DRIVERS\lpx.sys
    14:16:39.0390 6080 lpx - ok
    14:16:39.0453 6080 [ 7EFAC183A25B30FB5D64CC9D484B1EB6 ] meiudf C:\WINDOWS\system32\Drivers\meiudf.sys
    14:16:39.0500 6080 meiudf - ok
    14:16:39.0546 6080 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    14:16:39.0562 6080 Messenger - ok
    14:16:39.0609 6080 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    14:16:39.0609 6080 mnmdd - ok
    14:16:39.0640 6080 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    14:16:39.0656 6080 mnmsrvc - ok
    14:16:39.0703 6080 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    14:16:39.0718 6080 Modem - ok
    14:16:40.0656 6080 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
    14:16:41.0531 6080 Monfilt - ok
    14:16:41.0578 6080 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    14:16:41.0593 6080 Mouclass - ok
    14:16:41.0640 6080 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    14:16:41.0640 6080 mouhid - ok
    14:16:41.0687 6080 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    14:16:41.0703 6080 MountMgr - ok
    14:16:41.0812 6080 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    14:16:41.0859 6080 MozillaMaintenance - ok
    14:16:41.0875 6080 mraid35x - ok
    14:16:41.0984 6080 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    14:16:42.0062 6080 MRxDAV - ok
    14:16:42.0515 6080 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    14:16:42.0718 6080 MRxSmb - ok
    14:16:42.0765 6080 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    14:16:42.0781 6080 MSDTC - ok
    14:16:42.0828 6080 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    14:16:42.0843 6080 Msfs - ok
    14:16:42.0843 6080 MSIServer - ok
    14:16:42.0875 6080 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    14:16:42.0875 6080 MSKSSRV - ok
    14:16:42.0890 6080 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    14:16:42.0890 6080 MSPCLOCK - ok
    14:16:42.0906 6080 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    14:16:42.0906 6080 MSPQM - ok
    14:16:42.0937 6080 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    14:16:42.0953 6080 mssmbios - ok
    14:16:43.0015 6080 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    14:16:43.0062 6080 Mup - ok
    14:16:43.0531 6080 [ A7CD17E33424F6525E3AB7052D832DBC ] ndasbus C:\WINDOWS\system32\DRIVERS\ndasbus.sys
    14:16:43.0718 6080 ndasbus - ok
    14:16:43.0953 6080 [ FA56687905BAE83CD911688DB29AF7E1 ] ndasfat C:\WINDOWS\system32\DRIVERS\ndasfat.sys
    14:16:44.0187 6080 ndasfat - ok
    14:16:44.0578 6080 [ A1C79634D06A9DE1146730DC5D9535E4 ] ndasfs C:\WINDOWS\system32\DRIVERS\ndasfs.sys
    14:16:44.0734 6080 ndasfs - ok
    14:16:45.0140 6080 [ 65FB3697B31B2966F941E90E726CEE83 ] ndasrofs C:\WINDOWS\system32\DRIVERS\ndasrofs.sys
    14:16:45.0703 6080 ndasrofs - ok
    14:16:45.0937 6080 [ D2C148B2B064EF02EB5BD927B06EF5E6 ] ndasscsi C:\WINDOWS\system32\DRIVERS\ndasscsi.sys
    14:16:46.0125 6080 ndasscsi - ok
    14:16:46.0484 6080 [ D92BB3E9CDF6D03B2905F8CFD2CDED3C ] ndassvc C:\Program Files\NDAS\System\ndassvc.exe
    14:16:46.0625 6080 ndassvc - ok
    14:16:46.0718 6080 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    14:16:46.0812 6080 NDIS - ok
    14:16:46.0843 6080 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    14:16:46.0859 6080 NdisTapi - ok
    14:16:46.0875 6080 [ 8D3CE6B579CDE8D37ACC690B67DC2106 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    14:16:46.0875 6080 Ndisuio - ok
    14:16:46.0921 6080 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    14:16:46.0968 6080 NdisWan - ok
    14:16:47.0000 6080 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    14:16:47.0031 6080 NDProxy - ok
    14:16:47.0078 6080 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    14:16:47.0109 6080 Net Driver HPZ12 - ok
    14:16:47.0140 6080 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    14:16:47.0156 6080 NetBIOS - ok
