Infected with a virus that disables all antivirus

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Infected with a virus that disables all antivirus

#1 Ketty Loffer

Member

Group: Members
Posts: 19
Joined: 04-July 11

Posted 11 July 2011 - 05:12 PM

DDS Log

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 15:59:50 on 2011-07-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1918.1050 [GMT -6:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Pogoplug\PPDrive.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Pogoplug\dokanmnt.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE
C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Pogoplug\PPFS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070806
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070806
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [Pogoplug] "c:\program files\pogoplug\PPDRIVE.EXE"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9} : DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\261636B6071636B6 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\265616E63716E6462627567737 : DhcpNameServer = 205.139.50.143 63.209.206.118
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\348696C646 : DhcpNameServer = 216.250.32.34 216.250.32.36
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\765737475627 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\C4F66666978696A7A7F6573756 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\C696E6B6379737 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\C696E6B6379737F5355435F51353437353 : DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\0ly1t18e.default\
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-10-10 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-10-10 194264]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-10-10 103384]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-10-10 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-10 309848]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-10 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-10 54104]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-4-10 133944]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-7-4 42184]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2011-7-4 121000]
R2 DokanCEDriver;DokanCEDriver;c:\program files\pogoplug\dokance.sys [2011-5-27 54592]
R2 DokanCEMounter;DokanCEMounter;c:\program files\pogoplug\dokanmnt.exe [2011-5-27 124736]
R2 HBAdmin;HBAdmin;c:\program files\pogoplug\hbplug\hbadmin.exe [2011-5-27 701248]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2008-5-14 14416]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R3 xcetap0;XCETAP0 Adapter;c:\windows\system32\drivers\xcetap0.sys [2011-5-27 34624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 eyeonedp;eye-one display;c:\windows\system32\drivers\EyeOneDp.sys [2008-5-14 44344]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-6 30192]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-8-6 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-8-6 40552]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2009-3-30 200704]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-30 1343400]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-07-11 04:10:56 -------- d-----w- c:\users\administrator\appdata\roaming\WinPatrol
2011-07-11 03:55:44 -------- d-----w- c:\users\administrator\appdata\roaming\Malwarebytes
2011-07-11 03:55:19 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-11 03:55:15 -------- d-----w- c:\programdata\Malwarebytes
2011-07-11 03:55:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-11 03:55:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-09 15:35:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-09 15:31:56 -------- d-----w- c:\users\administrator\appdata\roaming\SUPERAntiSpyware.com
2011-07-09 15:31:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-08 14:43:36 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{647f3cb6-81c3-40b0-b381-da9111f1c295}\mpengine.dll
2011-07-01 22:09:03 25984 ----a-w- c:\windows\system32\drivers\1186436690.sys
2011-06-30 18:26:34 -------- d-----w- c:\users\administrator\.pdfsam
2011-06-30 18:06:02 -------- d-----w- c:\program files\pdfsam
2011-06-29 15:43:29 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 15:43:22 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 15:43:22 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 15:43:21 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 15:43:21 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 15:43:20 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 15:43:20 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 15:43:20 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 15:43:19 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 15:43:19 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-28 16:19:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-15 15:52:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 15:52:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 15:52:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
==================== Find3M ====================
.
2011-07-07 15:07:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:37:33 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36:18 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-27 21:11:28 442688 ----a-w- c:\windows\system32\xceprnt.dll
2011-05-27 07:03:22 34624 ----a-w- c:\windows\system32\drivers\xcetap0.sys
2011-05-25 01:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-03 04:50:29 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:57:34 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:57:21 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:57:13 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:33:46 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 04:56:06 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:35:40 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 19:36:05 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 19:31:50 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 18:23:59 386048 ----a-w- c:\windows\system32\html.iec
2008-03-30 03:51:23 6958968 ----a-w- c:\program files\SFTPMSI.exe
.
============= FINISH: 16:08:57.05 ===============

My system keeps crashing while running GMER - but here is the log for GMER that I saved before it crashed.