    14:16:47.0265 6080 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    14:16:47.0343 6080 NetBT - ok
    14:16:47.0406 6080 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
    14:16:47.0453 6080 NetDDE - ok
    14:16:47.0500 6080 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    14:16:47.0500 6080 NetDDEdsdm - ok
    14:16:47.0531 6080 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
    14:16:47.0546 6080 Netdevio - ok
    14:16:47.0593 6080 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
    14:16:47.0609 6080 Netlogon - ok
    14:16:47.0718 6080 [ 36739B39267914BA69AD0610A0299732 ] Netman C:\WINDOWS\System32\netman.dll
    14:16:47.0718 6080 Netman - ok
    14:16:47.0828 6080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    14:16:47.0921 6080 NetTcpPortSharing - ok
    14:16:50.0093 6080 [ CCDB8DB66ACD3C0A6C8E171B79F60AC4 ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
    14:16:52.0187 6080 NETw5x32 - ok
    14:16:52.0234 6080 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
    14:16:52.0265 6080 NIC1394 - ok
    14:16:52.0421 6080 [ 097722F235A1FB698BF9234E01B52637 ] Nla C:\WINDOWS\System32\mswsock.dll
    14:16:52.0437 6080 Nla - ok
    14:16:52.0500 6080 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    14:16:52.0515 6080 Npfs - ok
    14:16:52.0843 6080 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    14:16:53.0109 6080 Ntfs - ok
    14:16:53.0125 6080 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    14:16:53.0125 6080 NtLmSsp - ok
    14:16:53.0343 6080 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    14:16:53.0484 6080 NtmsSvc - ok
    14:16:53.0531 6080 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    14:16:53.0531 6080 Null - ok
    14:16:53.0562 6080 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    14:16:53.0562 6080 NwlnkFlt - ok
    14:16:53.0593 6080 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    14:16:53.0609 6080 NwlnkFwd - ok
    14:16:53.0656 6080 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    14:16:53.0687 6080 ohci1394 - ok
    14:16:53.0734 6080 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    14:16:53.0765 6080 Parport - ok
    14:16:53.0796 6080 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    14:16:53.0796 6080 PartMgr - ok
    14:16:53.0812 6080 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    14:16:53.0828 6080 ParVdm - ok
    14:16:53.0890 6080 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    14:16:53.0921 6080 PCI - ok
    14:16:53.0921 6080 PCIDump - ok
    14:16:53.0953 6080 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    14:16:53.0953 6080 PCIIde - ok
    14:16:54.0046 6080 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    14:16:54.0109 6080 Pcmcia - ok
    14:16:54.0109 6080 PDCOMP - ok
    14:16:54.0109 6080 PDFRAME - ok
    14:16:54.0109 6080 PDRELI - ok
    14:16:54.0125 6080 PDRFRAME - ok
    14:16:54.0125 6080 perc2 - ok
    14:16:54.0125 6080 perc2hib - ok
    14:16:54.0140 6080 [ 444F122E68DB44C0589227781F3C8B3F ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
    14:16:54.0156 6080 Pfc - ok
    14:16:54.0234 6080 [ 4712531AB7A01B7EE059853CA17D39BD ] PlugPlay C:\WINDOWS\system32\services.exe
    14:16:54.0234 6080 PlugPlay - ok
    14:16:54.0281 6080 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    14:16:54.0312 6080 Pml Driver HPZ12 - ok
    14:16:54.0343 6080 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    14:16:54.0343 6080 PolicyAgent - ok
    14:16:54.0375 6080 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    14:16:54.0390 6080 PptpMiniport - ok
    14:16:54.0406 6080 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    14:16:54.0406 6080 ProtectedStorage - ok
    14:16:54.0453 6080 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    14:16:54.0484 6080 PSched - ok
    14:16:54.0500 6080 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    14:16:54.0515 6080 Ptilink - ok
    14:16:54.0546 6080 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    14:16:54.0562 6080 PxHelp20 - ok
    14:16:54.0562 6080 ql1080 - ok
    14:16:54.0562 6080 Ql10wnt - ok
    14:16:54.0562 6080 ql12160 - ok
    14:16:54.0578 6080 ql1240 - ok
    14:16:54.0578 6080 ql1280 - ok
    14:16:54.0593 6080 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    14:16:54.0609 6080 RasAcd - ok
    14:16:54.0718 6080 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
    14:16:54.0750 6080 RasAuto - ok
    14:16:54.0781 6080 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
    14:16:54.0796 6080 Rasirda - ok
    14:16:54.0828 6080 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    14:16:54.0859 6080 Rasl2tp - ok
    14:16:54.0984 6080 [ 49B5EED5FB89D39456A2F616CCD8BA5D ] RasMan C:\WINDOWS\System32\rasmans.dll
    14:16:55.0078 6080 RasMan - ok
    14:16:55.0109 6080 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    14:16:55.0125 6080 RasPppoe - ok
    14:16:55.0156 6080 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    14:16:55.0171 6080 Raspti - ok
    14:16:55.0312 6080 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    14:16:55.0390 6080 Rdbss - ok
    14:16:55.0421 6080 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    14:16:55.0421 6080 RDPCDD - ok
    14:16:55.0531 6080 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    14:16:55.0625 6080 rdpdr - ok
    14:16:55.0718 6080 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    14:16:55.0781 6080 RDPWD - ok
    14:16:55.0875 6080 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    14:16:55.0937 6080 RDSessMgr - ok
    14:16:55.0984 6080 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    14:16:56.0015 6080 redbook - ok
    14:16:56.0296 6080 [ 7C4391419852DFC331F6AF620C33AF3C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    14:16:56.0531 6080 RegSrvc - ok
    14:16:56.0578 6080 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    14:16:56.0609 6080 RemoteAccess - ok
    14:16:56.0671 6080 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    14:16:56.0703 6080 RemoteRegistry - ok
    14:16:56.0765 6080 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
    14:16:56.0796 6080 RpcLocator - ok
    14:16:57.0015 6080 [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] RpcSs C:\WINDOWS\system32\rpcss.dll
    14:16:57.0031 6080 RpcSs - ok
    14:16:57.0125 6080 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    14:16:57.0187 6080 RSVP - ok
    14:16:57.0718 6080 [ 55CCC8CED5778556F6B516B3858AC970 ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    14:16:58.0171 6080 S24EventMonitor - ok
    14:16:58.0234 6080 [ 96B4494D4734970F47C566E098C4F527 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
    14:16:58.0234 6080 s24trans - ok
    14:16:58.0265 6080 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
    14:16:58.0281 6080 SamSs - ok
    14:16:58.0359 6080 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    14:16:58.0390 6080 SCardSvr - ok
    14:16:58.0515 6080 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
    14:16:58.0609 6080 Schedule - ok
    14:16:58.0687 6080 [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
    14:16:58.0734 6080 sdbus - ok
    14:16:58.0781 6080 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    14:16:58.0796 6080 Secdrv - ok
    14:16:58.0828 6080 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
    14:16:58.0843 6080 seclogon - ok
    14:16:58.0875 6080 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
    14:16:58.0890 6080 SENS - ok
    14:16:58.0906 6080 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    14:16:58.0921 6080 serenum - ok
    14:16:58.0953 6080 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    14:16:58.0984 6080 Serial - ok
    14:16:59.0031 6080 [ 1D9F1BEC651815741F088A8FB88E17EE ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
    14:16:59.0031 6080 sffdisk - ok
    14:16:59.0062 6080 [ 586499FD312FFD7F78553F408E71682E ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