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-11 14:44:00
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160821AS rev.3.CDD
Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\fxdyipoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8CC20202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8DEA8D8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8CC227F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8CC22848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8CC2295E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8CC22746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8CC22898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8CC2279A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8CC2290C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8CC20226]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8DEA8E3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8CC1FFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8CC2024A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8CC22D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8CC20CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8CC22820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8CC22870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8CC22988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8CC22772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8CC228D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8CC227C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8CC22936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8DEA8ED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8CC20BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8CC2026E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8CC20292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8CC2004A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8CC20186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8CC20162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8CC201AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8CC202B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8DEBE398]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C53569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C78092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 214 82C7F824 4 Bytes [02, 02, C2, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82C7F84C 4 Bytes [8C, 8D, EA, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82C7F900 8 Bytes [F0, 27, C2, 8C, 48, 28, C2, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82C7F90C 4 Bytes [5E, 29, C2, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82C7F928 4 Bytes [46, 27, C2, 8C]
.text ...
? C:\Windows\System32\Drivers\1186436690.SYS Access is denied.
.text win32k.sys!EngMultiByteToUnicodeN + 7231 97C5987A 5 Bytes JMP 8CC23316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngIsSemaphoreOwned + 8A1B 97C708AA 5 Bytes JMP 8CC23440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + C12F 97C9172E 5 Bytes JMP 8CC23E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 3322 97CA4F4F 5 Bytes JMP 8CC22F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4027 97CA5C54 5 Bytes JMP 8CC23BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + 177B 97CAB585 5 Bytes JMP 8CC23326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 79DD 97CC7AE0 5 Bytes JMP 8CC22FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 86C4 97CC87C7 5 Bytes JMP 8CC22E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 92B4 97CC93B7 5 Bytes JMP 8CC23180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateSemaphore + A5D0 97CE41B4 5 Bytes JMP 8CC23B64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateSemaphore + C985 97CE6569 5 Bytes JMP 8CC22D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 56E 97CEFBAD 5 Bytes JMP 8CC23BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 5201 97CF4840 5 Bytes JMP 8CC24014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 6119 97D07A52 5 Bytes JMP 8CC22E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 1AE86 97D1C7BF 5 Bytes JMP 8CC23BF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_bEnum + 9788 97D2FCBC 5 Bytes JMP 8CC230E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26C1 97D37D9A 5 Bytes JMP 8CC23ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bPolyBezierTo + F8 97D4B815 5 Bytes JMP 8CC230AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAcquireSemaphoreSharedNoWait + 1F5A 97D5B864 5 Bytes JMP 8CC23F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + EB5 97D8626F 5 Bytes JMP 8CC23008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetCurrentGamma + 1C6C 97D8A27E 5 Bytes JMP 8CC2303E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetPointerShape + C86 97D8CF34 5 Bytes JMP 8CC23D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_cEnumStart + 6D0F 97D95C35 5 Bytes JMP 8CC22EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[472] kernel32.dll!SetUnhandledExceptionFilter 768E3162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[472] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\csrss.exe[524] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[532] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[532] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[532] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[532] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00090A08
.text C:\Windows\system32\SearchIndexer.exe[532] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 000903FC
.text C:\Windows\system32\SearchIndexer.exe[532] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00090804
.text C:\Windows\system32\SearchIndexer.exe[532] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 000901F8
.text C:\Windows\system32\SearchIndexer.exe[532] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00090600
.text C:\Windows\system32\wininit.exe[596] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[596] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[596] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\wininit.exe[596] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wininit.exe[596] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wininit.exe[596] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\wininit.exe[596] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wininit.exe[596] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 000C0600
.text C:\Windows\system32\csrss.exe[604] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\services.exe[652] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000A03FC
.text C:\Windows\system32\services.exe[652] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000A01F8
.text C:\Windows\system32\services.exe[652] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[684] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[684] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[684] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[684] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 000C0A08
.text C:\Windows\system32\winlogon.exe[684] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 000C03FC
.text C:\Windows\system32\winlogon.exe[684] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\winlogon.exe[684] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\winlogon.exe[684] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 000C0600
.text C:\Windows\system32\lsass.exe[712] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[712] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\lsass.exe[712] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 000B0A08
.text C:\Windows\system32\lsass.exe[712] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 000B03FC
.text C:\Windows\system32\lsass.exe[712] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 000B0804
.text C:\Windows\system32\lsass.exe[712] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 000B01F8
.text C:\Windows\system32\lsass.exe[712] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 000B0600
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000A03FC
.text C:\Windows\system32\lsm.exe[720] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000A01F8
.text C:\Windows\system32\lsm.exe[720] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[772] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[772] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[772] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[772] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00100A08
.text C:\Windows\System32\spoolsv.exe[772] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001003FC
.text C:\Windows\System32\spoolsv.exe[772] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00100804
.text C:\Windows\System32\spoolsv.exe[772] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001001F8
.text C:\Windows\System32\spoolsv.exe[772] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00100600
.text C:\Windows\system32\taskhost.exe[788] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[788] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[788] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[788] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskhost.exe[788] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskhost.exe[788] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00070804
.text C:\Windows\system32\taskhost.exe[788] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskhost.exe[788] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[824] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[824] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[824] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[932] user32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 001A0A08
.text C:\Windows\system32\svchost.exe[932] user32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001A03FC
.text C:\Windows\system32\svchost.exe[932] user32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 001A0804
.text C:\Windows\system32\svchost.exe[932] user32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001A01F8
.text C:\Windows\system32\svchost.exe[932] user32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 001A0600
.text C:\Windows\system32\Ati2evxx.exe[980] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 001503FC
.text C:\Windows\system32\Ati2evxx.exe[980] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 001501F8
.text C:\Windows\system32\Ati2evxx.exe[980] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\Ati2evxx.exe[980] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 001E0A08
.text C:\Windows\system32\Ati2evxx.exe[980] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001E03FC
.text C:\Windows\system32\Ati2evxx.exe[980] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 001E0804
.text C:\Windows\system32\Ati2evxx.exe[980] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001E01F8
.text C:\Windows\system32\Ati2evxx.exe[980] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 001E0600
.text C:\Windows\System32\svchost.exe[1028] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1028] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1028] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1028] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 002A0A08
.text C:\Windows\System32\svchost.exe[1028] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 002A03FC
.text C:\Windows\System32\svchost.exe[1028] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 002A0804
.text C:\Windows\System32\svchost.exe[1028] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 002A01F8
.text C:\Windows\System32\svchost.exe[1028] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 002A0600
.text C:\Windows\System32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[1060] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000B01F8
.text C:\Windows\System32\svchost.exe[1060] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00880A08
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 008803FC
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00880804
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 008801F8
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00880600
.text C:\Windows\system32\Ati2evxx.exe[1084] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 001503FC
.text C:\Windows\system32\Ati2evxx.exe[1084] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 001501F8
.text C:\Windows\system32\Ati2evxx.exe[1084] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\Ati2evxx.exe[1084] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 001E0A08
.text C:\Windows\system32\Ati2evxx.exe[1084] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001E03FC
.text C:\Windows\system32\Ati2evxx.exe[1084] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 001E0804
.text C:\Windows\system32\Ati2evxx.exe[1084] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001E01F8
.text C:\Windows\system32\Ati2evxx.exe[1084] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 001E0600
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1116] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00E60A08
.text C:\Windows\system32\svchost.exe[1116] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 00E603FC
.text C:\Windows\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00E60804
.text C:\Windows\system32\svchost.exe[1116] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 00E601F8
.text C:\Windows\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00E60600
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 008D0A08
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 008D03FC
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 008D0804
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 008D01F8
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 008D0600
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00220A08
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 002203FC
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00220804
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 002201F8
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00220600
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1316] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1316] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1316] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00370A08
.text C:\Windows\system32\svchost.exe[1316] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 003703FC
.text C:\Windows\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00370804
.text C:\Windows\system32\svchost.exe[1316] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 003701F8
.text C:\Windows\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00370600
.text C:\Windows\System32\svchost.exe[1672] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1672] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1672] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1672] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00200A08
.text C:\Windows\System32\svchost.exe[1672] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 002003FC
.text C:\Windows\System32\svchost.exe[1672] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00200804
.text C:\Windows\System32\svchost.exe[1672] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 002001F8
.text C:\Windows\System32\svchost.exe[1672] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00200600
.text C:\Windows\system32\Dwm.exe[1760] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[1760] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[1760] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1760] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[1760] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[1760] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[1760] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[1760] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 000F0600
.text C:\Windows\Explorer.EXE[1912] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[1912] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[1912] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\Explorer.EXE[1912] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00110A08
.text C:\Windows\Explorer.EXE[1912] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001103FC
.text C:\Windows\Explorer.EXE[1912] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00110804
.text C:\Windows\Explorer.EXE[1912] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001101F8
.text C:\Windows\Explorer.EXE[1912] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00110600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2060] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2060] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2060] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2060] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00300A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2060] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 003003FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2060] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00300804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2060] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 003001F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2060] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00300600
.text C:\Users\Administrator\Desktop\gmer\gmer.exe[2156] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\atashost.exe[2168] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\atashost.exe[2168] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\atashost.exe[2168] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\atashost.exe[2168] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 000F0A08
.text C:\Windows\system32\atashost.exe[2168] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 000F03FC
.text C:\Windows\system32\atashost.exe[2168] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 000F0804
.text C:\Windows\system32\atashost.exe[2168] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 000F01F8
.text C:\Windows\system32\atashost.exe[2168] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 000F0600
.text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2192] KERNEL32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2328] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2328] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2328] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2328] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2328] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2328] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2328] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001801F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2328] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00180600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2368] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2368] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2368] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2368] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2368] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 002003FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2368] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00200804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2368] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 002001F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2368] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00200600
.text C:\Windows\system32\WUDFHost.exe[2388] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\WUDFHost.exe[2388] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\WUDFHost.exe[2388] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[2388] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00100A08
.text C:\Windows\system32\WUDFHost.exe[2388] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001003FC
.text C:\Windows\system32\WUDFHost.exe[2388] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00100804
.text C:\Windows\system32\WUDFHost.exe[2388] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001001F8
.text C:\Windows\system32\WUDFHost.exe[2388] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00100600
.text C:\Program Files\Pogoplug\dokanmnt.exe[2400] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Pogoplug\dokanmnt.exe[2400] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Pogoplug\dokanmnt.exe[2400] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\System32\WLTRAY.EXE[2560] KERNEL32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2568] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000903FC
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2568] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000901F8
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2568] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2568] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00130A08
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2568] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001303FC
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2568] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00130804
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2568] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001301F8
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2568] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00130600
.text C:\Windows\sttray.exe[2576] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 001503FC
.text C:\Windows\sttray.exe[2576] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 001501F8
.text C:\Windows\sttray.exe[2576] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\sttray.exe[2576] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 001E0A08
.text C:\Windows\sttray.exe[2576] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001E03FC
.text C:\Windows\sttray.exe[2576] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 001E0804
.text C:\Windows\sttray.exe[2576] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001E01F8
.text C:\Windows\sttray.exe[2576] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 001E0600
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2612] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2612] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00940A08
.text C:\Windows\system32\svchost.exe[2612] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 009403FC
.text C:\Windows\system32\svchost.exe[2612] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00940804
.text C:\Windows\system32\svchost.exe[2612] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 009401F8
.text C:\Windows\system32\svchost.exe[2612] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00940600
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2732] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2732] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2732] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2732] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2732] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2732] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 001F0804
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2732] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[2732] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Pogoplug\PPFS.EXE[2736] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Pogoplug\PPFS.EXE[2736] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Pogoplug\PPFS.EXE[2736] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Pogoplug\PPFS.EXE[2736] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Pogoplug\PPFS.EXE[2736] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Pogoplug\PPFS.EXE[2736] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 001F0804
.text C:\Program Files\Pogoplug\PPFS.EXE[2736] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Pogoplug\PPFS.EXE[2736] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[2744] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[2744] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[2744] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[2744] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 001E0A08
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[2744] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001E03FC
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[2744] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 001E0804
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[2744] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001E01F8
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[2744] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 001E0600
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2800] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2800] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2800] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2800] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00080A08
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2800] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 000803FC
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2800] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00080804
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2800] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 000801F8
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2800] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00080600
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2824] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2848] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00210600
.text C:\Program Files\Pogoplug\PPDrive.exe[2856] KERNEL32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Digital Line Detect\DLG.exe[2884] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Digital Line Detect\DLG.exe[2884] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Digital Line Detect\DLG.exe[2884] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Digital Line Detect\DLG.exe[2884] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 001E0A08
.text C:\Program Files\Digital Line Detect\DLG.exe[2884] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001E03FC
.text C:\Program Files\Digital Line Detect\DLG.exe[2884] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 001E0804
.text C:\Program Files\Digital Line Detect\DLG.exe[2884] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001E01F8
.text C:\Program Files\Digital Line Detect\DLG.exe[2884] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 001E0600
.text C:\Program Files\Skype\Phone\Skype.exe[2900] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 001703FC
.text C:\Program Files\Skype\Phone\Skype.exe[2900] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 001701F8
.text C:\Program Files\Skype\Phone\Skype.exe[2900] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Skype\Phone\Skype.exe[2900] user32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Skype\Phone\Skype.exe[2900] user32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 002003FC
.text C:\Program Files\Skype\Phone\Skype.exe[2900] user32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00200804
.text C:\Program Files\Skype\Phone\Skype.exe[2900] user32.dll!SetWinEventHook 7768507E 5 Bytes JMP 002001F8
.text C:\Program Files\Skype\Phone\Skype.exe[2900] user32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00200600
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 002003FC
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00200804
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 002001F8
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2972] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00200600
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[3044] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[3044] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[3044] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[3044] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[3044] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[3044] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 001F0804
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[3044] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[3044] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 001F0600
.text C:\Windows\system32\STacSV.exe[3084] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 001503FC
.text C:\Windows\system32\STacSV.exe[3084] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 001501F8
.text C:\Windows\system32\STacSV.exe[3084] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\STacSV.exe[3084] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 001F0A08
.text C:\Windows\system32\STacSV.exe[3084] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001F03FC
.text C:\Windows\system32\STacSV.exe[3084] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 001F0804
.text C:\Windows\system32\STacSV.exe[3084] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001F01F8
.text C:\Windows\system32\STacSV.exe[3084] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3124] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3124] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3124] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3124] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3124] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3124] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3124] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[3124] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[3180] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3180] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3180] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3232] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[3232] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[3232] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3232] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 001A0A08
.text C:\Windows\System32\svchost.exe[3232] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001A03FC
.text C:\Windows\System32\svchost.exe[3232] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 001A0804
.text C:\Windows\System32\svchost.exe[3232] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001A01F8
.text C:\Windows\System32\svchost.exe[3232] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 001A0600
.text C:\Windows\System32\WLTRYSVC.EXE[3284] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 001603FC
.text C:\Windows\System32\WLTRYSVC.EXE[3284] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 001601F8
.text C:\Windows\System32\WLTRYSVC.EXE[3284] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\System32\WLTRYSVC.EXE[3284] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 001F0A08
.text C:\Windows\System32\WLTRYSVC.EXE[3284] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001F03FC
.text C:\Windows\System32\WLTRYSVC.EXE[3284] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 001F0804
.text C:\Windows\System32\WLTRYSVC.EXE[3284] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001F01F8
.text C:\Windows\System32\WLTRYSVC.EXE[3284] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 001F0600
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 001503FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 001501F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 001F0A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001F03FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 001F0804
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001F01F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 001F0600
.text C:\Windows\System32\bcmwltry.exe[3324] KERNEL32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3488] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[3488] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[3488] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3488] user32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 004B0A08
.text C:\Windows\System32\svchost.exe[3488] user32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 004B03FC
.text C:\Windows\System32\svchost.exe[3488] user32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 004B0804
.text C:\Windows\System32\svchost.exe[3488] user32.dll!SetWinEventHook 7768507E 5 Bytes JMP 004B01F8
.text C:\Windows\System32\svchost.exe[3488] user32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 004B0600
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[3568] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[3568] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[3568] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[3568] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 001E0A08
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[3568] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001E03FC
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[3568] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 001E0804
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[3568] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001E01F8
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[3568] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 001E0600
.text C:\Windows\system32\svchost.exe[3712] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3712] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3712] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3712] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 002A0A08
.text C:\Windows\system32\svchost.exe[3712] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 002A03FC
.text C:\Windows\system32\svchost.exe[3712] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 002A0804
.text C:\Windows\system32\svchost.exe[3712] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 002A01F8
.text C:\Windows\system32\svchost.exe[3712] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 002A0600
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[3936] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[3936] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[3936] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[3936] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 001E0A08
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[3936] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001E03FC
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[3936] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 001E0804
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[3936] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001E01F8
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[3936] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 001E0600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4032] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4032] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4032] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4032] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00090A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4032] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 000903FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4032] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00090804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4032] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 000901F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4032] USER32.dll!TrackPopupMenu 776A4B3B 5 Bytes JMP 5BC289D7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4032] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00090600
.text C:\Windows\system32\svchost.exe[4492] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[4492] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[4492] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[4536] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000B03FC
.text C:\Windows\system32\wuauclt.exe[4536] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000B01F8
.text C:\Windows\system32\wuauclt.exe[4536] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[4536] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00140A08
.text C:\Windows\system32\wuauclt.exe[4536] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001403FC
.text C:\Windows\system32\wuauclt.exe[4536] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00140804
.text C:\Windows\system32\wuauclt.exe[4536] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001401F8
.text C:\Windows\system32\wuauclt.exe[4536] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00140600
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4596] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4596] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4596] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4596] user32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4596] user32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4596] user32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 001F0804
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4596] user32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[4596] user32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4696] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4696] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4696] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4696] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00140A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4696] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4696] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00140804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4696] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4696] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00140600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4748] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4748] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4748] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4748] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4748] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 002003FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4748] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00200804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4748] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 002001F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4748] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00200600
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtCreateFile + 6 77BD4876 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtCreateFile + B 77BD487B 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtCreateKey + 6 77BD48B6 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtCreateKey + B 77BD48BB 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtCreateMutant + 6 77BD48F6 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtCreateMutant + B 77BD48FB 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtCreateSection + 6 77BD4996 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtCreateSection + B 77BD499B 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtMapViewOfSection + B 77BD4EDB 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenFile + 6 77BD4F86 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenFile + B 77BD4F8B 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenKey + 6 77BD4FB6 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenKey + B 77BD4FBB 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenKeyEx + B 77BD4FCB 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenMutant + 6 77BD5006 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenMutant + B 77BD500B 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenProcess + 6 77BD5036 1 Byte [68]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenProcess + 6 77BD5036 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenProcess + B 77BD503B 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenProcessToken + 6 77BD5046 1 Byte [A8]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenProcessToken + 6 77BD5046 4 Bytes [A8, 03, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenProcessToken + B 77BD504B 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenProcessTokenEx + 6 77BD5056 4 Bytes [68, 04, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenProcessTokenEx + B 77BD505B 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenSection + B 77BD507B 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenThread + 6 77BD50B6 1 Byte [28]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenThread + 6 77BD50B6 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenThread + B 77BD50BB 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenThreadToken + 6 77BD50C6 4 Bytes [28, 04, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenThreadToken + B 77BD50CB 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenThreadTokenEx + 6 77BD50D6 4 Bytes [A8, 04, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtOpenThreadTokenEx + B 77BD50DB 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtQueryAttributesFile + 6 77BD51E6 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtQueryAttributesFile + B 77BD51EB 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtQueryFullAttributesFile + B 77BD529B 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtSetInformationFile + 6 77BD58E6 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtSetInformationFile + B 77BD58EB 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtSetInformationThread + 6 77BD5946 1 Byte [E8]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtSetInformationThread + B 77BD594B 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtUnmapViewOfSection + 6 77BD5C66 4 Bytes [28, 05, 07, 00]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!NtUnmapViewOfSection + B 77BD5C6B 1 Byte [E2]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000803FC
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000801F8
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] kernel32.dll!CreateProcessW 7689202D 5 Bytes JMP 00010030
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] kernel32.dll!CreateProcessA 76892062 5 Bytes JMP 00010070
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!ActivateKeyboardLayout 7767817D 5 Bytes JMP 001204F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00180A08
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001803FC
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!RegisterClipboardFormatA 7767E6B1 5 Bytes JMP 001202F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!RegisterClipboardFormatW 7767EDFD 5 Bytes JMP 001202B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00180804
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001801F8
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!SetClipboardData 77694979 5 Bytes JMP 00120170
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!EmptyClipboard 77694A28 5 Bytes JMP 00120130
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!GetClipboardData 77694B47 5 Bytes JMP 00120030
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!EnumClipboardFormats 77694D98 5 Bytes JMP 001201B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!GetClipboardFormatNameW 77697EB2 5 Bytes JMP 00120230
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!SetClipboardViewer 77698F4D 5 Bytes JMP 001204B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!GetClipboardFormatNameA 77698F61 5 Bytes JMP 00120270
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!GetOpenClipboardWindow 7769902F 1 Byte [E9]
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!GetOpenClipboardWindow 7769902F 5 Bytes JMP 001203F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!ChangeClipboardChain 776A3425 5 Bytes JMP 00120430
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!CloseClipboard 776A5BA7 5 Bytes JMP 001200B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!OpenClipboard 776A5BB9 5 Bytes JMP 00120070
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!IsClipboardFormatAvailable 776A5C3A 5 Bytes JMP 001200F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!GetClipboardSequenceNumber 776A5C4E 5 Bytes JMP 00120330
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!GetClipboardOwner 776A5C60 5 Bytes JMP 00120370
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!CountClipboardFormats 776A5DC9 5 Bytes JMP 001201F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00180600
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!GetClipboardViewer 776D4B57 5 Bytes JMP 00120470
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] USER32.dll!GetPriorityClipboardFormat 776D4C59 5 Bytes JMP 001203B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!SelectObject 777961D0 5 Bytes JMP 001305B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!SetTextColor 77796622 5 Bytes JMP 00130970
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!SetBkMode 777966CD 5 Bytes JMP 00130830
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!DeleteObject 777968B4 5 Bytes JMP 001301B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!DeleteDC 77796A2C 5 Bytes JMP 00130170
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!ExtSelectClipRgn 77796C72 5 Bytes JMP 001302F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!SelectClipRgn 77796D84 5 Bytes JMP 00130570
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!GetDeviceCaps 77796E03 5 Bytes JMP 00130370
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!SetStretchBltMode 777973CE 5 Bytes JMP 001305F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!GetTextMetricsW 7779798F 5 Bytes JMP 00130D30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!IntersectClipRect 77797CCA 5 Bytes JMP 001303B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!SetTextAlign 77797F92 5 Bytes JMP 00130930
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!ExtTextOutW 77798053 5 Bytes JMP 001308B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!GetClipBox 777981F2 5 Bytes JMP 00130330
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!MoveToEx 77798A16 5 Bytes JMP 00130430
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!CreateDCA 77799975 5 Bytes JMP 001300B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!RestoreDC 77799A10 5 Bytes JMP 001304F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!SaveDC 77799AD2 5 Bytes JMP 00130530
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!StretchDIBits 7779AC38 5 Bytes JMP 001306B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!GetTextFaceW 7779B4CC 5 Bytes JMP 00130C70
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!GetFontData 7779B8E8 5 Bytes JMP 00130BB0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!CreateDCW 7779BD21 5 Bytes JMP 001300F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!CreateICW 7779C660 5 Bytes JMP 00130130
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!LineTo 7779CA20 5 Bytes JMP 001303F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!SetWorldTransform 7779CB42 5 Bytes JMP 00130630
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!GetTextMetricsA 7779CE46 5 Bytes JMP 00130CF0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!Rectangle 7779F5BE 5 Bytes JMP 001308F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!SetICMMode 7779F8D4 5 Bytes JMP 00130CB0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!ExtTextOutA 777A0158 5 Bytes JMP 00130870
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!Escape 777A0B0D 5 Bytes JMP 00130270
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!ExtEscape 777A3472 5 Bytes JMP 001302B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!GetTextFaceA 777A3E49 5 Bytes JMP 00130C30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!SetPolyFillMode 777A6CE1 5 Bytes JMP 00130A70
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!SetMiterLimit 777A6E54 5 Bytes JMP 00130AB0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!ResetDCW 777B031C 5 Bytes JMP 001309F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!EndPage 777B07CD 5 Bytes JMP 00130230
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!GetGlyphOutlineW 777BC292 5 Bytes JMP 00130BF0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!CreateScalableFontResourceW 777BE8EF 5 Bytes JMP 00130AF0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!AddFontResourceW 777BECEB 5 Bytes JMP 00130B30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!RemoveFontResourceW 777BF1E1 5 Bytes JMP 00130B70
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!AbortDoc 777C4D37 5 Bytes JMP 00130030
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!EndDoc 777C517E 5 Bytes JMP 001301F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!StartPage 777C5269 5 Bytes JMP 00130670
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!StartDocW 777C5BB6 5 Bytes JMP 00130730
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!BeginPath 777C635D 5 Bytes JMP 00130770
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!SelectClipPath 777C63B4 5 Bytes JMP 00130A30
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!CloseFigure 777C640F 5 Bytes JMP 00130070
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!EndPath 777C6466 5 Bytes JMP 001309B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!StrokePath 777C6699 5 Bytes JMP 001306F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!FillPath 777C6726 5 Bytes JMP 001307B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!PolylineTo 777C6B94 5 Bytes JMP 001304B0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!PolyBezierTo 777C6C25 5 Bytes JMP 00130470
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] GDI32.dll!PolyDraw 777C6CD7 5 Bytes JMP 001307F0
.text C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe[4804] ole32.dll!OleSetClipboard 7648F2FE 5 Bytes JMP 00150030
.text C:\Windows\system32\AUDIODG.EXE[5232] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5440] ntdll.dll!LdrUnloadDll 77BEBEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[5440] ntdll.dll!LdrLoadDll 77BEF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[5440] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5440] USER32.dll!UnhookWindowsHookEx 7767CC7B 5 Bytes JMP 00140A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[5440] USER32.dll!UnhookWinEvent 7767D924 5 Bytes JMP 001403FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[5440] USER32.dll!SetWindowsHookExW 7768210A 5 Bytes JMP 00140804
.text C:\Program Files\Mozilla Firefox\firefox.exe[5440] USER32.dll!SetWinEventHook 7768507E 5 Bytes JMP 001401F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[5440] USER32.dll!SetWindowsHookExA 776A6DFA 5 Bytes JMP 00140600
.text C:\Windows\System32\svchost.exe[6032] kernel32.dll!GetBinaryTypeW + 70 768F7984 1 Byte [62]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

Device \Driver\ACPI_HAL \Device\0000005f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [MANUAL] 1186436690 <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\1186436690@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\services\1186436690@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\1186436690@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\1186436690@DisplayName Virtual Bus for Microsoft ACPI-Compliant System
Reg HKLM\SYSTEM\ControlSet002\services\1186436690@Start 3
Reg HKLM\SYSTEM\ControlSet002\services\1186436690@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\1186436690@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\1186436690@DisplayName Virtual Bus for Microsoft ACPI-Compliant System
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 917

Attached File(s)

Attach.txt (18.14K)
Number of downloads: 0

#2 HelpBot

Bleepin' Binary Bot

Group: Bots
Posts: 5,607
Joined: 05-October 07
Gender:Male

Posted 29 July 2011 - 05:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you!

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/408990 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
- Please do this even if you have previously posted logs for us.
- If you were unable to produce the logs originally please try once more.
- If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
- If you are unsure about any of these characteristics just post what you can and we will guide you.
Please tell us if you have your original Windows CD/DVD available.
Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 sempai

noypi

Group: Malware Response Team
Posts: 5,161
Joined: 30-June 06
Gender:Male
Location:3 stars and a sun

Posted 30 July 2011 - 08:07 AM

Hello Ketty Loffer, welcome to BC and sorry about the delay.

I need to see new logs for me to find out the current status of your computer. Please let me know if you did any changes or run any other tools on your own.

:step1:

Please run another scan with GMER.