    14:16:59.0062 6080 sffp_sd - ok
    14:16:59.0093 6080 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    14:16:59.0109 6080 Sfloppy - ok
    14:16:59.0312 6080 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    14:16:59.0484 6080 SharedAccess - ok
    14:16:59.0578 6080 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    14:16:59.0578 6080 ShellHWDetection - ok
    14:16:59.0578 6080 Simbad - ok
    14:16:59.0703 6080 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    14:16:59.0812 6080 SkypeUpdate - ok
    14:16:59.0875 6080 [ FAEDD4AC72C5772672CCE88B3ADAFA56 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
    14:16:59.0906 6080 SMCIRDA - ok
    14:16:59.0984 6080 [ 94EEDE27FD7D46707BE49127922695A7 ] smihlp C:\Program Files\Protector Suite QL\smihlp.sys
    14:16:59.0984 6080 smihlp - ok
    14:16:59.0984 6080 Sparrow - ok
    14:17:00.0015 6080 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    14:17:00.0015 6080 splitter - ok
    14:17:00.0078 6080 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    14:17:00.0109 6080 Spooler - ok
    14:17:00.0187 6080 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    14:17:00.0218 6080 sr - ok
    14:17:00.0328 6080 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
    14:17:00.0437 6080 srservice - ok
    14:17:00.0609 6080 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    14:17:00.0781 6080 Srv - ok
    14:17:00.0828 6080 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    14:17:00.0859 6080 SSDPSRV - ok
    14:17:00.0906 6080 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
    14:17:00.0906 6080 StillCam - ok
    14:17:01.0109 6080 [ B6763F8534AC547CF1AF98AFDFF2EDC8 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    14:17:01.0296 6080 stisvc - ok
    14:17:01.0328 6080 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    14:17:01.0328 6080 swenum - ok
    14:17:01.0406 6080 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    14:17:01.0437 6080 swmidi - ok
    14:17:01.0437 6080 SwPrv - ok
    14:17:01.0437 6080 symc810 - ok
    14:17:01.0437 6080 symc8xx - ok
    14:17:01.0468 6080 sym_hi - ok
    14:17:01.0468 6080 sym_u3 - ok
    14:17:01.0593 6080 [ A6CC8C28D5AAD4179EF32F05BED55E91 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
    14:17:01.0687 6080 SynTP - ok
    14:17:01.0750 6080 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    14:17:01.0781 6080 sysaudio - ok
    14:17:01.0843 6080 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    14:17:01.0890 6080 SysmonLog - ok
    14:17:02.0031 6080 [ FB78839B36025AA286A51289ED28B73E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    14:17:02.0156 6080 TapiSrv - ok
    14:17:02.0234 6080 [ 90861642FD6D8FAFB1408EE26FA93CB4 ] TAPPSRV C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    14:17:02.0265 6080 TAPPSRV - ok
    14:17:02.0312 6080 [ 1F26D86828039C0B594399F7F2FFEF09 ] TBiosDrv C:\WINDOWS\system32\Drivers\Tbiosdrv.sys
    14:17:02.0343 6080 TBiosDrv - ok
    14:17:02.0578 6080 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    14:17:02.0750 6080 Tcpip - ok
    14:17:02.0828 6080 [ FC6FE02F400308606A911640E72326B5 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
    14:17:02.0843 6080 TcUsb - ok
    14:17:02.0875 6080 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    14:17:02.0875 6080 TDPIPE - ok
    14:17:02.0906 6080 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    14:17:02.0906 6080 TDTCP - ok
    14:17:02.0953 6080 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    14:17:02.0984 6080 TermDD - ok
    14:17:03.0171 6080 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
    14:17:03.0343 6080 TermService - ok
    14:17:03.0437 6080 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] Themes C:\WINDOWS\System32\shsvcs.dll
    14:17:03.0453 6080 Themes - ok
    14:17:03.0515 6080 [ 9A932560E9246B0D370FB97789BC0FD4 ] Thpdrv C:\WINDOWS\system32\DRIVERS\thpdrv.sys
    14:17:03.0515 6080 Thpdrv - ok
    14:17:03.0531 6080 [ 51B3DFBE72CE64FAF326C07CCBB5D632 ] Thpevm C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
    14:17:03.0531 6080 Thpevm - ok
    14:17:03.0640 6080 [ 737AC9EC5E8107B72152E4F9C0AE1694 ] Thpsrv C:\WINDOWS\system32\ThpSrv.exe
    14:17:03.0734 6080 Thpsrv - ok
    14:17:03.0906 6080 [ C424F991494E5674F2E9B3CF9F5F55D1 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
    14:17:04.0046 6080 tifm21 - ok
    14:17:04.0109 6080 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    14:17:04.0140 6080 TlntSvr - ok
    14:17:04.0171 6080 [ 684BFB1E9ABB05D3F48C53F3CD16A3E6 ] TMEI3E C:\WINDOWS\system32\Drivers\TMEI3E.SYS
    14:17:04.0171 6080 TMEI3E - ok
    14:17:04.0296 6080 [ FADEDA0B83992E1749C3476868DFB822 ] Tmesrv C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    14:17:04.0359 6080 Tmesrv - ok
    14:17:04.0375 6080 TosIde - ok
    14:17:04.0437 6080 [ CC069342EE0EAE55B32A0AE99CF6185C ] tosrfec C:\WINDOWS\system32\DRIVERS\tosrfec.sys
    14:17:04.0437 6080 tosrfec - ok
    14:17:04.0500 6080 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
    14:17:04.0546 6080 TrkWks - ok
    14:17:04.0562 6080 [ 676DB15DDF2E0FF6EC03068DEA428B8B ] TVALD C:\WINDOWS\system32\DRIVERS\NBSMI.sys
    14:17:04.0562 6080 TVALD - ok
    14:17:04.0593 6080 [ AD5A08838261D8226AB7FC20C70849CA ] TVALG C:\WINDOWS\system32\DRIVERS\TVALG.SYS
    14:17:04.0593 6080 TVALG - ok
    14:17:04.0640 6080 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    14:17:04.0656 6080 Udfs - ok
    14:17:04.0671 6080 ultra - ok
    14:17:04.0718 6080 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
    14:17:04.0765 6080 UMWdf - ok
    14:17:04.0984 6080 [ CED744117E91BDC0BEB810F7D8608183 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    14:17:05.0171 6080 Update - ok
    14:17:05.0265 6080 [ ACA5D98663D879C6BAAFCEA7E2F1B710 ] upnphost C:\WINDOWS\System32\upnphost.dll
    14:17:05.0421 6080 upnphost - ok
    14:17:05.0468 6080 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
    14:17:05.0484 6080 UPS - ok
    14:17:05.0546 6080 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    14:17:05.0578 6080 usbaudio - ok
    14:17:05.0625 6080 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    14:17:05.0640 6080 usbccgp - ok
    14:17:05.0703 6080 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    14:17:05.0718 6080 usbehci - ok
    14:17:05.0765 6080 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    14:17:05.0796 6080 usbhub - ok
    14:17:05.0843 6080 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    14:17:05.0859 6080 usbprint - ok
    14:17:05.0875 6080 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    14:17:05.0890 6080 usbscan - ok
    14:17:05.0921 6080 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    14:17:05.0937 6080 USBSTOR - ok
    14:17:05.0968 6080 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    14:17:05.0984 6080 usbuhci - ok
    14:17:06.0015 6080 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    14:17:06.0031 6080 VgaSave - ok
    14:17:06.0031 6080 ViaIde - ok
    14:17:06.0078 6080 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    14:17:06.0109 6080 VolSnap - ok
    14:17:06.0296 6080 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
    14:17:06.0453 6080 VSS - ok
    14:17:06.0500 6080 [ C9A8BA443F809B70BCCCCD60CC73FA5C ] vulfnths C:\WINDOWS\System32\Drivers\vulfnth.sys
    14:17:06.0500 6080 vulfnths - ok
    14:17:06.0546 6080 [ 2D8C55889616F7767E9FB8ADEE37A02A ] vulfntrs C:\WINDOWS\System32\Drivers\vulfntr.sys
    14:17:06.0562 6080 vulfntrs - ok
    14:17:06.0671 6080 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
    14:17:06.0765 6080 W32Time - ok
    14:17:07.0500 6080 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
    14:17:08.0203 6080 w39n51 - ok
    14:17:08.0250 6080 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    14:17:08.0265 6080 Wanarp - ok