Double click GMER.exe and if you are asked if you want to allow gmer.sys driver to load, please allow it to do so.
If it gives you a warning about rootkit activity and asks if you want to run scan, please click on NO.
In the right panel you will see several boxes that have been checked. Unchecked the following checkboxes:
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Now click on the Scan button and wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in ark.txt and save it to your desktop.
Post the contents of that report when you reply.

Download OTL by OldTimer from one of the links below:

Link 1
Link 2

Save it to your desktop.
Close all open windows on the Task Bar.
Double click the OTL icon to run the program (run as Administrator for Windows Vista/7).
Put a check mark on Scan All Users.
Click the Run Scan button and let it run uninterrupted.
It will create two reports namely OTL.txt (will be opened) and Extras.txt (will be minimized).
Post the contents of both reports when you reply.
Exit OTL.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.

Extract the zip file to its own folder.
Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
Click Start scan to start scanning.
If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
Click on Report to generate a log.
Please post that log when you reply.

~Semp

You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.
Member of UNITE (Unified Network of Instructors and Trained Eliminators) and ASAP (Alliance of Security Analysis Professionals)

#4 Ketty Loffer

Member

Group: Members
Posts: 19
Joined: 04-July 11

Posted 30 July 2011 - 03:19 PM

Updated GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-30 13:21:28
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM500JI rev.2AC101C4
Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\fxdyipoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8CA44202] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E2B9D8C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8CA467F0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8CA46848] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8CA4695E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8CA46746] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8CA46898] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8CA4679A] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8CA4690C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8CA44226] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E2B9E3C] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8CA43FF0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8CA4424A] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8CA46D56] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8CA44CDA] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8CA46820] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8CA46870] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8CA46988] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8CA46772] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8CA468D8] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8CA467C8] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8CA46936] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E2B9ED4] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8CA44BA0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8CA4426E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8CA44292] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8CA4404A] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8CA44186] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8CA44162] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8CA441AA] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8CA442B6] <-- ROOTKIT !!!

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E2CF398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C7A569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C9F092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 214 82CA6824 4 Bytes [02, 42, A4, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82CA684C 4 Bytes [8C, 9D, 2B, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82CA6900 8 Bytes [F0, 67, A4, 8C, 48, 68, A4, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82CA690C 4 Bytes [5E, 69, A4, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82CA6928 4 Bytes [46, 67, A4, 8C]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E402CC 5 Bytes JMP 8E2CAD4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E5A003 5 Bytes JMP 8E2CC80A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82EA45CA 4 Bytes CALL 8CA4534B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82EAC6A4 4 Bytes CALL 8CA45361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82F122EC 7 Bytes JMP 8E2CF39C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\Windows\System32\Drivers\1186436690.SYS Access is denied.
.text win32k.sys!EngMultiByteToUnicodeN + 7231 9789987A 5 Bytes JMP 8CA47316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngIsSemaphoreOwned + 8A1B 978B08BD 5 Bytes JMP 8CA47440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + C16D 978D178C 5 Bytes JMP 8CA47E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 3330 978E4FBD 5 Bytes JMP 8CA46F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4035 978E5CC2 5 Bytes JMP 8CA47BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + 177B 978EB5F3 5 Bytes JMP 8CA47326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 79A9 97907B20 5 Bytes JMP 8CA46FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 8690 97908807 5 Bytes JMP 8CA46E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 9280 979093F7 5 Bytes JMP 8CA47180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateSemaphore + A5E8 9792420C 5 Bytes JMP 8CA47B64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateSemaphore + C99D 979265C1 5 Bytes JMP 8CA46D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 56E 9792FC0D 5 Bytes JMP 8CA47BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 5201 979348A0 5 Bytes JMP 8CA48014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 6119 97947AD2 5 Bytes JMP 8CA46E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 1AEC6 9795C87F 5 Bytes JMP 8CA47BF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_bEnum + 97AD 9796FDA1 5 Bytes JMP 8CA470E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26C1 97977E7F 5 Bytes JMP 8CA47ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bPolyBezierTo + F8 9798B8FD 5 Bytes JMP 8CA470AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAcquireSemaphoreSharedNoWait + 1F5A 9799B962 5 Bytes JMP 8CA47F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + EB5 979C55DF 5 Bytes JMP 8CA47008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetCurrentGamma + 1C88 979C960A 5 Bytes JMP 8CA4703E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetPointerShape + C86 979CC2C0 5 Bytes JMP 8CA47D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_cEnumStart + 6CFE 979D4FB5 4 Bytes JMP 8CA46EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text user32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes [E9, 88, 3D, 98, 8A] {JMP 0xffffffff8a983d8d}
.text user32.dll!UnhookWinEvent 7588D924 5 Bytes [E9, D3, 2A, 98, 8A] {JMP 0xffffffff8a982ad8}
.text user32.dll!SetWindowsHookExW 7589210A 5 Bytes [E9, F5, E6, 97, 8A] {JMP 0xffffffff8a97e6fa}
.text user32.dll!SetWinEventHook 7589507E 5 Bytes [E9, 75, B1, 97, 8A] {JMP 0xffffffff8a97b17a}
.text user32.dll!SetWindowsHookExA 758B6DFA 5 Bytes [E9, 01, 98, 95, 8A] {JMP 0xffffffff8a959806}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Bonjour\mDNSResponder.exe[432] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[432] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[432] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[432] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 00090A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[432] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 000903FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[432] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 00090804
.text C:\Program Files\Bonjour\mDNSResponder.exe[432] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 000901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[432] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 00090600
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[440] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000903FC
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[440] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000901F8
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[440] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[440] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 00130A08
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[440] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001303FC
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[440] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 00130804
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[440] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001301F8
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[440] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 00130600
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[460] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[460] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[460] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 008F0A08
.text C:\Windows\system32\svchost.exe[460] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 008F03FC
.text C:\Windows\system32\svchost.exe[460] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 008F0804
.text C:\Windows\system32\svchost.exe[460] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 008F01F8
.text C:\Windows\system32\svchost.exe[460] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 008F0600
.text C:\Windows\system32\csrss.exe[528] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Pogoplug\dokanmnt.exe[532] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Pogoplug\dokanmnt.exe[532] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Pogoplug\dokanmnt.exe[532] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\wininit.exe[596] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[596] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[596] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\wininit.exe[596] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wininit.exe[596] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wininit.exe[596] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\wininit.exe[596] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wininit.exe[596] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 000C0600
.text C:\Windows\system32\csrss.exe[604] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\services.exe[652] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[652] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[652] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[688] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[688] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[688] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[688] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 000C0A08
.text C:\Windows\system32\winlogon.exe[688] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 000C03FC
.text C:\Windows\system32\winlogon.exe[688] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\winlogon.exe[688] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\winlogon.exe[688] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 000C0600
.text C:\Windows\system32\lsass.exe[716] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[716] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\lsass.exe[716] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 001B0A08
.text C:\Windows\system32\lsass.exe[716] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001B03FC
.text C:\Windows\system32\lsass.exe[716] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 001B0804
.text C:\Windows\system32\lsass.exe[716] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001B01F8
.text C:\Windows\system32\lsass.exe[716] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 001B0600
.text C:\Windows\system32\lsm.exe[724] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsm.exe[724] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsm.exe[724] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[840] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[840] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[840] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[956] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\Ati2evxx.exe[1004] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 001503FC
.text C:\Windows\system32\Ati2evxx.exe[1004] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 001501F8
.text C:\Windows\system32\Ati2evxx.exe[1004] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\Ati2evxx.exe[1004] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 001E0A08
.text C:\Windows\system32\Ati2evxx.exe[1004] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001E03FC
.text C:\Windows\system32\Ati2evxx.exe[1004] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 001E0804
.text C:\Windows\system32\Ati2evxx.exe[1004] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001E01F8
.text C:\Windows\system32\Ati2evxx.exe[1004] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 001E0600
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 003E0A08
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 003E03FC
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 003E0804
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 003E01F8
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 003E0600
.text C:\Windows\system32\Ati2evxx.exe[1084] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 001503FC
.text C:\Windows\system32\Ati2evxx.exe[1084] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 001501F8
.text C:\Windows\system32\Ati2evxx.exe[1084] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\Ati2evxx.exe[1084] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 001E0A08
.text C:\Windows\system32\Ati2evxx.exe[1084] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001E03FC
.text C:\Windows\system32\Ati2evxx.exe[1084] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 001E0804
.text C:\Windows\system32\Ati2evxx.exe[1084] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001E01F8
.text C:\Windows\system32\Ati2evxx.exe[1084] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 001E0600
.text C:\Windows\System32\svchost.exe[1092] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1092] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 008B0A08
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 008B03FC
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 008B0804
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 008B01F8
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 008B0600
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[1116] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[1116] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[1116] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[1116] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 001E0A08
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[1116] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001E03FC
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[1116] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 001E0804
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[1116] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001E01F8
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[1116] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 001E0600
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1120] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 00F10A08
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 00F103FC
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 00F10804
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 00F101F8
.text C:\Windows\system32\svchost.exe[1120] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 00F10600
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 005F0A08
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 005F03FC
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 005F0804
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 005F01F8
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 005F0600
.text C:\Windows\system32\svchost.exe[1336] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[1336] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1336] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 008B0A08
.text C:\Windows\system32\svchost.exe[1336] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 008B03FC
.text C:\Windows\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 008B0804
.text C:\Windows\system32\svchost.exe[1336] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 008B01F8
.text C:\Windows\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 008B0600
.text C:\Program Files\Alwil Software\Avast5\afwServ.exe[1448] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1628] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1628] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1628] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1628] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1628] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001003FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1628] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 00100804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1628] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001001F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1628] USER32.dll!TrackPopupMenu 758B4B3B 5 Bytes JMP 583F89D7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1628] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 00100600
.text C:\Windows\System32\spoolsv.exe[1780] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[1780] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[1780] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1780] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 00100A08
.text C:\Windows\System32\spoolsv.exe[1780] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001003FC
.text C:\Windows\System32\spoolsv.exe[1780] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 00100804
.text C:\Windows\System32\spoolsv.exe[1780] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001001F8
.text C:\Windows\System32\spoolsv.exe[1780] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[1816] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1816] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1816] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1816] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 00350A08
.text C:\Windows\system32\svchost.exe[1816] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 003503FC
.text C:\Windows\system32\svchost.exe[1816] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 00350804
.text C:\Windows\system32\svchost.exe[1816] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 003501F8
.text C:\Windows\system32\svchost.exe[1816] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 00350600
.text C:\Program Files\Mozilla Firefox\firefox.exe[1880] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1880] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[1880] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1880] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 00190A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[1880] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001903FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1880] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 00190804
.text C:\Program Files\Mozilla Firefox\firefox.exe[1880] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001901F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[1880] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 00190600
.text C:\Windows\System32\svchost.exe[1900] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000A03FC
.text C:\Windows\System32\svchost.exe[1900] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000A01F8
.text C:\Windows\System32\svchost.exe[1900] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1900] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 003E0A08
.text C:\Windows\System32\svchost.exe[1900] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 003E03FC
.text C:\Windows\System32\svchost.exe[1900] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 003E0804
.text C:\Windows\System32\svchost.exe[1900] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 003E01F8
.text C:\Windows\System32\svchost.exe[1900] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 003E0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 002003FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 00200804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 002001F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1920] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 00200600
.text C:\Windows\system32\atashost.exe[1996] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 001603FC
.text C:\Windows\system32\atashost.exe[1996] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 001601F8
.text C:\Windows\system32\atashost.exe[1996] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\atashost.exe[1996] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 00300A08
.text C:\Windows\system32\atashost.exe[1996] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 003003FC
.text C:\Windows\system32\atashost.exe[1996] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 00300804
.text C:\Windows\system32\atashost.exe[1996] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 003001F8
.text C:\Windows\system32\atashost.exe[1996] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 00300600
.text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[2024] KERNEL32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2084] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2084] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2084] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2084] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2084] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 000F03FC
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2084] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 000F0804
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2084] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 000F01F8
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2084] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 000F0600
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2108] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2108] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2108] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2108] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2108] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2108] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 001F0804
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2108] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2108] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[2140] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[2140] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[2140] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[2140] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[2140] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[2140] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 001F0804
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[2140] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[2140] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 001F0600
.text C:\Windows\system32\STacSV.exe[2176] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 001503FC
.text C:\Windows\system32\STacSV.exe[2176] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 001501F8
.text C:\Windows\system32\STacSV.exe[2176] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\STacSV.exe[2176] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 001F0A08
.text C:\Windows\system32\STacSV.exe[2176] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001F03FC
.text C:\Windows\system32\STacSV.exe[2176] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 001F0804
.text C:\Windows\system32\STacSV.exe[2176] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001F01F8
.text C:\Windows\system32\STacSV.exe[2176] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[2224] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2224] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2224] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2272] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[2272] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[2272] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2272] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 00260A08
.text C:\Windows\System32\svchost.exe[2272] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 002603FC
.text C:\Windows\System32\svchost.exe[2272] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 00260804
.text C:\Windows\System32\svchost.exe[2272] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 002601F8
.text C:\Windows\System32\svchost.exe[2272] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 00260600
.text C:\Windows\System32\WLTRYSVC.EXE[2304] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 001603FC
.text C:\Windows\System32\WLTRYSVC.EXE[2304] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 001601F8
.text C:\Windows\System32\WLTRYSVC.EXE[2304] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\System32\WLTRYSVC.EXE[2304] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 00180A08
.text C:\Windows\System32\WLTRYSVC.EXE[2304] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001803FC
.text C:\Windows\System32\WLTRYSVC.EXE[2304] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 00180804
.text C:\Windows\System32\WLTRYSVC.EXE[2304] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001801F8
.text C:\Windows\System32\WLTRYSVC.EXE[2304] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 00180600
.text C:\Windows\System32\svchost.exe[2312] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[2312] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[2312] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[2360] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 001503FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[2360] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 001501F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2360] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[2360] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 001F0A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[2360] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001F03FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[2360] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 001F0804
.text C:\Windows\system32\DRIVERS\xaudio.exe[2360] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001F01F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2360] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 001F0600
.text C:\Windows\System32\bcmwltry.exe[2368] KERNEL32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[2656] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000703FC
.text C:\Windows\system32\wuauclt.exe[2656] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000701F8
.text C:\Windows\system32\wuauclt.exe[2656] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[2656] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 00140A08
.text C:\Windows\system32\wuauclt.exe[2656] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001403FC
.text C:\Windows\system32\wuauclt.exe[2656] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 00140804
.text C:\Windows\system32\wuauclt.exe[2656] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001401F8
.text C:\Windows\system32\wuauclt.exe[2656] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 00140600
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2716] KERNEL32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[2892] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[2892] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[2892] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[2892] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 001E0A08
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[2892] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001E03FC
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[2892] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 001E0804
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[2892] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001E01F8
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[2892] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 001E0600
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[2976] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[2976] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[2976] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[2976] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 001E0A08
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[2976] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001E03FC
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[2976] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 001E0804
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[2976] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001E01F8
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[2976] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 001E0600
.text C:\Windows\system32\SearchIndexer.exe[3004] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[3004] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[3004] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3004] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 00100A08
.text C:\Windows\system32\SearchIndexer.exe[3004] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001003FC
.text C:\Windows\system32\SearchIndexer.exe[3004] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 00100804
.text C:\Windows\system32\SearchIndexer.exe[3004] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001001F8
.text C:\Windows\system32\SearchIndexer.exe[3004] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 00100600
.text C:\Windows\system32\taskhost.exe[3064] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000903FC
.text C:\Windows\system32\taskhost.exe[3064] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000901F8
.text C:\Windows\system32\taskhost.exe[3064] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[3064] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 00120A08
.text C:\Windows\system32\taskhost.exe[3064] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001203FC
.text C:\Windows\system32\taskhost.exe[3064] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 00120804
.text C:\Windows\system32\taskhost.exe[3064] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001201F8
.text C:\Windows\system32\taskhost.exe[3064] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 00120600
.text C:\Windows\system32\Dwm.exe[3124] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[3124] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3124] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[3124] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[3124] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[3124] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[3124] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 000F0600
.text C:\Windows\Explorer.EXE[3164] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[3164] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[3164] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\Explorer.EXE[3164] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 000A0A08
.text C:\Windows\Explorer.EXE[3164] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 000A03FC
.text C:\Windows\Explorer.EXE[3164] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 000A0804
.text C:\Windows\Explorer.EXE[3164] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 000A01F8
.text C:\Windows\Explorer.EXE[3164] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 000A0600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3312] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3312] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3312] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3312] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 002F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3312] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 002F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3312] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 002F0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3312] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 002F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3312] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 002F0600
.text C:\Windows\System32\WLTRAY.EXE[3320] KERNEL32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\sttray.exe[3332] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 001503FC
.text C:\Windows\sttray.exe[3332] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 001501F8
.text C:\Windows\sttray.exe[3332] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\sttray.exe[3332] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 001E0A08
.text C:\Windows\sttray.exe[3332] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001E03FC
.text C:\Windows\sttray.exe[3332] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 001E0804
.text C:\Windows\sttray.exe[3332] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001E01F8
.text C:\Windows\sttray.exe[3332] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 001E0600
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3360] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3384] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3384] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3384] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3384] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 00310A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3384] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 003103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3384] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 00310804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3384] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 003101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3384] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 00310600
.text C:\Program Files\Pogoplug\PPDrive.exe[3396] KERNEL32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Digital Line Detect\DLG.exe[3424] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Digital Line Detect\DLG.exe[3424] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Digital Line Detect\DLG.exe[3424] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Digital Line Detect\DLG.exe[3424] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 001E0A08
.text C:\Program Files\Digital Line Detect\DLG.exe[3424] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001E03FC
.text C:\Program Files\Digital Line Detect\DLG.exe[3424] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 001E0804
.text C:\Program Files\Digital Line Detect\DLG.exe[3424] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001E01F8
.text C:\Program Files\Digital Line Detect\DLG.exe[3424] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 001E0600
.text C:\Windows\system32\svchost.exe[4036] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[4036] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[4036] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[4036] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 00310A08
.text C:\Windows\system32\svchost.exe[4036] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 003103FC
.text C:\Windows\system32\svchost.exe[4036] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 00310804
.text C:\Windows\system32\svchost.exe[4036] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 003101F8
.text C:\Windows\system32\svchost.exe[4036] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 00310600
.text C:\Windows\system32\svchost.exe[4100] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[4100] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[4100] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\system32\AUDIODG.EXE[4236] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4316] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4316] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4316] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4316] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 00140A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4316] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4316] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 00140804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4316] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4316] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 00140600
.text C:\Program Files\Pogoplug\PPFS.EXE[4344] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Pogoplug\PPFS.EXE[4344] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Pogoplug\PPFS.EXE[4344] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\Pogoplug\PPFS.EXE[4344] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Pogoplug\PPFS.EXE[4344] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Pogoplug\PPFS.EXE[4344] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 001F0804
.text C:\Program Files\Pogoplug\PPFS.EXE[4344] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Pogoplug\PPFS.EXE[4344] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 001F0600
.text C:\Users\Administrator\AppData\Local\temp\Temp1_gmer.zip\gmer.exe[4464] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 001603FC
.text C:\Users\Administrator\AppData\Local\temp\Temp1_gmer.zip\gmer.exe[4464] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 001601F8
.text C:\Users\Administrator\AppData\Local\temp\Temp1_gmer.zip\gmer.exe[4464] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Users\Administrator\AppData\Local\temp\Temp1_gmer.zip\gmer.exe[4464] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 00210A08
.text C:\Users\Administrator\AppData\Local\temp\Temp1_gmer.zip\gmer.exe[4464] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 002103FC
.text C:\Users\Administrator\AppData\Local\temp\Temp1_gmer.zip\gmer.exe[4464] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 00210804
.text C:\Users\Administrator\AppData\Local\temp\Temp1_gmer.zip\gmer.exe[4464] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 002101F8
.text C:\Users\Administrator\AppData\Local\temp\Temp1_gmer.zip\gmer.exe[4464] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 00210600
.text C:\Program Files\uTorrent\uTorrent.exe[4736] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 003403FC
.text C:\Program Files\uTorrent\uTorrent.exe[4736] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 003401F8
.text C:\Program Files\uTorrent\uTorrent.exe[4736] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Program Files\uTorrent\uTorrent.exe[4736] USER32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 003E0A08
.text C:\Program Files\uTorrent\uTorrent.exe[4736] USER32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 003E03FC
.text C:\Program Files\uTorrent\uTorrent.exe[4736] USER32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 003E0804
.text C:\Program Files\uTorrent\uTorrent.exe[4736] USER32.dll!SetWinEventHook 7589507E 5 Bytes JMP 003E01F8
.text C:\Program Files\uTorrent\uTorrent.exe[4736] USER32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 003E0600
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[4868] kernel32.dll!SetUnhandledExceptionFilter 76D430E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[4868] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[5224] ntdll.dll!LdrUnloadDll 7712BEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[5224] ntdll.dll!LdrLoadDll 7712F5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[5224] kernel32.dll!GetBinaryTypeW + 70 76D578FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[5224] user32.dll!UnhookWindowsHookEx 7588CC7B 5 Bytes JMP 001C0A08
.text C:\Windows\System32\svchost.exe[5224] user32.dll!UnhookWinEvent 7588D924 5 Bytes JMP 001C03FC
.text C:\Windows\System32\svchost.exe[5224] user32.dll!SetWindowsHookExW 7589210A 5 Bytes JMP 001C0804
.text C:\Windows\System32\svchost.exe[5224] user32.dll!SetWinEventHook 7589507E 5 Bytes JMP 001C01F8
.text C:\Windows\System32\svchost.exe[5224] user32.dll!SetWindowsHookExA 758B6DFA 5 Bytes JMP 001C0600

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

Device \Driver\ACPI_HAL \Device\0000005e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [MANUAL] 1186436690 <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\1186436690@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\services\1186436690@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\1186436690@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\1186436690@DisplayName Virtual Bus for Microsoft ACPI-Compliant System
Reg HKLM\SYSTEM\ControlSet002\services\1186436690@Start 3
Reg HKLM\SYSTEM\ControlSet002\services\1186436690@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\1186436690@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\1186436690@DisplayName Virtual Bus for Microsoft ACPI-Compliant System

---- Files - GMER 1.0.15 ----

File C:\Users\Administrator\Desktop\lohg5.log 89801 bytes

---- EOF - GMER 1.0.15 ----

Updated DDS log:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 13:24:29 on 2011-07-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1918.703 [GMT -6:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Pogoplug\dokanmnt.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Pogoplug\PPDrive.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE
C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Pogoplug\PPFS.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Users\Administrator\AppData\Local\temp\Temp1_gmer.zip\gmer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070806
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070806
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Pogoplug] "c:\program files\pogoplug\PPDRIVE.EXE"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9} : DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\261636B6071636B6 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\265616E63716E6462627567737 : DhcpNameServer = 205.139.50.143 63.209.206.118
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\348696C646 : DhcpNameServer = 216.250.32.34 216.250.32.36
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\765737475627 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\C4F66666978696A7A7F6573756 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\C696E6B6379737 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\C696E6B6379737F5355435F51353437353 : DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\0ly1t18e.default\
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-10-10 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-10-10 194264]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-10-10 103384]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-10-10 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-10 309848]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-10 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-10 54104]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-4-10 133944]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-7-4 42184]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2011-7-4 121000]
R2 DokanCEDriver;DokanCEDriver;c:\program files\pogoplug\dokance.sys [2011-5-27 54592]
R2 DokanCEMounter;DokanCEMounter;c:\program files\pogoplug\dokanmnt.exe [2011-5-27 124736]
R2 HBAdmin;HBAdmin;c:\program files\pogoplug\hbplug\hbadmin.exe [2011-5-27 701248]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2008-5-14 14416]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R3 xcetap0;XCETAP0 Adapter;c:\windows\system32\drivers\xcetap0.sys [2011-5-27 34624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 eyeonedp;eye-one display;c:\windows\system32\drivers\EyeOneDp.sys [2008-5-14 44344]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-6 30192]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-8-6 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-8-6 40552]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2009-3-30 200704]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-30 1343400]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-07-29 17:29:18 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{155e10eb-4b51-4a91-9aff-ec5b00ed30a6}\mpengine.dll
2011-07-17 19:30:07 -------- d-----w- C:\$WINDOWS.~BT
2011-07-13 13:33:53 271872 ----a-w- c:\windows\system32\conhost.exe
2011-07-13 13:33:53 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 13:31:11 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-07-12 23:45:40 -------- d-----w- c:\users\administrator\appdata\local\CutePDF Writer
2011-07-12 23:45:08 -------- d-----w- c:\program files\GPLGS
2011-07-12 23:41:49 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-07-12 23:41:47 -------- d-----w- c:\program files\Acro Software
2011-07-11 04:10:56 -------- d-----w- c:\users\administrator\appdata\roaming\WinPatrol
2011-07-11 03:55:44 -------- d-----w- c:\users\administrator\appdata\roaming\Malwarebytes
2011-07-11 03:55:15 -------- d-----w- c:\programdata\Malwarebytes
2011-07-09 15:35:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-09 15:31:56 -------- d-----w- c:\users\administrator\appdata\roaming\SUPERAntiSpyware.com
2011-07-09 15:31:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-01 22:09:03 25984 ----a-w- c:\windows\system32\drivers\1186436690.sys
.
==================== Find3M ====================
.
2011-07-29 20:26:54 3766 --sha-w- c:\programdata\KGyGaAvL.sys
2011-07-07 15:07:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:37:33 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36:18 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-28 16:19:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 05:58:05 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-02 03:45:49 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-27 21:11:28 442688 ----a-w- c:\windows\system32\xceprnt.dll
2011-05-27 07:03:22 34624 ----a-w- c:\windows\system32\drivers\xcetap0.sys
2011-05-25 01:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:35:34 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-04 04:53:10 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-04 02:43:59 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43:48 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43:41 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50:29 740864 ----a-w- c:\windows\system32\inetcomm.dll
2008-03-30 03:51:23 6958968 ----a-w- c:\program files\SFTPMSI.exe
.
============= FINISH: 13:30:10.14 ===============

I do not have access to my windows disk.

I tried running oldtimer but it gets stopped a few seconds into the scan. I ran TDSSKiller and it says this:

Suspicious objects
service name: 1186436690
Service type: kernel driver (0x1)
Service start: Demand (0x3)
File: C:\Windows\system32\drivers\1186436690.sys
MD5: 78bdf35b00fb490074acea8a885cbb8d

Thanks for your help!

Attached File(s)

Attach.txt (9.87K)
Number of downloads: 1

#5 sempai

noypi

Group: Malware Response Team
Posts: 5,161
Joined: 30-June 06
Gender:Male
Location:3 stars and a sun

Posted 31 July 2011 - 05:04 AM

Hi,

Please make sure not to follow two different instructions on two different forums at the same time.

P2P Warning:

µTorrent

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes .

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

=====================================

Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE

Close any open windows, including this one.

Double click on ComboFix.exe & follow the prompts.

ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.

When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.
ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Please do not mouseclick combofix's window while its running because it may call it to stall.
ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.

~Semp

#6 Ketty Loffer

Member

Group: Members
Posts: 19
Joined: 04-July 11

Posted 31 July 2011 - 07:45 PM

Thanks again for your help. I'd been using uTorrent on a school website but I will delete it - I had no idea it was so bad!

ComboFix 11-07-31.04 - Administrator 07/31/2011 18:10:16.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1918.790 [GMT -6:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5830\Downloads\652c72d6-ea41-4060-96f7-060298329393.dll
c:\programdata\PCDr\5830\Downloads\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\5830\Downloads\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll
c:\programdata\PCDr\5830\Downloads\daf30858-49d8-434b-b4b1-068b5dc9267c.dll
c:\windows\system32\drivers\1186436690.sys
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_1186436690
.
.
((((((((((((((((((((((((( Files Created from 2011-07-01 to 2011-08-01 )))))))))))))))))))))))))))))))
.
.
2011-08-01 00:28 . 2011-08-01 00:31 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-08-01 00:28 . 2011-08-01 00:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-01 00:28 . 2011-08-01 00:28 -------- d-----w- c:\users\Kristine\AppData\Local\temp
2011-08-01 00:28 . 2011-08-01 00:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-01 00:05 . 2011-08-01 00:05 -------- d-----w- C:\32788R22FWJFW
2011-07-29 20:26 . 2011-07-29 20:26 -------- d-----w- c:\users\Administrator\AppData\Roaming\Corel
2011-07-29 20:26 . 2011-07-29 20:30 -------- d-----w- c:\users\Administrator\AppData\Roaming\Ulead Systems
2011-07-29 17:29 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{155E10EB-4B51-4A91-9AFF-EC5B00ED30A6}\mpengine.dll
2011-07-17 19:30 . 2011-07-17 19:30 -------- d-----w- C:\$WINDOWS.~BT
2011-07-13 13:33 . 2011-06-02 05:59 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 13:33 . 2011-06-02 05:55 271872 ----a-w- c:\windows\system32\conhost.exe
2011-07-13 13:31 . 2011-06-11 02:37 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-07-12 23:45 . 2011-07-18 19:12 -------- d-----w- c:\users\Administrator\AppData\Local\CutePDF Writer
2011-07-12 23:45 . 2011-07-12 23:45 -------- d-----w- c:\program files\GPLGS
2011-07-12 23:41 . 2009-11-05 14:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-07-12 23:41 . 2011-07-12 23:41 -------- d-----w- c:\program files\Acro Software
2011-07-11 04:10 . 2011-07-11 04:10 -------- d-----w- c:\users\Administrator\AppData\Roaming\WinPatrol
2011-07-11 03:55 . 2011-07-11 03:55 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2011-07-11 03:55 . 2011-07-11 03:55 -------- d-----w- c:\programdata\Malwarebytes
2011-07-09 15:35 . 2011-07-29 20:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-09 15:31 . 2011-07-09 15:31 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2011-07-09 15:31 . 2011-07-09 15:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-08 01:05 . 2011-07-08 01:06 -------- d-----w- c:\users\Administrator\AppData\Roaming\vlc
2011-07-07 15:08 . 2011-07-07 15:08 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-29 20:26 . 2010-06-23 03:06 3766 --sha-w- c:\programdata\KGyGaAvL.sys
2011-07-07 15:07 . 2010-06-29 04:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-04 11:43 . 2010-10-11 05:08 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-10-11 05:08 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:37 . 2010-10-11 05:10 103384 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-07-04 11:36 . 2010-10-11 05:10 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-10-11 05:10 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:36 . 2010-10-11 05:09 194264 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-07-04 11:35 . 2010-10-11 05:09 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-10-11 05:09 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-10-11 05:09 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-10-11 05:10 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-28 16:19 . 2011-06-28 16:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-28 03:00 . 2011-06-15 15:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-27 21:11 . 2011-05-27 21:11 442688 ----a-w- c:\windows\system32\xceprnt.dll
2011-05-27 07:03 . 2011-05-27 07:03 34624 ----a-w- c:\windows\system32\drivers\xcetap0.sys
2011-05-25 01:14 . 2009-10-04 02:07 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:35 . 2011-06-29 15:43 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-04 04:53 . 2011-06-29 15:43 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 04:52 . 2011-06-29 15:43 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 04:52 . 2011-06-29 15:43 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-05-04 04:52 . 2011-06-29 15:43 337408 ----a-w- c:\windows\system32\mssph.dll
2011-05-04 04:52 . 2011-06-29 15:43 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-05-04 04:52 . 2011-06-29 15:43 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-05-04 04:52 . 2011-06-29 15:43 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-05-04 04:52 . 2011-06-29 15:43 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-05-04 04:52 . 2011-06-29 15:43 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-05-04 02:43 . 2011-06-15 15:52 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43 . 2011-06-15 15:52 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43 . 2011-06-15 15:52 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50 . 2011-06-15 15:54 740864 ----a-w- c:\windows\system32\inetcomm.dll
2008-03-30 03:51 . 2008-03-30 03:51 6958968 ----a-w- c:\program files\SFTPMSI.exe
2010-06-25 02:55 . 2010-06-25 02:55 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pogoplug"="c:\program files\Pogoplug\PPDRIVE.EXE" [2011-05-27 267072]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 303104]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-11-17 329096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-8-6 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logo Calibration Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logo Calibration Loader.lnk
backup=c:\windows\pss\Logo Calibration Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ProfileReminder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ProfileReminder.lnk
backup=c:\windows\pss\ProfileReminder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 20:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2009-10-24 09:18 597792 ----a-w- c:\program files\Sony\PMB\PMBVolumeWatcher.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 eyeonedp;eye-one display;c:\windows\system32\DRIVERS\eyeonedp.sys [2004-05-07 44344]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-25 30192]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-11-11 200704]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-30 1343400]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-09-07 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-04-10 133944]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2011-07-04 121000]
S2 DokanCEDriver;DokanCEDriver;c:\program files\Pogoplug\dokance.sys [2011-05-27 54592]
S2 DokanCEMounter;DokanCEMounter;c:\program files\Pogoplug\dokanmnt.exe [2011-05-27 124736]
S2 HBAdmin;HBAdmin;c:\program files\Pogoplug\HBPLUG\HBADMIN.exe [2011-05-27 701248]
S2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2006-05-11 14416]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
S3 xcetap0;XCETAP0 Adapter;c:\windows\system32\DRIVERS\xcetap0.sys [2011-05-27 34624]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk
*Deregistered* - mfebopk
*Deregistered* - mfehidk
*Deregistered* - MPFP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
2011-08-01 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070806
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\765737475627: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\C4F66666978696A7A7F6573756: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{CD07FF9E-94B9-405F-9E04-FEACCE5AECE9}\C696E6B6379737: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0ly1t18e.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\1186436690]
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,47,e4,42,09,c1,e1,4c,9c,06,fc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,47,e4,42,09,c1,e1,4c,9c,06,fc,\
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PBrush"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hol\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.hol.14"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ics\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ics.14"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.msg.14"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oft\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.oft.14"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pst\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.pst.14"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcf.14"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcs\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcs.14"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-906046326-3860916293-1416323523-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\1186436690]
@DACL=(02 0000)
"Start"=dword:00000003
"Type"=dword:00000001
"ErrorControl"=dword:00000001
"DisplayName"="Virtual Bus for Microsoft ACPI-Compliant System"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2884)
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\sttray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-07-31 18:41:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-01 00:41
.
Pre-Run: 8,850,374,656 bytes free
Post-Run: 14,059,790,336 bytes free
.
- - End Of File - - 7C987821C6DFB2234A08EADA81758949

#7 sempai

noypi

Group: Malware Response Team
Posts: 5,161
Joined: 30-June 06
Gender:Male
Location:3 stars and a sun

Posted 01 August 2011 - 04:46 AM

Hi,

Looking good, please tell me how's the computer running after doing the following fix below:

:step1:

We need to execute a ComboFix script.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy-paste the text in the code box below into it:

RegLockDel::
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\1186436690]

4. Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please run GMER again the way you run it before and post the new log for my review.

:step3:

Please run TDSSkiller again the way you run it before and post the new log for my review.

~Semp

#8 Ketty Loffer

Member

Group: Members
Posts: 19
Joined: 04-July 11

Posted 02 August 2011 - 10:38 AM

TDSS Log:

2011/08/02 09:31:21.0644 1932 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/02 09:31:23.0672 1932 ================================================================================
2011/08/02 09:31:23.0672 1932 SystemInfo:
2011/08/02 09:31:23.0672 1932
2011/08/02 09:31:23.0672 1932 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/02 09:31:23.0672 1932 Product type: Workstation
2011/08/02 09:31:23.0672 1932 ComputerName: KRISTINES
2011/08/02 09:31:23.0672 1932 UserName: Administrator
2011/08/02 09:31:23.0672 1932 Windows directory: C:\Windows
2011/08/02 09:31:23.0672 1932 System windows directory: C:\Windows
2011/08/02 09:31:23.0672 1932 Processor architecture: Intel x86
2011/08/02 09:31:23.0672 1932 Number of processors: 2
2011/08/02 09:31:23.0672 1932 Page size: 0x1000
2011/08/02 09:31:23.0672 1932 Boot type: Normal boot
2011/08/02 09:31:23.0672 1932 ================================================================================
2011/08/02 09:31:25.0653 1932 Initialize success
2011/08/02 09:31:32.0439 6112 ================================================================================
2011/08/02 09:31:32.0439 6112 Scan started
2011/08/02 09:31:32.0439 6112 Mode: Manual;
2011/08/02 09:31:32.0439 6112 ================================================================================
2011/08/02 09:31:35.0169 6112 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/02 09:31:35.0387 6112 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/02 09:31:35.0543 6112 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/02 09:31:35.0762 6112 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/02 09:31:35.0933 6112 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/02 09:31:36.0042 6112 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/02 09:31:36.0292 6112 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
2011/08/02 09:31:36.0448 6112 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2011/08/02 09:31:36.0573 6112 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/02 09:31:36.0729 6112 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/08/02 09:31:36.0963 6112 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/02 09:31:37.0072 6112 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/08/02 09:31:37.0166 6112 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/02 09:31:37.0353 6112 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/02 09:31:37.0431 6112 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/02 09:31:37.0556 6112 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/08/02 09:31:37.0665 6112 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/02 09:31:37.0790 6112 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/08/02 09:31:38.0008 6112 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/08/02 09:31:38.0507 6112 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/08/02 09:31:38.0648 6112 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/02 09:31:38.0882 6112 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys
2011/08/02 09:31:39.0053 6112 aswFW (e87019bdb5a06a096d7cec7aacd0ee40) C:\Windows\system32\drivers\aswFW.sys
2011/08/02 09:31:39.0194 6112 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
2011/08/02 09:31:39.0350 6112 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys
2011/08/02 09:31:39.0459 6112 aswNdis2 (07ff8c2ba038764cdeb4ffd1331ad29c) C:\Windows\system32\drivers\aswNdis2.sys
2011/08/02 09:31:39.0646 6112 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
2011/08/02 09:31:39.0911 6112 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
2011/08/02 09:31:40.0083 6112 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
2011/08/02 09:31:40.0582 6112 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
2011/08/02 09:31:40.0754 6112 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/02 09:31:40.0847 6112 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/02 09:31:41.0222 6112 atikmdag (1a105f6d20189320d80e1c36635fe1dd) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/02 09:31:41.0518 6112 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/08/02 09:31:41.0970 6112 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/08/02 09:31:42.0220 6112 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/02 09:31:42.0688 6112 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/08/02 09:31:43.0062 6112 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/08/02 09:31:43.0250 6112 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/08/02 09:31:43.0406 6112 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/02 09:31:43.0624 6112 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/02 09:31:43.0702 6112 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/02 09:31:43.0796 6112 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/02 09:31:44.0061 6112 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/08/02 09:31:44.0201 6112 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/02 09:31:44.0264 6112 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/02 09:31:44.0342 6112 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/02 09:31:44.0466 6112 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/02 09:31:45.0215 6112 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/02 09:31:45.0371 6112 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/02 09:31:45.0652 6112 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/02 09:31:46.0026 6112 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/08/02 09:31:46.0448 6112 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/02 09:31:46.0526 6112 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/02 09:31:46.0697 6112 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/08/02 09:31:46.0806 6112 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/02 09:31:46.0994 6112 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/02 09:31:47.0150 6112 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/02 09:31:47.0696 6112 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
2011/08/02 09:31:47.0820 6112 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/08/02 09:31:47.0961 6112 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/08/02 09:31:48.0101 6112 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
2011/08/02 09:31:48.0195 6112 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
2011/08/02 09:31:48.0382 6112 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
2011/08/02 09:31:48.0554 6112 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS
2011/08/02 09:31:48.0678 6112 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
2011/08/02 09:31:48.0788 6112 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
2011/08/02 09:31:48.0959 6112 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
2011/08/02 09:31:49.0100 6112 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
2011/08/02 09:31:49.0302 6112 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
2011/08/02 09:31:49.0380 6112 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
2011/08/02 09:31:49.0614 6112 DokanCEDriver (c3ed108f45666fe80ee4dec203668494) C:\Program Files\Pogoplug\dokance.sys
2011/08/02 09:31:49.0958 6112 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/08/02 09:31:50.0114 6112 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
2011/08/02 09:31:50.0238 6112 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
2011/08/02 09:31:50.0472 6112 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/08/02 09:31:50.0784 6112 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
2011/08/02 09:31:51.0034 6112 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/02 09:31:51.0830 6112 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/08/02 09:31:52.0329 6112 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/02 09:31:52.0750 6112 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/02 09:31:53.0015 6112 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/08/02 09:31:53.0140 6112 eyeonedp (8313a6af9de34a9d24df2329a548b004) C:\Windows\system32\DRIVERS\eyeonedp.sys
2011/08/02 09:31:53.0280 6112 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/08/02 09:31:53.0405 6112 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/02 09:31:53.0546 6112 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/08/02 09:31:53.0686 6112 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/08/02 09:31:53.0827 6112 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/02 09:31:53.0951 6112 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/08/02 09:31:54.0045 6112 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/08/02 09:31:54.0139 6112 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/02 09:31:54.0232 6112 FTDIBUS (a36e8beedb3aaca09bf55a1d17904bc8) C:\Windows\system32\drivers\ftdibus.sys
2011/08/02 09:31:54.0341 6112 FTSER2K (a14a1f4bb391df9c233cb5dbd05feb70) C:\Windows\system32\drivers\ftser2k.sys
2011/08/02 09:31:54.0482 6112 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/02 09:31:54.0591 6112 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/02 09:31:54.0653 6112 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/08/02 09:31:54.0763 6112 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/02 09:31:54.0809 6112 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/02 09:31:54.0856 6112 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/02 09:31:54.0887 6112 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/02 09:31:54.0934 6112 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/02 09:31:55.0012 6112 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/02 09:31:55.0075 6112 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/02 09:31:55.0153 6112 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/08/02 09:31:55.0199 6112 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/08/02 09:31:55.0246 6112 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/08/02 09:31:55.0324 6112 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/02 09:31:55.0418 6112 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/02 09:31:55.0527 6112 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/08/02 09:31:55.0605 6112 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/02 09:31:55.0699 6112 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/02 09:31:55.0777 6112 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/02 09:31:55.0855 6112 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/02 09:31:55.0933 6112 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/02 09:31:55.0979 6112 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/08/02 09:31:56.0073 6112 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/08/02 09:31:56.0135 6112 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/02 09:31:56.0229 6112 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/02 09:31:56.0338 6112 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/02 09:31:56.0385 6112 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/02 09:31:56.0432 6112 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/02 09:31:56.0510 6112 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/02 09:31:56.0666 6112 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/02 09:31:56.0791 6112 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/02 09:31:56.0837 6112 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/02 09:31:56.0884 6112 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/02 09:31:56.0947 6112 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/02 09:31:57.0025 6112 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/08/02 09:31:57.0103 6112 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/08/02 09:31:57.0149 6112 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/02 09:31:57.0181 6112 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/02 09:31:57.0227 6112 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
2011/08/02 09:31:57.0274 6112 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
2011/08/02 09:31:57.0321 6112 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/08/02 09:31:57.0368 6112 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/02 09:31:57.0399 6112 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/02 09:31:57.0446 6112 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/02 09:31:57.0508 6112 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/08/02 09:31:57.0571 6112 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/02 09:31:57.0633 6112 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/02 09:31:57.0727 6112 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/08/02 09:31:57.0820 6112 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/02 09:31:57.0867 6112 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/02 09:31:57.0929 6112 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/02 09:31:57.0992 6112 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/02 09:31:58.0054 6112 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/02 09:31:58.0179 6112 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/08/02 09:31:58.0241 6112 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/02 09:31:58.0273 6112 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/02 09:31:58.0351 6112 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/02 09:31:58.0382 6112 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/02 09:31:58.0429 6112 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/08/02 09:31:58.0460 6112 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/08/02 09:31:58.0507 6112 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/02 09:31:58.0522 6112 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/08/02 09:31:58.0553 6112 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/02 09:31:58.0600 6112 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/08/02 09:31:58.0663 6112 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/02 09:31:58.0725 6112 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/08/02 09:31:58.0756 6112 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/02 09:31:58.0803 6112 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/02 09:31:58.0834 6112 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/02 09:31:58.0881 6112 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/08/02 09:31:58.0912 6112 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/02 09:31:58.0959 6112 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/02 09:31:59.0084 6112 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/02 09:31:59.0131 6112 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/08/02 09:31:59.0162 6112 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/02 09:31:59.0240 6112 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/08/02 09:31:59.0287 6112 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/08/02 09:31:59.0333 6112 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/08/02 09:31:59.0380 6112 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/08/02 09:31:59.0427 6112 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/02 09:31:59.0443 6112 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/02 09:31:59.0536 6112 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/08/02 09:31:59.0567 6112 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/08/02 09:31:59.0599 6112 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/02 09:31:59.0645 6112 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/08/02 09:31:59.0661 6112 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/02 09:31:59.0708 6112 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/02 09:31:59.0739 6112 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/08/02 09:31:59.0801 6112 PDIHWCTL (274fb48dc92e0ec012d4d8d866cfaf8a) C:\Windows\system32\drivers\pdihwctl.sys
2011/08/02 09:31:59.0848 6112 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/08/02 09:32:00.0020 6112 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/02 09:32:00.0051 6112 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/08/02 09:32:00.0160 6112 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/02 09:32:00.0285 6112 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/08/02 09:32:00.0425 6112 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/02 09:32:00.0503 6112 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/02 09:32:00.0581 6112 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/02 09:32:00.0628 6112 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/02 09:32:00.0706 6112 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/02 09:32:00.0815 6112 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/02 09:32:00.0925 6112 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/02 09:32:00.0987 6112 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/02 09:32:01.0034 6112 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/02 09:32:01.0081 6112 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/02 09:32:01.0112 6112 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/02 09:32:01.0174 6112 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/02 09:32:01.0205 6112 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/02 09:32:01.0252 6112 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/08/02 09:32:01.0315 6112 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/08/02 09:32:01.0408 6112 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/08/02 09:32:01.0471 6112 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/08/02 09:32:01.0595 6112 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/08/02 09:32:01.0720 6112 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/02 09:32:01.0876 6112 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/02 09:32:01.0954 6112 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/02 09:32:02.0017 6112 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/02 09:32:02.0126 6112 SCDEmu (c23dbd9bfba8b1170706e0896b3cf7da) C:\Windows\system32\drivers\SCDEmu.sys
2011/08/02 09:32:02.0204 6112 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/02 09:32:02.0329 6112 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/02 09:32:02.0407 6112 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/02 09:32:02.0531 6112 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/02 09:32:02.0609 6112 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/08/02 09:32:02.0672 6112 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/02 09:32:02.0797 6112 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/02 09:32:02.0843 6112 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/02 09:32:02.0890 6112 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/02 09:32:02.0906 6112 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/02 09:32:02.0968 6112 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/08/02 09:32:03.0031 6112 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/02 09:32:03.0062 6112 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/02 09:32:03.0109 6112 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/08/02 09:32:03.0171 6112 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/08/02 09:32:03.0280 6112 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
2011/08/02 09:32:03.0311 6112 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/02 09:32:03.0343 6112 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/02 09:32:03.0421 6112 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/02 09:32:03.0483 6112 STHDA (3cfea727795243364bb6a7f9a091faa3) C:\Windows\system32\drivers\stwrt.sys
2011/08/02 09:32:03.0545 6112 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/02 09:32:03.0608 6112 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/02 09:32:03.0717 6112 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys
2011/08/02 09:32:03.0779 6112 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/02 09:32:03.0857 6112 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/02 09:32:03.0935 6112 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/08/02 09:32:03.0998 6112 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/08/02 09:32:04.0076 6112 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/02 09:32:04.0138 6112 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/02 09:32:04.0310 6112 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/02 09:32:04.0388 6112 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/02 09:32:04.0450 6112 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/02 09:32:04.0513 6112 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/02 09:32:04.0637 6112 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/02 09:32:04.0684 6112 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/02 09:32:04.0762 6112 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/02 09:32:04.0871 6112 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/02 09:32:04.0949 6112 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/02 09:32:05.0027 6112 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/02 09:32:05.0105 6112 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/02 09:32:05.0168 6112 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/02 09:32:05.0230 6112 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/02 09:32:05.0293 6112 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/02 09:32:05.0355 6112 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/02 09:32:05.0417 6112 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/02 09:32:05.0464 6112 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
2011/08/02 09:32:05.0542 6112 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/02 09:32:05.0589 6112 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/02 09:32:05.0620 6112 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/08/02 09:32:05.0651 6112 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/02 09:32:05.0698 6112 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/08/02 09:32:05.0729 6112 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/08/02 09:32:05.0745 6112 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/02 09:32:05.0792 6112 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/02 09:32:05.0823 6112 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/08/02 09:32:05.0870 6112 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/02 09:32:05.0901 6112 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/02 09:32:05.0948 6112 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/02 09:32:05.0995 6112 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/02 09:32:06.0041 6112 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/02 09:32:06.0119 6112 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/02 09:32:06.0135 6112 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/02 09:32:06.0244 6112 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/08/02 09:32:06.0291 6112 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/02 09:32:06.0400 6112 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/02 09:32:06.0431 6112 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/08/02 09:32:06.0494 6112 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/08/02 09:32:06.0619 6112 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/02 09:32:06.0665 6112 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/02 09:32:06.0759 6112 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/02 09:32:06.0837 6112 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/08/02 09:32:06.0884 6112 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/02 09:32:06.0946 6112 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/08/02 09:32:07.0024 6112 xcetap0 (f1b0d70c41a7e604e5a4ef62dd2c65f6) C:\Windows\system32\DRIVERS\xcetap0.sys
2011/08/02 09:32:07.0118 6112 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/02 09:32:07.0180 6112 Boot (0x1200) (0f01a849e6909b48e4dd049e16db3fcc) \Device\Harddisk0\DR0\Partition0
2011/08/02 09:32:07.0211 6112 Boot (0x1200) (8e841168619b484400438fc8c27e6c02) \Device\Harddisk0\DR0\Partition1
2011/08/02 09:32:07.0289 6112 Boot (0x1200) (6d4a10168d38217029b9d1ee779da6a3) \Device\Harddisk0\DR0\Partition2
2011/08/02 09:32:07.0305 6112 ================================================================================
2011/08/02 09:32:07.0305 6112 Scan finished
2011/08/02 09:32:07.0305 6112 ================================================================================
2011/08/02 09:32:07.0352 2780 Detected object count: 0
2011/08/02 09:32:07.0352 2780 Actual detected object count: 0
2011/08/02 09:33:32.0559 2344 ================================================================================
2011/08/02 09:33:32.0559 2344 Scan started
2011/08/02 09:33:32.0559 2344 Mode: Manual;
2011/08/02 09:33:32.0559 2344 ================================================================================
2011/08/02 09:33:33.0214 2344 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/02 09:33:33.0277 2344 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/02 09:33:33.0323 2344 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/02 09:33:33.0401 2344 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/02 09:33:33.0479 2344 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/02 09:33:33.0542 2344 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/02 09:33:33.0651 2344 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
2011/08/02 09:33:33.0713 2344 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2011/08/02 09:33:33.0745 2344 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/02 09:33:33.0776 2344 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/08/02 09:33:33.0823 2344 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/02 09:33:33.0854 2344 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/08/02 09:33:33.0885 2344 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/02 09:33:33.0932 2344 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/02 09:33:33.0979 2344 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/02 09:33:34.0041 2344 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/08/02 09:33:34.0088 2344 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/02 09:33:34.0135 2344 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/08/02 09:33:34.0197 2344 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/08/02 09:33:34.0259 2344 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/08/02 09:33:34.0291 2344 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/02 09:33:34.0353 2344 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys
2011/08/02 09:33:34.0400 2344 aswFW (e87019bdb5a06a096d7cec7aacd0ee40) C:\Windows\system32\drivers\aswFW.sys
2011/08/02 09:33:34.0447 2344 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
2011/08/02 09:33:34.0462 2344 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\Windows\system32\DRIVERS\aswNdis.sys
2011/08/02 09:33:34.0509 2344 aswNdis2 (07ff8c2ba038764cdeb4ffd1331ad29c) C:\Windows\system32\drivers\aswNdis2.sys
2011/08/02 09:33:34.0540 2344 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
2011/08/02 09:33:34.0571 2344 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
2011/08/02 09:33:34.0618 2344 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
2011/08/02 09:33:34.0665 2344 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
2011/08/02 09:33:34.0712 2344 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/02 09:33:34.0759 2344 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/02 09:33:34.0883 2344 atikmdag (1a105f6d20189320d80e1c36635fe1dd) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/02 09:33:34.0993 2344 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/08/02 09:33:35.0195 2344 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/08/02 09:33:35.0258 2344 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/02 09:33:35.0383 2344 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/08/02 09:33:35.0445 2344 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/08/02 09:33:35.0523 2344 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/08/02 09:33:35.0601 2344 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/02 09:33:35.0695 2344 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/02 09:33:35.0726 2344 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/02 09:33:35.0757 2344 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/02 09:33:35.0819 2344 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/08/02 09:33:35.0851 2344 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/02 09:33:35.0882 2344 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/02 09:33:35.0913 2344 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/02 09:33:35.0929 2344 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/02 09:33:36.0116 2344 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/02 09:33:36.0147 2344 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/02 09:33:36.0178 2344 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/02 09:33:36.0225 2344 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/08/02 09:33:36.0303 2344 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/02 09:33:36.0350 2344 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/02 09:33:36.0412 2344 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/08/02 09:33:36.0475 2344 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/02 09:33:36.0521 2344 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/02 09:33:36.0615 2344 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/02 09:33:36.0833 2344 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
2011/08/02 09:33:36.0927 2344 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/08/02 09:33:36.0989 2344 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/08/02 09:33:37.0083 2344 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
2011/08/02 09:33:37.0161 2344 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
2011/08/02 09:33:37.0223 2344 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
2011/08/02 09:33:37.0286 2344 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS
2011/08/02 09:33:37.0348 2344 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
2011/08/02 09:33:37.0411 2344 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
2011/08/02 09:33:37.0473 2344 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
2011/08/02 09:33:37.0551 2344 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
2011/08/02 09:33:37.0613 2344 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
2011/08/02 09:33:37.0676 2344 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
2011/08/02 09:33:37.0801 2344 DokanCEDriver (c3ed108f45666fe80ee4dec203668494) C:\Program Files\Pogoplug\dokance.sys
2011/08/02 09:33:37.0910 2344 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/08/02 09:33:37.0972 2344 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
2011/08/02 09:33:38.0019 2344 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
2011/08/02 09:33:38.0144 2344 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/08/02 09:33:38.0222 2344 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
2011/08/02 09:33:38.0315 2344 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/02 09:33:38.0503 2344 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/08/02 09:33:38.0737 2344 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/02 09:33:38.0815 2344 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/02 09:33:38.0924 2344 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/08/02 09:33:38.0986 2344 eyeonedp (8313a6af9de34a9d24df2329a548b004) C:\Windows\system32\DRIVERS\eyeonedp.sys
2011/08/02 09:33:39.0049 2344 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/08/02 09:33:39.0111 2344 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/02 09:33:39.0205 2344 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/08/02 09:33:39.0283 2344 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/08/02 09:33:39.0361 2344 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/02 09:33:39.0407 2344 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/08/02 09:33:39.0501 2344 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/08/02 09:33:39.0563 2344 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/02 09:33:39.0641 2344 FTDIBUS (a36e8beedb3aaca09bf55a1d17904bc8) C:\Windows\system32\drivers\ftdibus.sys
2011/08/02 09:33:39.0673 2344 FTSER2K (a14a1f4bb391df9c233cb5dbd05feb70) C:\Windows\system32\drivers\ftser2k.sys
2011/08/02 09:33:39.0735 2344 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/02 09:33:39.0751 2344 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/02 09:33:39.0797 2344 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/08/02 09:33:39.0875 2344 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/02 09:33:39.0891 2344 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/02 09:33:39.0922 2344 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/02 09:33:39.0953 2344 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/02 09:33:39.0985 2344 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/02 09:33:40.0016 2344 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/02 09:33:40.0078 2344 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/02 09:33:40.0141 2344 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/08/02 09:33:40.0172 2344 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/08/02 09:33:40.0219 2344 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/08/02 09:33:40.0265 2344 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/02 09:33:40.0312 2344 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/02 09:33:40.0406 2344 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/08/02 09:33:40.0499 2344 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/02 09:33:40.0593 2344 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/02 09:33:40.0655 2344 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/02 09:33:40.0733 2344 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/02 09:33:40.0811 2344 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/02 09:33:40.0858 2344 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/08/02 09:33:40.0936 2344 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/08/02 09:33:40.0983 2344 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/02 09:33:41.0061 2344 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/02 09:33:41.0108 2344 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/02 09:33:41.0155 2344 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/02 09:33:41.0233 2344 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/02 09:33:41.0295 2344 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/02 09:33:41.0451 2344 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/02 09:33:41.0560 2344 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/02 09:33:41.0607 2344 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/02 09:33:41.0669 2344 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/02 09:33:41.0716 2344 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/02 09:33:41.0794 2344 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/08/02 09:33:41.0872 2344 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/08/02 09:33:41.0903 2344 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/02 09:33:41.0935 2344 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/02 09:33:41.0981 2344 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
2011/08/02 09:33:42.0028 2344 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
2011/08/02 09:33:42.0075 2344 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/08/02 09:33:42.0106 2344 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/02 09:33:42.0137 2344 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/02 09:33:42.0153 2344 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/02 09:33:42.0184 2344 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/08/02 09:33:42.0231 2344 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/02 09:33:42.0262 2344 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/02 09:33:42.0325 2344 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/08/02 09:33:42.0371 2344 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/02 09:33:42.0403 2344 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/02 09:33:42.0449 2344 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/02 09:33:42.0496 2344 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/02 09:33:42.0559 2344 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/02 09:33:42.0668 2344 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/08/02 09:33:42.0715 2344 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/02 09:33:42.0761 2344 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/02 09:33:42.0902 2344 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/02 09:33:43.0011 2344 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/02 09:33:43.0120 2344 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/08/02 09:33:43.0167 2344 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/08/02 09:33:43.0229 2344 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/02 09:33:43.0292 2344 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/08/02 09:33:43.0323 2344 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/02 09:33:43.0370 2344 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/08/02 09:33:43.0417 2344 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/02 09:33:43.0463 2344 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/08/02 09:33:43.0495 2344 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/02 09:33:43.0526 2344 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/02 09:33:43.0557 2344 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/02 09:33:43.0604 2344 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/08/02 09:33:43.0635 2344 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/02 09:33:43.0666 2344 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/02 09:33:43.0775 2344 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/02 09:33:43.0822 2344 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/08/02 09:33:43.0853 2344 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/02 09:33:43.0931 2344 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/08/02 09:33:43.0978 2344 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/08/02 09:33:44.0041 2344 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/08/02 09:33:44.0119 2344 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/08/02 09:33:44.0181 2344 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/02 09:33:44.0259 2344 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/02 09:33:44.0462 2344 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/08/02 09:33:44.0540 2344 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/08/02 09:33:44.0587 2344 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/02 09:33:44.0680 2344 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/08/02 09:33:44.0727 2344 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/02 09:33:44.0805 2344 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/02 09:33:44.0852 2344 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/08/02 09:33:44.0899 2344 PDIHWCTL (274fb48dc92e0ec012d4d8d866cfaf8a) C:\Windows\system32\drivers\pdihwctl.sys
2011/08/02 09:33:44.0945 2344 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/08/02 09:33:45.0101 2344 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/02 09:33:45.0133 2344 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/08/02 09:33:45.0195 2344 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/02 09:33:45.0257 2344 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/08/02 09:33:45.0351 2344 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/02 09:33:45.0429 2344 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/02 09:33:45.0491 2344 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/02 09:33:45.0554 2344 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/02 09:33:45.0616 2344 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/02 09:33:45.0710 2344 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/02 09:33:45.0772 2344 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/02 09:33:45.0835 2344 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/02 09:33:45.0897 2344 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/02 09:33:45.0944 2344 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/02 09:33:46.0006 2344 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/02 09:33:46.0084 2344 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/02 09:33:46.0115 2344 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/02 09:33:46.0178 2344 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/08/02 09:33:46.0240 2344 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/08/02 09:33:46.0303 2344 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/08/02 09:33:46.0349 2344 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/08/02 09:33:46.0396 2344 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/08/02 09:33:46.0459 2344 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/02 09:33:46.0552 2344 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/02 09:33:46.0583 2344 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/02 09:33:46.0615 2344 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/02 09:33:46.0693 2344 SCDEmu (c23dbd9bfba8b1170706e0896b3cf7da) C:\Windows\system32\drivers\SCDEmu.sys
2011/08/02 09:33:46.0724 2344 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/02 09:33:46.0849 2344 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/02 09:33:46.0911 2344 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/02 09:33:47.0036 2344 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/02 09:33:47.0083 2344 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/08/02 09:33:47.0145 2344 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/02 09:33:47.0270 2344 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/02 09:33:47.0301 2344 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/02 09:33:47.0332 2344 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/02 09:33:47.0363 2344 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/02 09:33:47.0410 2344 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/08/02 09:33:47.0441 2344 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/02 09:33:47.0488 2344 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/02 09:33:47.0519 2344 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/08/02 09:33:47.0582 2344 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/08/02 09:33:47.0675 2344 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
2011/08/02 09:33:47.0707 2344 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/02 09:33:47.0753 2344 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/02 09:33:47.0816 2344 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/02 09:33:47.0863 2344 STHDA (3cfea727795243364bb6a7f9a091faa3) C:\Windows\system32\drivers\stwrt.sys
2011/08/02 09:33:47.0972 2344 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/02 09:33:48.0112 2344 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/02 09:33:48.0300 2344 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys
2011/08/02 09:33:48.0440 2344 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/02 09:33:48.0518 2344 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/02 09:33:48.0596 2344 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/08/02 09:33:48.0674 2344 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/08/02 09:33:48.0721 2344 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/02 09:33:48.0783 2344 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/02 09:33:48.0924 2344 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/02 09:33:48.0955 2344 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/02 09:33:48.0986 2344 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/02 09:33:49.0033 2344 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/02 09:33:49.0095 2344 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/02 09:33:49.0126 2344 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/02 09:33:49.0158 2344 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/02 09:33:49.0236 2344 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/02 09:33:49.0282 2344 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/02 09:33:49.0329 2344 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/02 09:33:49.0360 2344 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/02 09:33:49.0407 2344 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/02 09:33:49.0438 2344 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/02 09:33:49.0485 2344 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/02 09:33:49.0548 2344 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/02 09:33:49.0610 2344 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/02 09:33:49.0672 2344 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
2011/08/02 09:33:49.0782 2344 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/02 09:33:49.0844 2344 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/02 09:33:49.0906 2344 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/08/02 09:33:49.0969 2344 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/02 09:33:50.0016 2344 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/08/02 09:33:50.0094 2344 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/08/02 09:33:50.0140 2344 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/02 09:33:50.0203 2344 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/02 09:33:50.0265 2344 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/08/02 09:33:50.0343 2344 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/02 09:33:50.0406 2344 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/02 09:33:50.0468 2344 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/02 09:33:50.0530 2344 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/02 09:33:50.0640 2344 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/02 09:33:50.0671 2344 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/02 09:33:50.0702 2344 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/02 09:33:50.0780 2344 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/08/02 09:33:50.0811 2344 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/02 09:33:50.0889 2344 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/02 09:33:50.0920 2344 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/08/02 09:33:50.0983 2344 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/08/02 09:33:51.0123 2344 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/02 09:33:51.0217 2344 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/02 09:33:51.0373 2344 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/02 09:33:51.0498 2344 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/08/02 09:33:51.0560 2344 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/02 09:33:51.0654 2344 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/08/02 09:33:51.0716 2344 xcetap0 (f1b0d70c41a7e604e5a4ef62dd2c65f6) C:\Windows\system32\DRIVERS\xcetap0.sys
2011/08/02 09:33:51.0763 2344 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/02 09:33:51.0810 2344 Boot (0x1200) (0f01a849e6909b48e4dd049e16db3fcc) \Device\Harddisk0\DR0\Partition0
2011/08/02 09:33:51.0825 2344 Boot (0x1200) (8e841168619b484400438fc8c27e6c02) \Device\Harddisk0\DR0\Partition1
2011/08/02 09:33:51.0872 2344 Boot (0x1200) (6d4a10168d38217029b9d1ee779da6a3) \Device\Harddisk0\DR0\Partition2
2011/08/02 09:33:51.0872 2344 ================================================================================
2011/08/02 09:33:51.0872 2344 Scan finished
2011/08/02 09:33:51.0872 2344 ================================================================================
2011/08/02 09:33:51.0903 4360 Detected object count: 0
2011/08/02 09:33:51.0903 4360 Actual detected object count: 0

Gmer Log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-02 09:29:51
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM500JI rev.2AC101C4
Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\fxdyipoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8DA5B202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8EAF1D8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8DA5D7F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8DA5D848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8DA5D95E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8DA5D746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8DA5D898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8DA5D79A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8DA5D90C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8DA5B226]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8EAF1E3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8DA5AFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8DA5B24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8DA5DD56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8DA5BCDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8DA5D820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8DA5D870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8DA5D988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8DA5D772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8DA5D8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8DA5D7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8DA5D936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8EAF1ED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8DA5BBA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8DA5B26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8DA5B292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8DA5B04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8DA5B186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8DA5B162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8DA5B1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8DA5B2B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8EB07398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C94569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB9092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 214 82CC0824 4 Bytes [02, B2, A5, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82CC084C 4 Bytes [8C, 1D, AF, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82CC0900 8 Bytes [F0, D7, A5, 8D, 48, D8, A5, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82CC090C 4 Bytes [5E, D9, A5, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 82CC0928 4 Bytes [46, D7, A5, 8D]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E5A2CC 5 Bytes JMP 8EB02D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E74003 5 Bytes JMP 8EB0480A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82EBE5CA 4 Bytes CALL 8DA5C34B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82EC66A4 4 Bytes CALL 8DA5C361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82F2C2EC 7 Bytes JMP 8EB0739C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
.text kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text user32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes [E9, 88, 3D, E0, 8A] {JMP 0xffffffff8ae03d8d}
.text user32.dll!UnhookWinEvent 7539D924 5 Bytes [E9, D3, 2A, E0, 8A] {JMP 0xffffffff8ae02ad8}
.text user32.dll!SetWindowsHookExW 753A210A 5 Bytes [E9, F5, E6, DF, 8A] {JMP 0xffffffff8adfe6fa}
.text user32.dll!SetWinEventHook 753A507E 5 Bytes [E9, 75, B1, DF, 8A] {JMP 0xffffffff8adfb17a}
.text user32.dll!SetWindowsHookExA 753C6DFA 5 Bytes [E9, 01, 98, DD, 8A] {JMP 0xffffffff8add9806}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\svchost.exe[464] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[464] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[464] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[464] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 001B0A08
.text C:\Windows\System32\svchost.exe[464] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001B03FC
.text C:\Windows\System32\svchost.exe[464] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 001B0804
.text C:\Windows\System32\svchost.exe[464] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001B01F8
.text C:\Windows\System32\svchost.exe[464] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 001B0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[516] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[516] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[516] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[516] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[516] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[516] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[516] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[516] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00100600
.text C:\Program Files\Pogoplug\PPDrive.exe[524] KERNEL32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\csrss.exe[528] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\wininit.exe[596] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[596] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[596] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\wininit.exe[596] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wininit.exe[596] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wininit.exe[596] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\wininit.exe[596] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wininit.exe[596] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 000C0600
.text C:\Windows\system32\csrss.exe[608] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\services.exe[652] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[652] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[652] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[688] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[688] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[688] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[688] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 000C0A08
.text C:\Windows\system32\winlogon.exe[688] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 000C03FC
.text C:\Windows\system32\winlogon.exe[688] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\winlogon.exe[688] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\winlogon.exe[688] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 000C0600
.text C:\Windows\system32\lsass.exe[716] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[716] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[716] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\lsass.exe[716] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00210A08
.text C:\Windows\system32\lsass.exe[716] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 002103FC
.text C:\Windows\system32\lsass.exe[716] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00210804
.text C:\Windows\system32\lsass.exe[716] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 002101F8
.text C:\Windows\system32\lsass.exe[716] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00210600
.text C:\Windows\system32\lsm.exe[724] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsm.exe[724] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsm.exe[724] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[832] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[832] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\atashost.exe[848] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000903FC
.text C:\Windows\system32\atashost.exe[848] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000901F8
.text C:\Windows\system32\atashost.exe[848] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\atashost.exe[848] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00120A08
.text C:\Windows\system32\atashost.exe[848] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001203FC
.text C:\Windows\system32\atashost.exe[848] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00120804
.text C:\Windows\system32\atashost.exe[848] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001201F8
.text C:\Windows\system32\atashost.exe[848] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00120600
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\Ati2evxx.exe[1000] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 001503FC
.text C:\Windows\system32\Ati2evxx.exe[1000] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 001501F8
.text C:\Windows\system32\Ati2evxx.exe[1000] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\Ati2evxx.exe[1000] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 001E0A08
.text C:\Windows\system32\Ati2evxx.exe[1000] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001E03FC
.text C:\Windows\system32\Ati2evxx.exe[1000] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 001E0804
.text C:\Windows\system32\Ati2evxx.exe[1000] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001E01F8
.text C:\Windows\system32\Ati2evxx.exe[1000] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 001E0600
.text C:\Windows\system32\SearchIndexer.exe[1040] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[1040] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[1040] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[1040] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00100A08
.text C:\Windows\system32\SearchIndexer.exe[1040] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001003FC
.text C:\Windows\system32\SearchIndexer.exe[1040] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00100804
.text C:\Windows\system32\SearchIndexer.exe[1040] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001001F8
.text C:\Windows\system32\SearchIndexer.exe[1040] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00100600
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00320A08
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 003203FC
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00320804
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 003201F8
.text C:\Windows\System32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00320600
.text C:\Windows\system32\Ati2evxx.exe[1084] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 001503FC
.text C:\Windows\system32\Ati2evxx.exe[1084] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 001501F8
.text C:\Windows\system32\Ati2evxx.exe[1084] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\Ati2evxx.exe[1084] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 001E0A08
.text C:\Windows\system32\Ati2evxx.exe[1084] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001E03FC
.text C:\Windows\system32\Ati2evxx.exe[1084] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 001E0804
.text C:\Windows\system32\Ati2evxx.exe[1084] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001E01F8
.text C:\Windows\system32\Ati2evxx.exe[1084] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 001E0600
.text C:\Windows\System32\svchost.exe[1092] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1092] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1092] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00450A08
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 004503FC
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00450804
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 004501F8
.text C:\Windows\System32\svchost.exe[1092] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00450600
.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 009C0A08
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 009C03FC
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 009C0804
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 009C01F8
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 009C0600
.text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[1176] KERNEL32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00900A08
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 009003FC
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00900804
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 009001F8
.text C:\Windows\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00900600
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1324] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00620A08
.text C:\Windows\system32\svchost.exe[1324] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 006203FC
.text C:\Windows\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00620804
.text C:\Windows\system32\svchost.exe[1324] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 006201F8
.text C:\Windows\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00620600
.text C:\Windows\system32\taskhost.exe[1352] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[1352] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[1352] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[1352] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 000E0A08
.text C:\Windows\system32\taskhost.exe[1352] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskhost.exe[1352] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 000E0804
.text C:\Windows\system32\taskhost.exe[1352] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskhost.exe[1352] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 000E0600
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1404] kernel32.dll!SetUnhandledExceptionFilter 76CC30E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1404] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1424] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\afwServ.exe[1436] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1952] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[1952] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[1952] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1952] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00140A08
.text C:\Windows\System32\spoolsv.exe[1952] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001403FC
.text C:\Windows\System32\spoolsv.exe[1952] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00140804
.text C:\Windows\System32\spoolsv.exe[1952] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001401F8
.text C:\Windows\System32\spoolsv.exe[1952] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[1988] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1988] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1988] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1988] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00280A08
.text C:\Windows\system32\svchost.exe[1988] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 002803FC
.text C:\Windows\system32\svchost.exe[1988] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00280804
.text C:\Windows\system32\svchost.exe[1988] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 002801F8
.text C:\Windows\system32\svchost.exe[1988] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00280600
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[2028] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[2028] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[2028] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[2028] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 001E0A08
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[2028] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001E03FC
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[2028] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 001E0804
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[2028] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001E01F8
.text C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE[2028] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 001E0600
.text C:\Windows\system32\Dwm.exe[2080] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[2080] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[2080] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2080] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[2080] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[2080] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[2080] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[2080] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 000F0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2412] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2412] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2412] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2412] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2412] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 002003FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2412] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00200804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2412] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 002001F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2412] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00200600
.text C:\Program Files\Pogoplug\dokanmnt.exe[2444] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Pogoplug\dokanmnt.exe[2444] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Pogoplug\dokanmnt.exe[2444] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2500] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000903FC
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2500] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000901F8
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2500] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2500] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00130A08
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2500] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001303FC
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2500] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00130804
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2500] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001301F8
.text C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE[2500] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00130600
.text C:\Windows\system32\svchost.exe[2520] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2520] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2520] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2520] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00570A08
.text C:\Windows\system32\svchost.exe[2520] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 005703FC
.text C:\Windows\system32\svchost.exe[2520] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00570804
.text C:\Windows\system32\svchost.exe[2520] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 005701F8
.text C:\Windows\system32\svchost.exe[2520] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00570600
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[2648] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[2648] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[2648] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[2648] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 001E0A08
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[2648] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001E03FC
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[2648] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 001E0804
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[2648] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001E01F8
.text C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe[2648] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 001E0600
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2852] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2852] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2852] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2852] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00080A08
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2852] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 000803FC
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2852] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00080804
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2852] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 000801F8
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[2852] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2872] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2872] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2872] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2872] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2872] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2872] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 001F0804
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2872] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[2872] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[2900] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[2900] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[2900] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[2900] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 002F0A08
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[2900] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 002F03FC
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[2900] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 002F0804
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[2900] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 002F01F8
.text C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe[2900] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 002F0600
.text C:\Windows\system32\STacSV.exe[2944] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 001503FC
.text C:\Windows\system32\STacSV.exe[2944] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 001501F8
.text C:\Windows\system32\STacSV.exe[2944] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\STacSV.exe[2944] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 001F0A08
.text C:\Windows\system32\STacSV.exe[2944] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001F03FC
.text C:\Windows\system32\STacSV.exe[2944] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 001F0804
.text C:\Windows\system32\STacSV.exe[2944] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001F01F8
.text C:\Windows\system32\STacSV.exe[2944] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[3020] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[3020] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[3020] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[3020] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 001E0A08
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[3020] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001E03FC
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[3020] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 001E0804
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[3020] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001E01F8
.text C:\Program Files\Pogoplug\HBPLUG\HBWD.EXE[3020] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 001E0600
.text C:\Windows\system32\svchost.exe[3040] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3040] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3040] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\AUDIODG.EXE[3064] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3080] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[3080] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[3080] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3080] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00190A08
.text C:\Windows\System32\svchost.exe[3080] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001903FC
.text C:\Windows\System32\svchost.exe[3080] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00190804
.text C:\Windows\System32\svchost.exe[3080] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001901F8
.text C:\Windows\System32\svchost.exe[3080] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00190600
.text C:\Windows\System32\WLTRYSVC.EXE[3112] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 001603FC
.text C:\Windows\System32\WLTRYSVC.EXE[3112] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 001601F8
.text C:\Windows\System32\WLTRYSVC.EXE[3112] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\System32\WLTRYSVC.EXE[3112] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 001F0A08
.text C:\Windows\System32\WLTRYSVC.EXE[3112] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001F03FC
.text C:\Windows\System32\WLTRYSVC.EXE[3112] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 001F0804
.text C:\Windows\System32\WLTRYSVC.EXE[3112] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001F01F8
.text C:\Windows\System32\WLTRYSVC.EXE[3112] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 001F0600
.text C:\Windows\system32\DRIVERS\xaudio.exe[3160] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 001503FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[3160] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 001501F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3160] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[3160] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 002F0A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[3160] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 002F03FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[3160] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 002F0804
.text C:\Windows\system32\DRIVERS\xaudio.exe[3160] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 002F01F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3160] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 002F0600
.text C:\Windows\System32\bcmwltry.exe[3168] KERNEL32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3456] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3456] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3456] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3456] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00300A08
.text C:\Windows\system32\svchost.exe[3456] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 003003FC
.text C:\Windows\system32\svchost.exe[3456] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00300804
.text C:\Windows\system32\svchost.exe[3456] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 003001F8
.text C:\Windows\system32\svchost.exe[3456] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00300600
.text C:\Program Files\Digital Line Detect\DLG.exe[3536] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Digital Line Detect\DLG.exe[3536] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Digital Line Detect\DLG.exe[3536] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Program Files\Digital Line Detect\DLG.exe[3536] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 001E0A08
.text C:\Program Files\Digital Line Detect\DLG.exe[3536] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001E03FC
.text C:\Program Files\Digital Line Detect\DLG.exe[3536] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 001E0804
.text C:\Program Files\Digital Line Detect\DLG.exe[3536] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001E01F8
.text C:\Program Files\Digital Line Detect\DLG.exe[3536] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 001E0600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3872] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3872] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3872] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3872] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3872] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3872] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3872] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3872] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 001F0600
.text C:\Windows\System32\WLTRAY.EXE[3900] KERNEL32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\sttray.exe[3928] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 001503FC
.text C:\Windows\sttray.exe[3928] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 001501F8
.text C:\Windows\sttray.exe[3928] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\sttray.exe[3928] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00170A08
.text C:\Windows\sttray.exe[3928] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001703FC
.text C:\Windows\sttray.exe[3928] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00170804
.text C:\Windows\sttray.exe[3928] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001701F8
.text C:\Windows\sttray.exe[3928] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3972] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00210600
.text C:\Users\Administrator\Desktop\gmer.exe[4392] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 001603FC
.text C:\Users\Administrator\Desktop\gmer.exe[4392] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 001601F8
.text C:\Users\Administrator\Desktop\gmer.exe[4392] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Users\Administrator\Desktop\gmer.exe[4392] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 001A0A08
.text C:\Users\Administrator\Desktop\gmer.exe[4392] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001A03FC
.text C:\Users\Administrator\Desktop\gmer.exe[4392] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 001A0804
.text C:\Users\Administrator\Desktop\gmer.exe[4392] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001A01F8
.text C:\Users\Administrator\Desktop\gmer.exe[4392] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 001A0600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4456] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4456] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4456] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4456] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00110A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4456] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001103FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4456] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00110804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4456] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001101F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4456] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00110600
.text C:\Program Files\Pogoplug\PPFS.EXE[4716] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 001503FC
.text C:\Program Files\Pogoplug\PPFS.EXE[4716] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 001501F8
.text C:\Program Files\Pogoplug\PPFS.EXE[4716] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Program Files\Pogoplug\PPFS.EXE[4716] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Pogoplug\PPFS.EXE[4716] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Pogoplug\PPFS.EXE[4716] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 001F0804
.text C:\Program Files\Pogoplug\PPFS.EXE[4716] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Pogoplug\PPFS.EXE[4716] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 001F0600
.text C:\Windows\system32\wuauclt.exe[4784] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000B03FC
.text C:\Windows\system32\wuauclt.exe[4784] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000B01F8
.text C:\Windows\system32\wuauclt.exe[4784] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[4784] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 000D0A08
.text C:\Windows\system32\wuauclt.exe[4784] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 000D03FC
.text C:\Windows\system32\wuauclt.exe[4784] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 000D0804
.text C:\Windows\system32\wuauclt.exe[4784] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 000D01F8
.text C:\Windows\system32\wuauclt.exe[4784] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 000D0600
.text C:\Windows\System32\svchost.exe[5452] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000A03FC
.text C:\Windows\System32\svchost.exe[5452] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000A01F8
.text C:\Windows\System32\svchost.exe[5452] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[5452] user32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00370A08
.text C:\Windows\System32\svchost.exe[5452] user32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 003703FC
.text C:\Windows\System32\svchost.exe[5452] user32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00370804
.text C:\Windows\System32\svchost.exe[5452] user32.dll!SetWinEventHook 753A507E 5 Bytes JMP 003701F8
.text C:\Windows\System32\svchost.exe[5452] user32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00370600
.text C:\Windows\Explorer.exe[5460] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.exe[5460] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.exe[5460] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]
.text C:\Windows\Explorer.exe[5460] USER32.dll!UnhookWindowsHookEx 7539CC7B 5 Bytes JMP 00110A08
.text C:\Windows\Explorer.exe[5460] USER32.dll!UnhookWinEvent 7539D924 5 Bytes JMP 001103FC
.text C:\Windows\Explorer.exe[5460] USER32.dll!SetWindowsHookExW 753A210A 5 Bytes JMP 00110804
.text C:\Windows\Explorer.exe[5460] USER32.dll!SetWinEventHook 753A507E 5 Bytes JMP 001101F8
.text C:\Windows\Explorer.exe[5460] USER32.dll!SetWindowsHookExA 753C6DFA 5 Bytes JMP 00110600
.text C:\Windows\System32\svchost.exe[6012] ntdll.dll!LdrUnloadDll 76EFBEAF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[6012] ntdll.dll!LdrLoadDll 76EFF5B5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[6012] kernel32.dll!GetBinaryTypeW + 70 76CD78FC 1 Byte [62]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

Device \Driver\ACPI_HAL \Device\0000005e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:4904] A188DF2E

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{85AFFCE1-E59E-4CDF-8608-80BFD3AA6246}
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\8C7083C5-9A2D-42CD-BAA5-6B05325BDA02@IPAddress 127.0.0.1

---- EOF - GMER 1.0.15 ----

I've attached the ComboFix log because my post was too long otherwise.

Attached File(s)

ComboFix.txt (28.28K)
Number of downloads: 1

#9 sempai

noypi

Group: Malware Response Team
Posts: 5,161
Joined: 30-June 06
Gender:Male
Location:3 stars and a sun

Posted 02 August 2011 - 10:54 AM

How's the computer running now?

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here to run the scan.

Quote
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close, but make sure you copy the logfile first.
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

~Semp

#10 Ketty Loffer

Member

Group: Members
Posts: 19
Joined: 04-July 11

Posted 03 August 2011 - 10:08 AM

My computer seems to be running better. I can run virus scans again, whereas before I couldn't.

ESET on hour 16 of the scan but I did get the threats found log, here it is:

C:\ProgramData\Alwil Software\Avast5\arpot\7eacb5-1584-0.dat Win32/Rootkit.Agent.NUT trojan
C:\ProgramData\Alwil Software\Avast5\arpot\7f1066-768-0.dat Win32/Rootkit.Agent.NUT trojan
C:\ProgramData\Alwil Software\Avast5\arpot\809fd9-1700-0.dat Win32/Rootkit.Agent.NUT trojan
C:\ProgramData\Alwil Software\Avast5\arpot\884d76-15ec-0.dat Win32/Rootkit.Agent.NUT trojan
C:\ProgramData\Alwil Software\Avast5\arpot\8c18fe-f2c-0.dat Win32/Rootkit.Agent.NUT trojan
C:\ProgramData\Alwil Software\Avast5\arpot\8caed7-16fc-0.dat Win32/Rootkit.Agent.NUT trojan
C:\ProgramData\Alwil Software\Avast5\arpot\8d1373-b3c-0.dat Win32/Rootkit.Agent.NUT trojan
C:\Qoobox\Quarantine\C\Windows\System32\drivers\1186436690.sys.vir Win32/Rootkit.Agent.NTT trojan
C:\Users\All Users\Alwil Software\Avast5\arpot\7eacb5-1584-0.dat Win32/Rootkit.Agent.NUT trojan
C:\Users\All Users\Alwil Software\Avast5\arpot\7f1066-768-0.dat Win32/Rootkit.Agent.NUT trojan
C:\Users\All Users\Alwil Software\Avast5\arpot\809fd9-1700-0.dat Win32/Rootkit.Agent.NUT trojan
C:\Users\All Users\Alwil Software\Avast5\arpot\884d76-15ec-0.dat Win32/Rootkit.Agent.NUT trojan
C:\Users\All Users\Alwil Software\Avast5\arpot\8c18fe-f2c-0.dat Win32/Rootkit.Agent.NUT trojan
C:\Users\All Users\Alwil Software\Avast5\arpot\8caed7-16fc-0.dat Win32/Rootkit.Agent.NUT trojan
C:\Users\All Users\Alwil Software\Avast5\arpot\8d1373-b3c-0.dat Win32/Rootkit.Agent.NUT trojan
C:\Windows\winsxs\x86_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.1.7600.16385_none_f30ee6e4b89e5dbf\ndiswan.sys Win32/Rootkit.Agent.NUT trojan

Do you want me to try re-running ESET? And is there a way to exclude cloud drives non-system drives because those are where ESET seems to get stuck.

#11 sempai

noypi

Group: Malware Response Team
Posts: 5,161
Joined: 30-June 06
Gender:Male
Location:3 stars and a sun

Posted 03 August 2011 - 10:27 AM

Hi,

No need to re-run ESET, we need a second opinion about what ESET did reported.

Please go to http://virscan.org/

Navigate the following file path into the "Suspicious files to scan" box on the top of the page:

C:\ProgramData\Alwil Software\Avast5\arpot\7eacb5-1584-0.dat
C:\ProgramData\Alwil Software\Avast5\arpot\7f1066-768-0.dat
C:\Windows\winsxs\x86_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.1.7600.16385_none_f30ee6e4b89e5dbf\ndiswan.sys
Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

~Semp

#12 Ketty Loffer

Member

Group: Members
Posts: 19
Joined: 04-July 11

Posted 04 August 2011 - 11:39 AM

The re-scan button is grayed out so I can't click it. This is the only one that would scan:

C:\ProgramData\Alwil Software\Avast5\arpot\7eacb5-1584-0.dat

VirSCAN.org Scanned Report :
Scanned time : 2011/08/04 09:28:49 (MDT)
Scanner results: 62% Scanner(s) (23/37) found malware!
File Name : 7eacb5-1584-0.dat
File Size : 118784 byte
File Type : PE32 executable for MS Windows (DLL) (native) Intel 80386 32
MD5 : 45d2b44f588db8e536240d8829e60d7c
SHA1 : c4d11b088ffbe7ec5eb0cfebd6757f9b0c8b1e6e
Online report : http://r.virscan.org/d616a0d29ad90d8ce4f4bcffd5d0c93a

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.3 20110804172630 2011-08-04 0.30 Trojan-Dropper.Win32.Sirefef!IK
AhnLab V3 ... .. -- 1.05 -
AntiVir 8.2.6.22 7.11.12.216 2011-08-04 0.66 TR/Rootkit.Gen
Antiy 2.0.18 20110804.11725727 2011-08-04 0.02 -
Arcavir 2011 201107140423 2011-07-14 0.15 Rootkit.Zaccess.C
Authentium 5.1.1 201108041422 2011-08-04 1.58 -
AVAST! 4.7.4 110804-0 2011-08-04 0.01 Win32:Sirefef-E [Rtk]
AVG 8.5.850 271.1.1/3809 2011-08-04 0.59 BackDoor.Generic13.COQK
BitDefender 7.90123.8708857 7.38509 2011-08-04 4.94 Gen:Variant.Sirefef.1
ClamAV 0.97.1 13399 2011-08-04 0.09 Trojan.Rootkit-2995
Comodo 5.1 9627 2011-08-04 1.85 TrojWare.Win32.Rootkit.ZAccess.A
CP Secure 1.3.0.5 2011.08.04 2011-08-04 0.10 -
Dr.Web 5.0.2.3300 2011.07.23 2011-07-23 14.77 -
F-Prot 4.6.2.117 20110803 2011-08-03 0.85 -
F-Secure 7.02.73807 2011.08.04.05 2011-08-04 0.20 Rootkit.Win32.ZAccess.c [AVP]
Fortinet 4.2.257 13.510 2011-08-03 0.24 -
GData 22.1530 20110804 2011-08-04 0.12 -
ViRobot 20110804 2011.08.04 2011-08-04 0.45 -
Ikarus T3.1.32.20.0 2011.08.04.79001 2011-08-04 5.11 Trojan-Dropper.Win32.Sirefef
JiangMin 13.0.900 2011.08.03 2011-08-03 1.65 Rootkit.ZAccess.ae
Kaspersky 5.5.10 2011.08.04 2011-08-04 0.10 Rootkit.Win32.ZAccess.c
KingSoft 2009.2.5.15 2011.8.4.18 2011-08-04 1.07 -
McAfee 5400.1158 6427 2011-08-03 9.70 Generic Rootkit.ev
Microsoft 1.7104 2011.08.04 2011-08-04 5.23 TrojanDropper:Win32/Sirefef.B
NOD32 3.0.21 6349 2011-08-04 0.02 Win32/Rootkit.Agent.NUT trojan
Norman 6.07.10 6.07.00 2011-08-03 24.08 -
Panda 9.05.01 2011.08.04 2011-08-04 2.73 Generic Trojan
Trend Micro 9.200-1012 8.332.01 2011-08-04 0.04 -
Quick Heal 11.00 2011.08.04 2011-08-04 1.00 RootKit.ZAccess.A
Rising 20.0 23.69.03.03 2011-08-04 2.35 -
Sophos 3.22.0 4.68 2011-08-04 3.74 Troj/ZAccess-D
Sunbelt 3.9.2497.2 10062 2011-08-04 0.69 Trojan.Win32.Generic!BT
Symantec 1.3.0.24 20110803.001 2011-08-03 0.09 Hacktool.Rootkit
nProtect 20110803.04 12178473 2011-08-03 2.74 Gen:Variant.Sirefef.1
The Hacker 6.7.0.1 v00269 2011-08-03 0.48 Trojan/ZAccess.c
VBA32 3.12.16.4 20110804.0825 2011-08-04 7.08 SScope.Rootkit.ZAccess.01340
VirusBuster 5.3.0.4 14.0.151.1/57778942011-08-04 0.02 -

#13 sempai

noypi

Group: Malware Response Team
Posts: 5,161
Joined: 30-June 06
Gender:Male
Location:3 stars and a sun

Posted 04 August 2011 - 12:17 PM

Do the following please.

1. We need to execute an OTM script

Please download OTM by OldTimer and save it to your desktop.
Double click the icon on your desktop.

Paste the following code under the Posted Image

area. Do not include the word "Code".

:Files
C:\ProgramData\Alwil Software\Avast5\arpot\7eacb5-1584-0.dat 
C:\ProgramData\Alwil Software\Avast5\arpot\7f1066-768-0.dat 
C:\ProgramData\Alwil Software\Avast5\arpot\809fd9-1700-0.dat 
C:\ProgramData\Alwil Software\Avast5\arpot\884d76-15ec-0.dat 
C:\ProgramData\Alwil Software\Avast5\arpot\8c18fe-f2c-0.dat 
C:\ProgramData\Alwil Software\Avast5\arpot\8caed7-16fc-0.dat 
C:\ProgramData\Alwil Software\Avast5\arpot\8d1373-b3c-0.dat 
C:\Users\All Users\Alwil Software\Avast5\arpot\7eacb5-1584-0.dat 
C:\Users\All Users\Alwil Software\Avast5\arpot\7f1066-768-0.dat 
C:\Users\All Users\Alwil Software\Avast5\arpot\809fd9-1700-0.dat 
C:\Users\All Users\Alwil Software\Avast5\arpot\884d76-15ec-0.dat 
C:\Users\All Users\Alwil Software\Avast5\arpot\8c18fe-f2c-0.dat 
C:\Users\All Users\Alwil Software\Avast5\arpot\8caed7-16fc-0.dat 
C:\Users\All Users\Alwil Software\Avast5\arpot\8d1373-b3c-0.dat 

:Commands
[Reboot]

Push the large button.
OTM may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the line here in your next reply.
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

2. Please download SystemLook from jpshortstuff and save it to your Desktop

Download Mirror #1
Download Mirror #2

Double-click the SystemLook and copy/paste the following into the box
```
:filefind
ndiswan.sys
```
Hit the Look button. Let it finish the scan
A log will then pop-up to your Desktop.. Post the content of the log here in your next reply

~Semp

#14 Ketty Loffer

Member

Group: Members
Posts: 19
Joined: 04-July 11

Posted 04 August 2011 - 11:37 PM

========== FILES ==========
File move failed. C:\ProgramData\Alwil Software\Avast5\arpot\7eacb5-1584-0.dat scheduled to be moved on reboot.
File move failed. C:\ProgramData\Alwil Software\Avast5\arpot\7f1066-768-0.dat scheduled to be moved on reboot.
File move failed. C:\ProgramData\Alwil Software\Avast5\arpot\809fd9-1700-0.dat scheduled to be moved on reboot.
File move failed. C:\ProgramData\Alwil Software\Avast5\arpot\884d76-15ec-0.dat scheduled to be moved on reboot.
File move failed. C:\ProgramData\Alwil Software\Avast5\arpot\8c18fe-f2c-0.dat scheduled to be moved on reboot.
File move failed. C:\ProgramData\Alwil Software\Avast5\arpot\8caed7-16fc-0.dat scheduled to be moved on reboot.
File move failed. C:\ProgramData\Alwil Software\Avast5\arpot\8d1373-b3c-0.dat scheduled to be moved on reboot.
File move failed. C:\Users\All Users\Alwil Software\Avast5\arpot\7eacb5-1584-0.dat scheduled to be moved on reboot.
File move failed. C:\Users\All Users\Alwil Software\Avast5\arpot\7f1066-768-0.dat scheduled to be moved on reboot.
File move failed. C:\Users\All Users\Alwil Software\Avast5\arpot\809fd9-1700-0.dat scheduled to be moved on reboot.
File move failed. C:\Users\All Users\Alwil Software\Avast5\arpot\884d76-15ec-0.dat scheduled to be moved on reboot.
File move failed. C:\Users\All Users\Alwil Software\Avast5\arpot\8c18fe-f2c-0.dat scheduled to be moved on reboot.
File move failed. C:\Users\All Users\Alwil Software\Avast5\arpot\8caed7-16fc-0.dat scheduled to be moved on reboot.
File move failed. C:\Users\All Users\Alwil Software\Avast5\arpot\8d1373-b3c-0.dat scheduled to be moved on reboot.
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.18.0 log created on 08042011_223356

#15 Ketty Loffer

Member

Group: Members
Posts: 19
Joined: 04-July 11

Posted 04 August 2011 - 11:49 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 22:36 on 04/08/2011 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "ndiswan.sys"
C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.1.7601.17514_none_f53ffaacb58ce159\ndiswan.sys --a---- 118784 bytes [15:25 19/07/2011] [10:07 20/11/2010] 38FBE267E7E6983311179230FACB1017
C:\Windows\winsxs\x86_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.1.7600.16385_none_f30ee6e4b89e5dbf\ndiswan.sys --a---- 118784 bytes [23:54 13/07/2009] [23:54 13/07/2009] 45D2B44F588DB8E536240D8829E60D7C

-= EOF =-