    14:17:08.0328 6080 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
    14:17:08.0328 6080 WDC_SAM - ok
    14:17:08.0468 6080 [ 997F2E3B66F1A987DEE83947FB40A033 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    14:17:08.0531 6080 WDDMService - ok
    14:17:09.0515 6080 [ 5BB2ED6A1070001038276C814BC8C1DE ] WDFME C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    14:17:10.0468 6080 WDFME - ok
    14:17:10.0468 6080 WDICA - ok
    14:17:10.0562 6080 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    14:17:10.0609 6080 wdmaud - ok
    14:17:10.0890 6080 [ 3BA6FAF9276294285B88C2E6C85A4A09 ] WDSC C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    14:17:11.0125 6080 WDSC - ok
    14:17:11.0187 6080 [ 265F534EF76832435AFBF771EC97176D ] WebClient C:\WINDOWS\System32\webclnt.dll
    14:17:11.0218 6080 WebClient - ok
    14:17:11.0390 6080 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    14:17:11.0468 6080 winmgmt - ok
    14:17:11.0515 6080 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    14:17:11.0531 6080 WmdmPmSN - ok
    14:17:11.0859 6080 [ E8E57B0F9EB03D1AABEC28D550C75116 ] Wmi C:\WINDOWS\System32\advapi32.dll
    14:17:12.0156 6080 Wmi - ok
    14:17:12.0265 6080 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    14:17:12.0328 6080 WmiApSrv - ok
    14:17:12.0796 6080 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    14:17:13.0171 6080 WPFFontCache_v0400 - ok
    14:17:13.0218 6080 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    14:17:13.0218 6080 WS2IFSL - ok
    14:17:13.0296 6080 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    14:17:13.0328 6080 wscsvc - ok
    14:17:13.0375 6080 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    14:17:13.0390 6080 wuauserv - ok
    14:17:13.0468 6080 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    14:17:13.0515 6080 WudfPf - ok
    14:17:13.0562 6080 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    14:17:13.0609 6080 WudfRd - ok
    14:17:13.0640 6080 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    14:17:13.0671 6080 WudfSvc - ok
    14:17:13.0921 6080 [ 9BE3612A127478B34700BEF4ACBA554D ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    14:17:14.0171 6080 WZCSVC - ok
    14:17:14.0250 6080 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    14:17:14.0312 6080 xmlprov - ok
    14:17:14.0312 6080 ================ Scan global ===============================
    14:17:14.0406 6080 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
    14:17:14.0593 6080 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
    14:17:14.0890 6080 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
    14:17:15.0000 6080 [ 4712531AB7A01B7EE059853CA17D39BD ] C:\WINDOWS\system32\services.exe
    14:17:15.0000 6080 [Global] - ok
    14:17:15.0000 6080 ================ Scan MBR ==================================
    14:17:15.0046 6080 [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk0\DR0
    14:17:15.0375 6080 \Device\Harddisk0\DR0 - ok
    14:17:15.0375 6080 ================ Scan VBR ==================================
    14:17:15.0375 6080 [ D1DCD00C9A53F99DF22C5FAB7F50256F ] \Device\Harddisk0\DR0\Partition1
    14:17:15.0375 6080 \Device\Harddisk0\DR0\Partition1 - ok
    14:17:15.0375 6080 ============================================================
    14:17:15.0375 6080 Scan finished
    14:17:15.0375 6080 ============================================================
    14:17:15.0421 4692 Detected object count: 0
    14:17:15.0421 4692 Actual detected object count: 0
    14:19:05.0734 5668 Deinitialize success
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    can other computers using the same router connect to all sites or do they have problem with secure sites or is it only this one computer having problems
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    looking at the error messages, the first thing to do is update to XP SP3 which you should have been on years ago

    Go here to download and save the full 316 MB SP3 upgrade.

    After it's been downloaded and saved, do the following:

    Double-click the saved SP3 upgrade file to start the upgrade process.

    It'll take 30 - 60 minutes or more to complete, so be patient.

    If you're not prompted to restart the computer after the upgrade is complete, do so.

    Restart the computer again.
     
  9. lite_fingers

    lite_fingers Thread Starter

    Joined:
    Dec 30, 2012
    Messages:
    11
    First regarding the wireless router

    1) There is another computer on the syustem and there are no problems enbcountered

    2) I have installed all the Service Pack 3 and updates to my computer At 3 hours 10 mintes I terminated the installation as it apeared to be hung up on the last cleaning the computer step (over 2 hours)

    I have no idea why Microsoft would not tell me I needed the Service pack 3 when I tried for updates?

    The Service pack is installed and all the updates were installed.

    I still can not submit data on this site (using an other computer for this submission) It did solved my inability to get on secure web sites but has not solved my problem of sending emails.

    When using this site I time out before the message is sent although after a long wait I could send an email.

    I Called my ISP (who do not suppport Thunderbird) They suggested I cange ports no help. They suggested Icomplete a speed test My download speed exceeded my ISP claimed connection rate.

    I could not get a upload connection.

    Suggestions?
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    is it just thunderbird that has problems with mail or does it still have problems when you use OE to set up an account & check for or send mail
     
  11. lite_fingers

    lite_fingers Thread Starter

    Joined:
    Dec 30, 2012
    Messages:
    11
    No I have tried to log in to Web Mail and look at saved messages. Result over 12 minutes of waiting nothing appeared although the browser seemed to occasionally communicate with a site but for most of the time the message at the bottom of the screeen was waiting for ******. com site. i never did see my mail folder nor could I get the web mail page although I did get it yesterday once after a long wait.
     
  12. lite_fingers

    lite_fingers Thread Starter

    Joined:
    Dec 30, 2012
    Messages:
    11
    When the last message was sent, the browser went to "page unavailable connection reset" Ther was no indication the message had been successfuly sent and I was still logged in site I only discovered I was still logged in to the site and my message was submitted by using the back button
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    that is probably something to do with cookies being blocked but might just be a malware problem or you blocking adverts so the browser never gets to the page

    I can't guarantee we can fix it but lets see what this does

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  14. lite_fingers

    lite_fingers Thread Starter

    Joined:
    Dec 30, 2012
    Messages:
    11
    after 5 tries (last try was left for several hours) all that I have recorded as is as follows:

    creating registry backup
    checking startup
    checking moduoles

    Error: System was unable to find the specified key or value
    checking processes
    checking services
    checking files
    chekcing folders
    checking registry - Quick scan

    Error: The system was unable to find the specified registry key or value
    checking registry - deep scan
    Cecking Internet Explorer

    Error: The system was unable to find the specified registry key or value

    No error log was created
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    turn off antivirus before trying to run it
    sometimes an AV will block tools from running
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - access secure sites
  1. emptyxremedy
    Replies:
    2
    Views:
    585
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1082980

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice