Solved secure port believed hijacked

[Resolved] secure port believed hijacked

Hello I believe I have been invaded by malware that prevents my https secure port from closing. I posted this problem here:
http://www.windowsbbs.com/networking/98949-wireless-modem-wont-connect-stream.html
I talked to a support person at US Cellular and he thinks there is malware preventing my secure connection. The router I use takes the cell aircard internet and redistributes it via wifi. Someone has planted something and I get redirected when trying to update any malware (malware bytes & immunizer) software.
The support guy said it may be a keylogger and explained it is like someone has their foot in a door preventing it from closing.
I installed the following at his suggestion. IObits advanced and IObits 360 also malware imunizer.

HJT log deleted by Moderator - not required.

 

Thanks Pete. I will do.
One question, is it okay to download the utilities to a flash drive on an uninfected machine then drag them to the desktop of the infected?

 

okay guys, I have some of the requested log files.
I have two laptops that seem to have the same problem of not able to connect to the java based streaming quotes.
The one that created the following logs and I am using to post is an older Toshiba Satellite laptop with XP SP2 running avast AV, connecting to the internet via a cellular aircard Pantek UM175 and a cradlepoint MBR900 wifi router. The aircard is plugged into the router and it transmits to two laptops via wifi.Until I reset up the router is reset-up with password protection I am using the aircard plugged into the usb of the laptop.
The other machine is a newer Toshiba duo core running Win7 64bit. This machine doesn't run the complete gmer scan, it only checks from services down and I can not put a check mark in "system through libraries" boxes.
I think we should fix one at a time.
This first one will not run DDS and looks like it is scanning but syops and I am unable to close it or do anything else, locks up except for the moving of the mouse. I need to hold the power button to reboot and exit.
Malwarebytes did not find any thing, log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6571

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/13/2011 9:16:35 PM
mbam-log-2011-05-13 (21-16-35).txt

Scan type: Quick scan
Objects scanned: 137062
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER Ran well and I know Avast was suspended when it ran:

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-13 22:10:41
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK4026GAX rev.PA100U
Running: h59xj5j9.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pwldyfog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF1AD0202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF1B36CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF1AF46C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF1AD281C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF1AD2874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF1AD298A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF1AF4075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF1AD2772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF1AD28C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF1AD27C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF1AD2938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF1AD0226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF1AF4D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF1AF503D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF1AD2C0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF1AF4BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF1AF4A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF1B36D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF1ACFFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF1AD024A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF1AD2D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF1AD0CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF1AD284C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF1AD289C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF1AD29B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF1AF43D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF1AD279E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF1AD2A46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF1AD2904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF1AD27F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF1AD2B2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF1AD2962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF1B36DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF1AF48D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF1AD0BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF1AF472A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF1B3FE48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF1AF36E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF1AD026E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF1AD0292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF1AD004A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF1AD0186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF1AF4E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF1AD0162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF1AD01AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF1AD02B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF1B4C902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2694 80501E8C 4 Bytes CALL BD41CDC7
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B490 4 Bytes CALL F1AD1335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B18C6 5 Bytes JMP F1B482BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B85B4 5 Bytes JMP F1B49D5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C6E90 7 Bytes JMP F1B4C906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF809ACE 5 Bytes JMP F1AD3CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF80FB49 5 Bytes JMP F1AD3BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 4EF BF825555 5 Bytes JMP F1AD2F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 1E5F BF8342D1 5 Bytes JMP F1AD3E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 4567 BF8369D9 5 Bytes JMP F1AD4040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + ED7E BF8411F0 5 Bytes JMP F1AD3B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + F667 BF841AD9 5 Bytes JMP F1AD2FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + D226 BF85B57E 5 Bytes JMP F1AD2E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3474 BF871090 5 Bytes JMP F1AD31AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 34FF BF87111B 5 Bytes JMP F1AD3352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 35C1 BF8758B0 5 Bytes JMP F1AD3C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF894BF1 5 Bytes JMP F1AD332A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 3AA1 BF8B678D 5 Bytes JMP F1AD3D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 34B7 BF8BA199 5 Bytes JMP F1AD2E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 8A22 BF8BF704 5 Bytes JMP F1AD3F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 3E8 BF8C3275 5 Bytes JMP F1AD306A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 5046 BF8EDCF3 5 Bytes JMP F1AD30DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 52C6 BF8EDF73 5 Bytes JMP F1AD3114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 74F7 BF8F01A4 5 Bytes JMP F1AD2DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19C1 BF912FBD 5 Bytes JMP F1AD2F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2595 BF913B91 5 Bytes JMP F1AD3034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EF4 BF9164F0 5 Bytes JMP F1AD346C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 191A BF9443B8 5 Bytes JMP F1AD3EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\LEXBCES.EXE[268] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\LEXBCES.EXE[268] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\LEXBCES.EXE[268] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\LEXBCES.EXE[268] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\LEXBCES.EXE[268] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\LEXBCES.EXE[268] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\LEXBCES.EXE[268] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\LEXBCES.EXE[268] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\LEXBCES.EXE[268] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\LEXBCES.EXE[268] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\LEXBCES.EXE[268] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\LEXBCES.EXE[268] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\LEXBCES.EXE[268] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\LEXBCES.EXE[268] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\LEXBCES.EXE[268] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\LEXBCES.EXE[268] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\LEXBCES.EXE[268] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\spoolsv.exe[296] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[296] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[296] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[296] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[296] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\spoolsv.exe[296] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\spoolsv.exe[296] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\spoolsv.exe[296] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\spoolsv.exe[296] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\spoolsv.exe[296] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\spoolsv.exe[296] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\spoolsv.exe[296] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\spoolsv.exe[296] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[296] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[296] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[296] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[296] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\LEXPPS.EXE[300] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\LEXPPS.EXE[300] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\LEXPPS.EXE[300] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\LEXPPS.EXE[300] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\LEXPPS.EXE[300] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00371014
.text C:\WINDOWS\system32\LEXPPS.EXE[300] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\LEXPPS.EXE[300] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\LEXPPS.EXE[300] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00370C0C
.text C:\WINDOWS\system32\LEXPPS.EXE[300] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00370E10
.text C:\WINDOWS\system32\LEXPPS.EXE[300] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\LEXPPS.EXE[300] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\LEXPPS.EXE[300] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\LEXPPS.EXE[300] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\LEXPPS.EXE[300] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\LEXPPS.EXE[300] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\LEXPPS.EXE[300] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\LEXPPS.EXE[300] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[452] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[452] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[452] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[452] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[452] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[452] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[452] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[452] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[452] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[452] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[452] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[452] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[452] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[452] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[452] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[452] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\drivers\CDAC11BA.EXE[452] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[504] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[504] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[504] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[504] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[504] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003A1014
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[504] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003A0804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[504] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003A0A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[504] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003A0C0C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[504] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003A0E10
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[504] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003A01F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[504] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003A03FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[504] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003A0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[504] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003B0A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[504] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003B0804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[504] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003B0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[504] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003B01F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[504] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003B03FC
.text C:\WINDOWS\System32\smss.exe[584] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\DVDRAMSV.exe[620] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\DVDRAMSV.exe[620] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\DVDRAMSV.exe[620] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\DVDRAMSV.exe[620] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\DVDRAMSV.exe[620] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\DVDRAMSV.exe[620] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\DVDRAMSV.exe[620] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\DVDRAMSV.exe[620] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\DVDRAMSV.exe[620] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\DVDRAMSV.exe[620] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\DVDRAMSV.exe[620] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\DVDRAMSV.exe[620] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\DVDRAMSV.exe[620] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\DVDRAMSV.exe[620] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\DVDRAMSV.exe[620] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\DVDRAMSV.exe[620] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\DVDRAMSV.exe[620] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[640] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[664] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[664] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\winlogon.exe[664] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\winlogon.exe[664] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\winlogon.exe[664] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\winlogon.exe[664] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\winlogon.exe[664] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\winlogon.exe[664] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\winlogon.exe[664] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC

 

continued:
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[684] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\services.exe[708] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[708] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[708] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\services.exe[708] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\services.exe[708] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[708] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[708] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[708] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[708] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[720] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[720] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[720] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\lsass.exe[720] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\lsass.exe[720] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[720] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[720] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[720] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[720] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[884] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[884] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[884] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[884] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[884] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\Ati2evxx.exe[884] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\Ati2evxx.exe[884] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\Ati2evxx.exe[884] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\Ati2evxx.exe[884] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\Ati2evxx.exe[884] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\Ati2evxx.exe[884] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[884] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[884] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[884] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\Ati2evxx.exe[884] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[884] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[884] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[900] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[900] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[900] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[900] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[900] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[976] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[976] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[976] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[976] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[976] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[1140] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[1140] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[1140] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[1140] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[1140] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[1140] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[1140] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[1140] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[1140] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[1140] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[1140] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[1140] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\ACS.exe[1216] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\ACS.exe[1216] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\ACS.exe[1216] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\ACS.exe[1216] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\ACS.exe[1216] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003B0A08
.text C:\WINDOWS\system32\ACS.exe[1216] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003B0804
.text C:\WINDOWS\system32\ACS.exe[1216] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003B0600
.text C:\WINDOWS\system32\ACS.exe[1216] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003B01F8
.text C:\WINDOWS\system32\ACS.exe[1216] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\ACS.exe[1216] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003C1014
.text C:\WINDOWS\system32\ACS.exe[1216] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003C0804
.text C:\WINDOWS\system32\ACS.exe[1216] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003C0A08
.text C:\WINDOWS\system32\ACS.exe[1216] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003C0C0C
.text C:\WINDOWS\system32\ACS.exe[1216] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003C0E10
.text C:\WINDOWS\system32\ACS.exe[1216] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003C01F8
.text C:\WINDOWS\system32\ACS.exe[1216] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003C03FC
.text C:\WINDOWS\system32\ACS.exe[1216] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003C0600
.text C:\WINDOWS\system32\Ati2evxx.exe[1340] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1340] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1340] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1340] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1340] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1340] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\Ati2evxx.exe[1340] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\Ati2evxx.exe[1340] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1340] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1340] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\Ati2evxx.exe[1340] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[1340] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1340] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1340] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1340] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1340] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1340] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
.text C:\Documents and Settings\Owner\Desktop\h59xj5j9.exe[1376] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Documents and Settings\Owner\Desktop\h59xj5j9.exe[1376] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\Explorer.EXE[1464] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1464] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1464] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1464] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1464] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002B1014
.text C:\WINDOWS\Explorer.EXE[1464] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002B0804
.text C:\WINDOWS\Explorer.EXE[1464] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002B0A08
.text C:\WINDOWS\Explorer.EXE[1464] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\Explorer.EXE[1464] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002B0E10
.text C:\WINDOWS\Explorer.EXE[1464] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002B01F8
.text C:\WINDOWS\Explorer.EXE[1464] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\Explorer.EXE[1464] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002B0600
.text C:\WINDOWS\Explorer.EXE[1464] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1464] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1464] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1464] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1464] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002C03FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1716] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1716] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1716] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2340] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2340] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2340] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2340] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2340] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\alg.exe[2340] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\alg.exe[2340] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\alg.exe[2340] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\alg.exe[2340] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\alg.exe[2340] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\alg.exe[2340] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[2340] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[2340] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\alg.exe[2340] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\alg.exe[2340] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[2340] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[2340] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2396] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2396] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2396] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2396] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2396] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003C0A08
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2396] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003C0804
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2396] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003C0600
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2396] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003C01F8
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2396] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003C03FC
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003D1014
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003D0E10
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2396] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2396] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2396] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003D0600
.text

 

And lastly:
C:\Program Files\Apoint2K\Apoint.exe[2420] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Apoint2K\Apoint.exe[2420] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Apoint2K\Apoint.exe[2420] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Apoint2K\Apoint.exe[2420] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Apoint2K\Apoint.exe[2420] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\Program Files\Apoint2K\Apoint.exe[2420] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\Program Files\Apoint2K\Apoint.exe[2420] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\Program Files\Apoint2K\Apoint.exe[2420] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\Program Files\Apoint2K\Apoint.exe[2420] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\Program Files\Apoint2K\Apoint.exe[2420] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
.text C:\Program Files\Apoint2K\Apoint.exe[2420] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
.text C:\Program Files\Apoint2K\Apoint.exe[2420] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
.text C:\Program Files\Apoint2K\Apoint.exe[2420] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
.text C:\Program Files\Apoint2K\Apoint.exe[2420] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
.text C:\Program Files\Apoint2K\Apoint.exe[2420] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
.text C:\Program Files\Apoint2K\Apoint.exe[2420] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
.text C:\Program Files\Apoint2K\Apoint.exe[2420] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2428] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001601F8
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2428] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001603FC
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2428] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2428] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2428] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2428] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2428] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2428] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2428] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00391014
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2428] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00390804
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2428] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390A08
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2428] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00390C0C
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2428] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390E10
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2428] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003901F8
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2428] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003903FC
.text C:\Program Files\Toshiba\Tvs\TvsTray.exe[2428] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00390600
.text C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe[2436] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe[2436] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe[2436] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe[2436] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe[2436] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe[2436] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe[2436] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe[2436] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe[2436] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[2732] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2732] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2732] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2732] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2732] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\Program Files\Apoint2K\Apntex.exe[2828] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\Apoint2K\Apntex.exe[2828] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\Apoint2K\Apntex.exe[2828] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\Apoint2K\Apntex.exe[2828] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Apoint2K\Apntex.exe[2828] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\Program Files\Apoint2K\Apntex.exe[2828] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\Program Files\Apoint2K\Apntex.exe[2828] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\Program Files\Apoint2K\Apntex.exe[2828] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\Program Files\Apoint2K\Apntex.exe[2828] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[2876] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[2876] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[2876] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[2876] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[2876] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
.text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[2876] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
.text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[2876] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
.text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[2876] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
.text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[2876] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
.text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[2876] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00391014
.text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[2876] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00390804
.text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[2876] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390A08
.text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[2876] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00390C0C
.text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[2876] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390E10
.text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[2876] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003901F8
.text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[2876] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003903FC
.text C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe[2876] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00390600
.text C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe[2884] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001601F8
.text C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe[2884] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe[2884] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001603FC
.text C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe[2884] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe[2884] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
.text C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe[2884] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
.text C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe[2884] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
.text C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe[2884] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
.text C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe[2884] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
.text C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe[2884] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00391014
.text C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe[2884] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00390804
.text C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe[2884] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390A08
.text C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe[2884] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00390C0C
.text C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe[2884] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390E10
.text C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe[2884] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003901F8
.text C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe[2884] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003903FC
.text C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe[2884] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00390600
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[2892] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001601F8
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[2892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[2892] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001603FC
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[2892] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[2892] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[2892] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[2892] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[2892] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[2892] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[2892] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00391014
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[2892] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00390804
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[2892] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390A08
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[2892] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00390C0C
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[2892] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390E10
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[2892] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003901F8
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[2892] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003903FC
.text C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[2892] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00390600
.text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[2900] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[2900] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[2900] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[2900] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[2900] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
.text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[2900] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
.text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[2900] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
.text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[2900] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
.text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[2900] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
.text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[2900] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00391014
.text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[2900] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00390804
.text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[2900] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00390A08
.text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[2900] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00390C0C
.text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[2900] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00390E10
.text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[2900] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003901F8
.text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[2900] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003903FC
.text C:\Program Files\TOSHIBA\TouchPad\TPTray.exe[2900] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\TPSMain.exe[3004] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001601F8
.text C:\WINDOWS\system32\TPSMain.exe[3004] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\TPSMain.exe[3004] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001603FC
.text C:\WINDOWS\system32\TPSMain.exe[3004] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\TPSMain.exe[3004] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003D0A08
.text C:\WINDOWS\system32\TPSMain.exe[3004] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003D0804
.text C:\WINDOWS\system32\TPSMain.exe[3004] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003D0600
.text C:\WINDOWS\system32\TPSMain.exe[3004] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\system32\TPSMain.exe[3004] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003D03FC
.text C:\WINDOWS\system32\TPSMain.exe[3004] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003E1014
.text C:\WINDOWS\system32\TPSMain.exe[3004] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\TPSMain.exe[3004] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\TPSMain.exe[3004] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\system32\TPSMain.exe[3004] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003E0E10
.text C:\WINDOWS\system32\TPSMain.exe[3004] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\TPSMain.exe[3004] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\TPSMain.exe[3004] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003E0600
.text C:\WINDOWS\AGRSMMSG.exe[3020] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\WINDOWS\AGRSMMSG.exe[3020] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\AGRSMMSG.exe[3020] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\WINDOWS\AGRSMMSG.exe[3020] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\AGRSMMSG.exe[3020] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\WINDOWS\AGRSMMSG.exe[3020] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\WINDOWS\AGRSMMSG.exe[3020] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\WINDOWS\AGRSMMSG.exe[3020] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\WINDOWS\AGRSMMSG.exe[3020] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\WINDOWS\AGRSMMSG.exe[3020] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
.text C:\WINDOWS\AGRSMMSG.exe[3020] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
.text C:\WINDOWS\AGRSMMSG.exe[3020] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
.text C:\WINDOWS\AGRSMMSG.exe[3020] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
.text C:\WINDOWS\AGRSMMSG.exe[3020] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
.text C:\WINDOWS\AGRSMMSG.exe[3020] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
.text C:\WINDOWS\AGRSMMSG.exe[3020] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
.text C:\WINDOWS\AGRSMMSG.exe[3020] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\ZoomingHook.exe[3028] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\ZoomingHook.exe[3028] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\ZoomingHook.exe[3028] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\ZoomingHook.exe[3028] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\ZoomingHook.exe[3028] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\ZoomingHook.exe[3028] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\ZoomingHook.exe[3028] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\ZoomingHook.exe[3028] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\ZoomingHook.exe[3028] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3064] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3064] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3092] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[3092] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3092] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[3092] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3092] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\ctfmon.exe[3092] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\ctfmon.exe[3092] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\ctfmon.exe[3092] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\ctfmon.exe[3092] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\ctfmon.exe[3092] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\ctfmon.exe[3092] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\ctfmon.exe[3092] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\ctfmon.exe[3092] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[3092] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[3092] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[3092] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[3092] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\RAMASST.exe[3160] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\RAMASST.exe[3160] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\RAMASST.exe[3160] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\RAMASST.exe[3160] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\RAMASST.exe[3160] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\RAMASST.exe[3160] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\RAMASST.exe[3160] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\RAMASST.exe[3160] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\RAMASST.exe[3160] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\RAMASST.exe[3160] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\RAMASST.exe[3160] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\RAMASST.exe[3160] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\RAMASST.exe[3160] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\RAMASST.exe[3160] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\RAMASST.exe[3160] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\RAMASST.exe[3160] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\RAMASST.exe[3160] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\TPSBattM.exe[3212] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\TPSBattM.exe[3212] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916ADA 1 Byte [62]
.text C:\WINDOWS\system32\TPSBattM.exe[3212] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\TPSBattM.exe[3212] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\TPSBattM.exe[3212] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003A0A08
.text C:\WINDOWS\system32\TPSBattM.exe[3212] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003A0804
.text C:\WINDOWS\system32\TPSBattM.exe[3212] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\TPSBattM.exe[3212] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\TPSBattM.exe[3212] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\TPSBattM.exe[3212] ADVAPI32.dll!SetServiceObjectSecurity 77E36EC9 5 Bytes JMP 003B1014
.text C:\WINDOWS\system32\TPSBattM.exe[3212] ADVAPI32.dll!ChangeServiceConfigA 77E36FB1 5 Bytes JMP 003B0804
.text C:\WINDOWS\system32\TPSBattM.exe[3212] ADVAPI32.dll!ChangeServiceConfigW 77E37149 5 Bytes JMP 003B0A08
.text C:\WINDOWS\system32\TPSBattM.exe[3212] ADVAPI32.dll!ChangeServiceConfig2A 77E37249 5 Bytes JMP 003B0C0C
.text C:\WINDOWS\system32\TPSBattM.exe[3212] ADVAPI32.dll!ChangeServiceConfig2W 77E372D1 5 Bytes JMP 003B0E10
.text C:\WINDOWS\system32\TPSBattM.exe[3212] ADVAPI32.dll!CreateServiceA 77E37359 5 Bytes JMP 003B01F8
.text C:\WINDOWS\system32\TPSBattM.exe[3212] ADVAPI32.dll!CreateServiceW 77E374F1 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\TPSBattM.exe[3212] ADVAPI32.dll!DeleteService 77E375F9 5 Bytes JMP 003B0600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005D0002
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005D0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

Here is the MBRCheck log:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 150):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CF000 \WINDOWS\system32\hal.dll
0xF7B1C000 \WINDOWS\system32\KDCOM.DLL
0xF7A2C000 \WINDOWS\system32\BOOTVID.dll
0xF74ED000 ACPI.sys
0xF7B1E000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74DC000 pci.sys
0xF761C000 isapnp.sys
0xF7A30000 compbatt.sys
0xF7A34000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BE4000 pciide.sys
0xF789C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74BE000 pcmcia.sys
0xF762C000 MountMgr.sys
0xF749F000 ftdisk.sys
0xF7A38000 ACPIEC.sys
0xF7BE5000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF78A4000 PartMgr.sys
0xF763C000 VolSnap.sys
0xF7487000 atapi.sys
0xF764C000 disk.sys
0xF765C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7467000 fltMgr.sys
0xF7455000 sr.sys
0xF7440000 drvmcdb.sys
0xF78AC000 PxHelp20.sys
0xF7429000 KSecDD.sys
0xF7416000 WudfPf.sys
0xF7389000 Ntfs.sys
0xF735C000 NDIS.sys
0xF7341000 Mup.sys
0xF7A3C000 atisgkaf.sys
0xF787C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7173000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF715F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF793C000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF713C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7944000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF788C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF794C000 \SystemRoot\system32\drivers\pfc.sys
0xF7B42000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF767C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF768C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7119000 \SystemRoot\system32\DRIVERS\ks.sys
0xF769C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7954000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7100000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF795C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7301000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6FBA000 \SystemRoot\system32\DRIVERS\athw.sys
0xF6FA8000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
0xF6D72000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6D4E000 \SystemRoot\system32\drivers\portcls.sys
0xF76AC000 \SystemRoot\system32\drivers\drmk.sys
0xF796C000 \SystemRoot\system32\DRIVERS\Tvs.sys
0xF76BC000 \SystemRoot\system32\DRIVERS\wowxt_kern_i386.sys
0xF7974000 \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys
0xF6C49000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF797C000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7C49000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76CC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF72F5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6C0A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76DC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76EC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7984000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6BF9000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76FC000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF798C000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7994000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF770C000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B44000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6BA0000 \SystemRoot\system32\DRIVERS\update.sys
0xF72E5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF772C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF777C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B46000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B4C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D2D000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B4E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79B4000 \SystemRoot\system32\drivers\ssrtln.sys
0xF79BC000 \SystemRoot\System32\drivers\vga.sys
0xF7B50000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B52000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF1D42000 \SystemRoot\System32\Drivers\meiudf.sys
0xF1D31000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF79C4000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79CC000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF72B0000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF1D1E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF1CC6000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF779C000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF1C9E000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF79D4000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF1C7C000 \SystemRoot\System32\drivers\afd.sys
0xF77AC000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF72A4000 \SystemRoot\System32\Drivers\TPwSav.sys
0xF7B54000 \SystemRoot\System32\Drivers\SSIoMngr.sys
0xF7B56000 \SystemRoot\System32\Drivers\EKIoMngr.sys
0xF1C5A000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF79DC000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF1C2F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF1BC0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77BC000 \SystemRoot\System32\Drivers\Fips.SYS
0xF1B9F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF77CC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF1B2D000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF1ABD000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xF79F4000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF1A7D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B6A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6B4A000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79FC000 \SystemRoot\System32\watchdog.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xF7C37000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D6000 \SystemRoot\System32\ati2dvag.dll
0xBFA12000 \SystemRoot\System32\ati2cqag.dll
0xBFA44000 \SystemRoot\System32\atikvmag.dll
0xBFA76000 \SystemRoot\System32\ati3duag.dll
0xBFCAA000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEF9D1000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF6AD2000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7BBA000 \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys
0xF7CE4000 \SystemRoot\system32\dla\tfsndres.sys
0xEF927000 \SystemRoot\system32\dla\tfsnifs.sys
0xEF9C9000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7BBC000 \SystemRoot\system32\dla\tfsnpool.sys
0xF7A0C000 \SystemRoot\system32\dla\tfsnboio.sys
0xF6AB2000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7CE5000 \SystemRoot\system32\dla\tfsndrct.sys
0xEF90E000 \SystemRoot\system32\dla\tfsnudf.sys
0xEF8F5000 \SystemRoot\system32\dla\tfsnudfa.sys
0xEF845000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
0xEF839000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEF835000 \SystemRoot\system32\DRIVERS\netdevio.sys
0xEF5BE000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xEF301000 \SystemRoot\system32\drivers\wdmaud.sys
0xEF4DE000 \SystemRoot\system32\drivers\sysaudio.sys
0xEF41E000 \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS
0xF7B94000 \SystemRoot\System32\Drivers\MCSTRM.SYS
0xEF3AE000 \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys
0xEF0A9000 \SystemRoot\system32\DRIVERS\srv.sys
0xEEE49000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEECD0000 \SystemRoot\System32\Drivers\HTTP.sys
0xEF7FD000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xEEA34000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\pwldyfog.sys
0xEEA09000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 45):
0 System Idle Process
4 System
584 C:\WINDOWS\system32\smss.exe
640 csrss.exe
664 C:\WINDOWS\system32\winlogon.exe
708 C:\WINDOWS\system32\services.exe
720 C:\WINDOWS\system32\lsass.exe
884 C:\WINDOWS\system32\ati2evxx.exe
900 C:\WINDOWS\system32\svchost.exe
976 svchost.exe
1016 C:\WINDOWS\system32\svchost.exe
1056 C:\WINDOWS\system32\svchost.exe
1216 C:\WINDOWS\system32\acs.exe
1340 C:\WINDOWS\system32\ati2evxx.exe
1420 svchost.exe
1464 C:\WINDOWS\explorer.exe
1716 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
268 C:\WINDOWS\system32\LEXBCES.EXE
296 C:\WINDOWS\system32\spoolsv.exe
300 C:\WINDOWS\system32\LEXPPS.EXE
452 C:\WINDOWS\system32\drivers\CDAC11BA.EXE
504 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
620 C:\WINDOWS\system32\DVDRAMSV.exe
684 C:\Program Files\Java\jre6\bin\jqs.exe
1124 C:\WINDOWS\system32\svchost.exe
1140 C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
2340 alg.exe
2396 C:\WINDOWS\system32\dla\tfswctrl.exe
2420 C:\Program Files\Apoint2K\Apoint.exe
2428 C:\Program Files\Toshiba\Tvs\TvsTray.exe
2436 C:\Program Files\Toshiba\Accessibility\FnKeyHook.exe
2732 svchost.exe
2828 C:\Program Files\Apoint2K\ApntEx.exe
2876 C:\Program Files\Toshiba\E-KEY\CeEKey.exe
2884 C:\Program Files\Toshiba\Touch and Launch\PadExe.exe
2892 C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
2900 C:\Program Files\Toshiba\TouchPad\TPTray.exe
3004 C:\WINDOWS\system32\TPSMain.exe
3020 C:\WINDOWS\agrsmmsg.exe
3028 C:\WINDOWS\system32\ZoomingHook.exe
3064 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
3092 C:\WINDOWS\system32\ctfmon.exe
3160 C:\WINDOWS\system32\RAMASST.exe
3212 C:\WINDOWS\system32\TPSBattM.exe
2192 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK4026GAX, Rev: PA100U

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E
Done!

As I said DDS would not run, how do I check if I have a script blocker?

Thanks in advance for helping me with this and I promise to better secure my router internet setup.
johnsdp (Dan)

 

broni, I was hoping you would take this on. You helped me fix a machine a couple years ago. Yes we are fixing the older Toshiba XP SP2 machine first.
This infection is pretty smart. Sometimes when I go to a page or post a reply (this is my second attempt on this one) it says "done "yet the page is blank. Then when I hit back all my typing is gone.
The TDSSKiller said it did not find an infection.
Did the logs I was able to post from the other scans indicate an infection?
Also I am using this machine to download and post here, I assume that it is okay to use it while we fix it. If not and I will quarantine it and use a flash drive with a known uninfected PC.
Thanks again broni,
Dan

Log:
2011/05/14 17:05:04.0924 3284 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/14 17:05:04.0954 3284 ================================================================================
2011/05/14 17:05:04.0954 3284 SystemInfo:
2011/05/14 17:05:04.0954 3284
2011/05/14 17:05:04.0954 3284 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/14 17:05:04.0954 3284 Product type: Workstation
2011/05/14 17:05:04.0954 3284 ComputerName: TOSHIBA-USER
2011/05/14 17:05:04.0954 3284 UserName: Owner
2011/05/14 17:05:04.0954 3284 Windows directory: C:\WINDOWS
2011/05/14 17:05:04.0954 3284 System windows directory: C:\WINDOWS
2011/05/14 17:05:04.0954 3284 Processor architecture: Intel x86
2011/05/14 17:05:04.0954 3284 Number of processors: 1
2011/05/14 17:05:04.0954 3284 Page size: 0x1000
2011/05/14 17:05:04.0954 3284 Boot type: Normal boot
2011/05/14 17:05:04.0954 3284 ================================================================================
2011/05/14 17:05:05.0234 3284 Initialize success
2011/05/14 17:05:08.0409 2992 ================================================================================
2011/05/14 17:05:08.0409 2992 Scan started
2011/05/14 17:05:08.0409 2992 Mode: Manual;
2011/05/14 17:05:08.0409 2992 ================================================================================
2011/05/14 17:05:09.0570 2992 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/05/14 17:05:09.0891 2992 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/14 17:05:09.0931 2992 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/05/14 17:05:10.0071 2992 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/05/14 17:05:10.0161 2992 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/14 17:05:10.0311 2992 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/05/14 17:05:10.0642 2992 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/05/14 17:05:10.0972 2992 ApfiltrService (87ec3fdcaf6c5052e2e72b861dedd3d3) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/05/14 17:05:11.0082 2992 AR5211 (275521a350a6f770fea954d5b8b2d35b) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/05/14 17:05:11.0243 2992 AR5416 (43cb9e73a60d27ad069046b88cc4efeb) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/05/14 17:05:11.0493 2992 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/05/14 17:05:11.0573 2992 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/05/14 17:05:11.0623 2992 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/05/14 17:05:11.0713 2992 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/05/14 17:05:11.0783 2992 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/05/14 17:05:11.0843 2992 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/05/14 17:05:11.0924 2992 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/14 17:05:12.0114 2992 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/14 17:05:12.0274 2992 ati2mtag (c8dc21751c5684a14ec075fdd2473719) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/14 17:05:12.0374 2992 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/14 17:05:12.0444 2992 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/14 17:05:12.0524 2992 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/14 17:05:12.0595 2992 caboagp (906fcf0d1dc5b573015bbd21ef54bd88) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys
2011/05/14 17:05:12.0675 2992 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/14 17:05:12.0775 2992 CdaC15BA (82c4c6a2343b592c4fd590f625a724a9) C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2011/05/14 17:05:12.0835 2992 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/14 17:05:12.0875 2992 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/14 17:05:12.0945 2992 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/14 17:05:13.0095 2992 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/14 17:05:13.0165 2992 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/14 17:05:13.0366 2992 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/14 17:05:13.0476 2992 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/14 17:05:13.0676 2992 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/14 17:05:13.0746 2992 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/14 17:05:13.0826 2992 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/14 17:05:13.0906 2992 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/14 17:05:13.0967 2992 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/05/14 17:05:14.0047 2992 drvnddm (2ff629c1c443e25d0149b9dfb77e43a8) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/05/14 17:05:14.0167 2992 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/14 17:05:14.0267 2992 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/14 17:05:14.0347 2992 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/14 17:05:14.0387 2992 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/14 17:05:14.0487 2992 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/14 17:05:14.0527 2992 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/14 17:05:14.0567 2992 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/14 17:05:14.0617 2992 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/14 17:05:14.0708 2992 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/14 17:05:14.0828 2992 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/14 17:05:15.0008 2992 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/14 17:05:15.0098 2992 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/14 17:05:15.0399 2992 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/14 17:05:15.0449 2992 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/14 17:05:15.0499 2992 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/14 17:05:15.0539 2992 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/14 17:05:15.0599 2992 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/14 17:05:15.0669 2992 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/14 17:05:15.0749 2992 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/14 17:05:15.0829 2992 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/14 17:05:15.0899 2992 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/14 17:05:15.0969 2992 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/14 17:05:16.0030 2992 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/14 17:05:16.0190 2992 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2011/05/14 17:05:16.0270 2992 MDC8021X (8fee53c104223973ed9919936d9cd156) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2011/05/14 17:05:16.0330 2992 meiudf (63351a2b051dfc4e7bb41319c8c1ace4) C:\WINDOWS\system32\Drivers\meiudf.sys
2011/05/14 17:05:16.0380 2992 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/14 17:05:16.0450 2992 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/14 17:05:16.0520 2992 motccgp (e5e1c5fe66694909509b8ce7043194e2) C:\WINDOWS\system32\DRIVERS\motccgp.sys
2011/05/14 17:05:16.0580 2992 motccgpfl (aad6191a4daa519f04ab12b2af73e356) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
2011/05/14 17:05:16.0751 2992 motmodem (5023875a94b0766d98a62a72bc4cb055) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/05/14 17:05:16.0801 2992 motport (5023875a94b0766d98a62a72bc4cb055) C:\WINDOWS\system32\DRIVERS\motport.sys
2011/05/14 17:05:16.0871 2992 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/14 17:05:16.0931 2992 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/14 17:05:16.0991 2992 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/14 17:05:17.0101 2992 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/14 17:05:17.0201 2992 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/14 17:05:17.0301 2992 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/14 17:05:17.0371 2992 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/14 17:05:17.0422 2992 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/14 17:05:17.0452 2992 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/14 17:05:17.0522 2992 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/14 17:05:17.0562 2992 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/14 17:05:17.0622 2992 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/14 17:05:17.0702 2992 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/14 17:05:17.0762 2992 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/14 17:05:17.0802 2992 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/14 17:05:17.0832 2992 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/14 17:05:17.0872 2992 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/14 17:05:17.0932 2992 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/14 17:05:17.0992 2992 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/05/14 17:05:18.0062 2992 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/14 17:05:18.0213 2992 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/14 17:05:18.0443 2992 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/14 17:05:18.0493 2992 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/14 17:05:18.0533 2992 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/14 17:05:18.0613 2992 PalmUSBD (945da25e897eeb2c64861c3cada00d3a) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/05/14 17:05:18.0683 2992 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/14 17:05:18.0723 2992 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/14 17:05:18.0783 2992 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/14 17:05:18.0824 2992 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/14 17:05:18.0904 2992 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/14 17:05:18.0974 2992 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/05/14 17:05:19.0044 2992 PCTINDIS5 (d6da0b85889d8236e2a3e80826ad104b) C:\WINDOWS\system32\PCTINDIS5.SYS
2011/05/14 17:05:19.0374 2992 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
2011/05/14 17:05:19.0424 2992 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/14 17:05:19.0505 2992 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/14 17:05:19.0575 2992 PTDUBus (ecd01774cdf331304f3ccb6f3a58ece0) C:\WINDOWS\system32\DRIVERS\PTDUBus.sys
2011/05/14 17:05:19.0645 2992 PTDUMdm (0a78b7b548549139de7ae500f6003a21) C:\WINDOWS\system32\DRIVERS\PTDUMdm.sys
2011/05/14 17:05:19.0685 2992 PTDUVsp (b12c6736d3f10004fcf748984431ee7f) C:\WINDOWS\system32\DRIVERS\PTDUVsp.sys
2011/05/14 17:05:19.0735 2992 PTDUWWAN (166e6e959b8daccab77f662908958885) C:\WINDOWS\system32\DRIVERS\PTDUWWAN.sys
2011/05/14 17:05:19.0785 2992 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/14 17:05:19.0835 2992 PxHelp20 (f3a3b00666a40c6914b7b2864f7dc1c0) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/14 17:05:20.0196 2992 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/14 17:05:20.0256 2992 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/14 17:05:20.0306 2992 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/14 17:05:20.0366 2992 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/14 17:05:20.0446 2992 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/14 17:05:20.0496 2992 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/14 17:05:20.0586 2992 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/14 17:05:20.0646 2992 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/14 17:05:20.0796 2992 RTL8023xp (1e7978c5e355407efdfc7b7328ef13e7) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2011/05/14 17:05:20.0866 2992 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/05/14 17:05:21.0117 2992 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/14 17:05:21.0137 2992 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/14 17:05:21.0227 2992 SbcpHid (54bc894d4af6468f0c54f867f816a2e8) C:\WINDOWS\system32\Drivers\SbcpHid.sys
2011/05/14 17:05:21.0317 2992 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/14 17:05:21.0547 2992 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/14 17:05:21.0628 2992 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/14 17:05:21.0808 2992 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/14 17:05:21.0898 2992 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/14 17:05:22.0008 2992 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/14 17:05:22.0078 2992 SrvcEKIOMngr (3b01a9316255cdd17f9c8e79aa573406) C:\WINDOWS\system32\Drivers\EKIoMngr.sys
2011/05/14 17:05:22.0118 2992 SrvcSSIOMngr (79b7af340d55861df1d69e7bac975fcc) C:\WINDOWS\system32\Drivers\SSIoMngr.sys
2011/05/14 17:05:22.0168 2992 sscdbhk5 (1cbd1b58a32de97899f5290b05f856db) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/05/14 17:05:22.0218 2992 ssrtln (7fb07ac152d7a87e66204860002bd9a4) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/05/14 17:05:22.0339 2992 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/14 17:05:22.0429 2992 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/14 17:05:22.0639 2992 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/14 17:05:22.0719 2992 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\system32\drivers\TBiosDrv.sys
2011/05/14 17:05:22.0829 2992 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/14 17:05:22.0909 2992 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/14 17:05:23.0080 2992 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/14 17:05:23.0150 2992 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/14 17:05:23.0200 2992 tfsnboio (2da3ca4022abb0802de7eeda574e78d6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/05/14 17:05:23.0240 2992 tfsncofs (c8d6928759b77701c21dc90ad61197f2) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/05/14 17:05:23.0280 2992 tfsndrct (bacdef5510fa643683cddca418e49446) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/05/14 17:05:23.0310 2992 tfsndres (3fc9f390fac563c3d3910d540adbd408) C:\WINDOWS\system32\dla\tfsndres.sys
2011/05/14 17:05:23.0350 2992 tfsnifs (6aef3ec0b64689536891a9b96e9d7b82) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/05/14 17:05:23.0390 2992 tfsnopio (7239873a72dd456f6e74e6987cdb9687) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/05/14 17:05:23.0430 2992 tfsnpool (b78631e3593ddd76a4a8ba7cb8e32302) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/05/14 17:05:23.0500 2992 tfsnudf (9e8b4abb93e5784fc4e5d3202566cc7a) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/05/14 17:05:23.0540 2992 tfsnudfa (056fa0a11ba4cd688e1e40e48ffee921) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/05/14 17:05:23.0640 2992 TPwSav (79ab8822b67c72bfd20e4f8bfd44ead2) C:\WINDOWS\system32\Drivers\TPwSav.sys
2011/05/14 17:05:23.0741 2992 Tvs (7bc87d123f504d161693f672cfe99ec4) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2011/05/14 17:05:23.0801 2992 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/14 17:05:23.0931 2992 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/14 17:05:24.0021 2992 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/14 17:05:24.0081 2992 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/14 17:05:24.0121 2992 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/14 17:05:24.0181 2992 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/14 17:05:24.0251 2992 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/14 17:05:24.0321 2992 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/14 17:05:24.0392 2992 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/14 17:05:24.0442 2992 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/14 17:05:24.0552 2992 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/14 17:05:24.0792 2992 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/14 17:05:24.0932 2992 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/14 17:05:25.0073 2992 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/14 17:05:25.0223 2992 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/05/14 17:05:25.0303 2992 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/14 17:05:25.0363 2992 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/14 17:05:25.0573 2992 ================================================================================
2011/05/14 17:05:25.0573 2992 Scan finished
2011/05/14 17:05:25.0573 2992 ================================================================================

 

I use firefox in fact I believe this all started when I updated to FF version 4.0.
It started acting weird right after the update so I removed it and reinstalled 3.XX. I have tried the streaming quotes at Scottrade using IE also with the same results.
Here is Unhook report:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0xF6D72000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2318336 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0xBFA76000 C:\WINDOWS\System32\ati3duag.dll 2310144 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2062976 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2062976 bytes
0x804D7000 RAW 2062976 bytes
0x804D7000 WMIxWDM 2062976 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6FBA000 C:\WINDOWS\system32\DRIVERS\athw.sys 1335296 bytes (Atheros Communications, Inc., Driver for Atheros AR5008 Wireless Network Adapter)
0xF7173000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1200128 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF6C49000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1069056 bytes (Agere Systems, SoftModem Device Driver)
0xBFCAA000 C:\WINDOWS\System32\ativvaxx.dll 606208 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF7389000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF27E9000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0xF28CB000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6BA0000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xF29F2000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEFB7D000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xF2881000 C:\WINDOWS\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xEF894000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF9D6000 C:\WINDOWS\System32\ati2dvag.dll 245760 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBFA12000 C:\WINDOWS\System32\ati2cqag.dll 204800 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBFA44000 C:\WINDOWS\System32\atikvmag.dll 204800 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xF74ED000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF735C000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEF5E9000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF293A000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF29A9000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF6D4E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7119000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF713C000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF2987000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF2965000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xF29D1000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0xF7467000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF749F000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF74BE000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF7341000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7100000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 102400 bytes (Alps Electric Co., Ltd., Alps Pointing-device Driver)
0xF2A96000 C:\WINDOWS\System32\Drivers\meiudf.sys 102400 bytes (Matsushita Electric Industrial Co.,Ltd., DVD-RAM UDF File System Driver)
0xF063A000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF0621000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7487000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF27A9000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF0402000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF7429000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6C32000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF0653000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7440000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xEFDD5000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF715F000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806CF000 ACPI_HAL 81152 bytes
0x806CF000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF2A4A000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7416000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF9C4000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF6FA8000 C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys 73728 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xF7455000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF74DC000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6BF9000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF2A85000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xF04A1000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF76CC000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76AC000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF0142000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF779C000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF769C000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF765C000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76BC000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF76EC000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF763C000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF770C000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF768C000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF762C000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76FC000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF77CC000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF777C000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF774C000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xEFDC5000 C:\WINDOWS\system32\Drivers\SbcpHid.sys 40960 bytes (-, -)
0xF772C000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF764C000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF77FC000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF767C000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF761C000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF771C000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF77EC000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEF85C000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF77BC000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xF77DC000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF76DC000 C:\WINDOWS\system32\DRIVERS\wowxt_kern_i386.sys 36864 bytes (-, SRS Labs WOW XT kernel DLL)
0xF794C000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF79F4000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7934000 C:\WINDOWS\system32\DRIVERS\tsxt_kern_i386.sys 32768 bytes (-, SRS Labs TruSurround XT kernel DLL)
0xF792C000 C:\WINDOWS\system32\DRIVERS\Tvs.sys 32768 bytes (TOSHIBA Corporation, TOSHIBA Audio Filter Driver)
0xF789C000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF793C000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF78D4000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF78F4000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF78FC000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7904000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF78E4000 C:\WINDOWS\system32\drivers\pfc.sys 24576 bytes (Padus, Inc., Padus(R) ASPI Shell)
0xF7A1C000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF79CC000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF79D4000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7A14000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF79E4000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78A4000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF797C000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78AC000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF798C000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF796C000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF78CC000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF7924000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xEFBFF000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF7A3C000 atisgkaf.sys 16384 bytes (ATI Technologies Inc., ATI AGP GART Driver)
0xF7A34000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7319000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF06BD000 C:\WINDOWS\system32\DRIVERS\mdc8021x.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF72F1000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF0575000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF6C26000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7A38000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF0701000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7A2C000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEFF26000 C:\WINDOWS\system32\drivers\CDAC15BA.SYS 12288 bytes
0xF7A30000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF2A5D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7305000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF0569000 C:\WINDOWS\system32\DRIVERS\netdevio.sys 12288 bytes (TOSHIBA Corporation., Network Device Usermode I/O protocol)
0xF72B0000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7298000 C:\WINDOWS\System32\Drivers\TPwSav.sys 12288 bytes (TOSHIBA , IO Driver For TOSHIBA Power Saver)
0xF7B38000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B5E000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B4A000 C:\WINDOWS\System32\Drivers\EKIoMngr.sys 8192 bytes (COMPAL ELECTRONIC INC., IoManager Application)
0xF7B34000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B1C000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B78000 C:\WINDOWS\System32\Drivers\MCSTRM.SYS 8192 bytes (RealNetworks, Inc., RealNetworks Virtual Path Manager®)
0xF7B3C000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B40000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B22000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF7B46000 C:\WINDOWS\System32\Drivers\SSIoMngr.sys 8192 bytes (COMPAL ELECTRONIC INC., IoManager Application)
0xF7B2A000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B42000 C:\WINDOWS\system32\drivers\TBiosDrv.sys 8192 bytes
0xF7B48000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7B30000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B1E000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7CBD000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7CF3000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7CF1000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BE5000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7BE4000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7CE4000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7CDC000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
==============================================
>Stealth
==============================================


Nothing detected

 

broni, sorry you kind of started in the middle. My original post has a link to another post from that started this.
Basically about 10 days ago I was no longer able to connect to a java based streaming quote utility from within my Scottrade account.
http://www.scottrade.com/online-trading/trading-platform-scottrader.html
When you are an account holder you click on a link and it downloads and opens (java 6 splash screen) a frame that shows ticker symbols you pick along with real time trade prices and quantities. If you go to the above link you will see the main screen in the middle has a "connection status" indicator on the bottom right that is red or green. When I load it up it shows a snapshot of my tickers and the current data at the time it loads. It does not stream or refresh and the status shows not connected.
They recently (6 months ago) changed the way they send the data, here is an old tech sheet that talks about the HTTP vs HTTPS and port 443....

"There are two ways Scottrader can connect to our servers, a "socket connection" and a "HTTP Connection ". A socket connection is a secured connection using port 443 to exchange market and account data. It most cases, this is a fast and stable connection. We would recommend using this type of connection for best results. The HTTP connection is also secured, but uses a browser-like connection to our servers. It is capable of transporting data, but is not the fastest way to do so. HTTP is often used when port 443 is blocked.
http://research.scottrade.com/publi...le.asp?docId=0582661b94d14d0c87809d404b53e149

I was told that someone has prevented my port 443 from closing when connected to the secure port and the streaming quote (java) utility will not update until it senses a secure connection.

The strange part is that when I take my laptop (either one) to work and plug into a LAN connection it works fine. At home I am using a USB cellular air card to connect to the internet which has run the streaming quotes for two years up until last week.
Some where I was told to try www.microsoft.com:443 to test the port but nothing happens using the aircard OR the LAN connection at work.
A tech support at US Cellular (my provider) said it is like someone has a foot in the door of the secure port and may have installed a keylogger.
The worst part is that Scottrade says it's US Cell and US Cell says it's Scottrade or a virus.
Are you seeing anything?
Thanks,
Dan

 

Oh yeah, I forgot, I have a friend with the exact same setup with Scottrade and the identical aircard (and provider) and he connects and streams fine.

 

Combo Fix refuses to run.
I tried all three rkills in normal and safe mode but it gets to the "this usually takes less than 10 minutes to run" part then it just freezes and I have let it sit for 15 minutes yet no action and I need to hold the power button down to reboot.
I did save an rkill log after trying it a second time just to save one:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 05/14/2011 at 23:31:07.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 05/14/2011 at 23:31:13.

This is a little disconcerting since there must be something stopping it.

 

delete

 

This one runs fine,
OTL logfile created on: 5/15/2011 9:07:10 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 216.00 Mb Available Physical Memory | 48.00% Memory free
718.00 Mb Paging File | 498.00 Mb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 14.56 Gb Free Space | 39.07% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/15 21:02:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/05/10 07:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/31 19:18:41 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2005/04/28 22:08:34 | 000,675,840 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\E-KEY\CeEKey.exe
PRC - [2005/04/15 18:51:48 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/04/05 18:25:34 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2005/03/28 15:19:34 | 000,024,576 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Accessibility\FnKeyHook.exe
PRC - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/12/28 18:02:46 | 000,270,336 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2004/12/28 18:02:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2004/12/22 18:50:04 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/11/29 23:06:26 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\TouchPad\TPTray.exe
PRC - [2004/09/07 16:03:20 | 001,077,301 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Touch and Launch\PadExe.exe
PRC - [2004/08/27 17:37:18 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/27 17:33:32 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/05/13 15:46:02 | 000,053,248 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2004/05/01 15:49:38 | 000,024,576 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\ZoomingHook.exe


========== Modules (SafeList) ==========

MOD - [2011/05/15 21:02:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2001/07/14 16:15:37 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\SunnComm Shared\msscript.OCX


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/03/14 14:03:22 | 000,111,896 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\US Cellular\QuickLink Mobile\RcAppSvc.exe -- (SMSIRcAppSvc)
SRV - [2005/12/31 19:18:41 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/12/22 18:50:04 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/08/27 17:33:32 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2004/05/13 15:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 07:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 07:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 07:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 07:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 06:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 06:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 06:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/14 13:56:14 | 000,032,408 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2008/04/03 05:03:08 | 001,333,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/03/11 18:58:56 | 000,059,776 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2008/03/11 18:58:50 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2008/03/11 18:58:48 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2008/03/11 18:58:44 | 000,029,824 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2007/03/27 06:27:02 | 000,543,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/02/27 15:31:30 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2007/02/27 15:31:28 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/27 15:31:18 | 000,017,792 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/01/23 20:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2006/12/26 16:35:24 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2005/12/31 19:18:39 | 000,008,864 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2005/07/06 07:24:28 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/04/29 00:37:50 | 001,132,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/19 12:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/15 15:46:04 | 000,029,056 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/03/15 17:32:00 | 000,008,704 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/03/04 16:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/02/25 02:33:26 | 000,102,320 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/11/15 18:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/30 01:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2004/07/30 01:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2004/06/28 12:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2003/10/27 18:59:00 | 000,013,842 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/09/19 17:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/06/11 10:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/05/19 12:42:34 | 000,016,772 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/10/21 18:55:27 | 000,037,408 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-1935131824-3669761680-3639548161-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://ptaweb.state.wi.us/PTAWeb/default.asp?msg=Please enter both an ID and password.
IE - HKU\S-1-5-21-1935131824-3669761680-3639548161-1003\Software\Microsoft\Internet Explorer\SearchURL\Google, = www.google.com/search?q=%s
IE - HKU\S-1-5-21-1935131824-3669761680-3639548161-1003\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKU\S-1-5-21-1935131824-3669761680-3639548161-1003\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKU\S-1-5-21-1935131824-3669761680-3639548161-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1935131824-3669761680-3639548161-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.channel3000.com/index.html "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 13:36:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/08 23:43:20 | 000,000,000 | ---D | M]

[2008/09/07 21:34:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/05/14 17:07:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1sp8ye0z.default\extensions
[2011/04/07 21:22:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1sp8ye0z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2006/01/28 18:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1sp8ye0z.default\extensions\temp
[2011/05/14 17:01:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/03 09:12:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/12/21 23:49:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-1935131824-3669761680-3639548161-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [SmithMicro QLM] C:\Program Files\US Cellular\QuickLink Mobile\QLM.exe (QLM)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TOSHIBA Accessibility] C:\Program Files\Toshiba\Accessibility\FnKeyHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TPNF] C:\Program Files\Toshiba\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ZoomingHook] C:\WINDOWS\System32\ZoomingHook.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935131824-3669761680-3639548161-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1935131824-3669761680-3639548161-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1935131824-3669761680-3639548161-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O15 - HKU\S-1-5-21-1935131824-3669761680-3639548161-1003\..Trusted Domains: state.wi.us ([ptaweb] https in Trusted sites)
O15 - HKU\S-1-5-21-1935131824-3669761680-3639548161-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261455005240 (WUWebControl Class)
O16 - DPF: {819F4767-7EFB-11D2-B7D1-0000F67E39D0} https://ptaweb.state.wi.us/PTAWeb/DLLs/WrkTimes.CAB (WrkTimes.ctlWorkTimes)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{93795d80-0ce3-11dd-b954-0011f573f451}\Shell - " " = AutoRun
O33 - MountPoints2\{93795d80-0ce3-11dd-b954-0011f573f451}\Shell\AutoRun - " " = Auto&Play
O33 - MountPoints2\{93795d80-0ce3-11dd-b954-0011f573f451}\Shell\AutoRun\command - " " = E:\LaunchU3.exe -a
O33 - MountPoints2\{cc8b38b0-0d61-11e0-bfb5-0011f573f451}\Shell - " " = AutoRun
O33 - MountPoints2\{cc8b38b0-0d61-11e0-bfb5-0011f573f451}\Shell\AutoRun - " " = Auto&Play
O33 - MountPoints2\{cc8b38b0-0d61-11e0-bfb5-0011f573f451}\Shell\AutoRun\command - " " = E:\DigitalPhotoViewer.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620634377289728)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/15 21:02:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/05/14 23:58:12 | 000,000,000 | --SD | C] -- C:\broni
[2011/05/14 21:20:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/14 21:16:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/14 21:16:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/14 21:16:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/14 21:16:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/14 21:16:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/14 21:15:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/14 16:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
[2011/05/13 21:07:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/13 21:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/13 21:07:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/13 21:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/13 20:03:50 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/12 23:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/05/12 22:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IObit
[2011/05/12 22:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/05/09 08:37:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/05/08 23:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/05/08 23:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2005/07/06 07:24:25 | 000,028,672 | ---- | C] ( ) -- C:\WINDOWS\System32\ControlACS.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/15 21:02:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/05/15 20:52:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/15 20:51:59 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/14 21:20:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/14 19:00:54 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/05/14 16:41:23 | 001,280,208 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2011/05/13 21:07:35 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 18:39:14 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/13 18:30:32 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/05/13 18:29:54 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2011/05/13 18:29:02 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\h59xj5j9.exe
[2011/05/13 07:44:06 | 000,442,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/13 07:44:06 | 000,071,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/13 01:06:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/12 22:23:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/12 10:04:36 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/10 07:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/10 07:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/10 07:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/10 07:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/10 07:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/10 07:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/10 07:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/10 06:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/10 06:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/10 06:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/08 23:43:26 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/08 23:43:26 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/06 09:06:54 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/05/02 19:47:47 | 000,000,516 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2011/04/20 23:44:42 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/20 23:42:11 | 000,056,808 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LexusKA.jpg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/14 23:22:31 | 468,242,432 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/14 21:20:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/14 21:20:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/14 21:16:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/14 21:16:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/14 21:16:52 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/14 21:16:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/14 21:16:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/14 19:00:52 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/05/14 16:41:12 | 001,280,208 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2011/05/13 21:07:35 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 20:03:53 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/05/13 20:03:51 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2011/05/13 20:03:50 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\h59xj5j9.exe
[2011/05/13 01:00:32 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/05/08 23:43:26 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/08 23:43:26 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/20 23:42:11 | 000,056,808 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LexusKA.jpg
[2007/01/25 17:05:28 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\usb.dat.bin
[2006/12/26 17:22:37 | 000,018,969 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/12/31 19:18:42 | 000,112,128 | RH-- | C] () -- C:\WINDOWS\CdaC14BA.DLL
[2005/12/31 19:18:42 | 000,030,720 | RH-- | C] () -- C:\WINDOWS\CdaC13BA.EXE
[2005/12/31 19:18:40 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS
[2005/12/29 12:06:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/10/26 09:12:50 | 000,072,704 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/25 20:29:26 | 000,000,516 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/08/25 20:28:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll
[2005/08/25 20:28:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBLIH.EXE
[2005/08/25 20:28:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2005/08/25 20:28:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
[2005/08/16 15:32:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/08/08 13:35:14 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/08/08 13:34:49 | 000,003,445 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/07/31 19:23:00 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2005/07/06 07:30:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/06 07:30:10 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/06 07:24:25 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe
[2005/07/06 07:24:24 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2005/07/06 07:24:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2005/07/06 07:24:23 | 000,087,540 | ---- | C] () -- C:\WINDOWS\atiicdxx.dat
[2005/07/06 07:24:09 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2005/07/06 07:24:09 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\MFCFirstRemove.exe
[2005/07/06 07:24:04 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005/07/06 07:24:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005/07/06 07:24:04 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005/07/06 07:24:04 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005/05/13 23:21:13 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/13 23:19:52 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/13 23:19:52 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/13 23:19:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/13 23:19:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/13 23:19:52 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/13 23:19:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/13 22:26:39 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2005/05/13 22:25:25 | 000,034,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/05/13 22:25:25 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/05/13 22:24:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005/05/13 22:20:59 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2005/05/13 22:20:59 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/05/13 21:27:48 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/05/13 21:27:48 | 000,001,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/05/13 21:27:48 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxhweq.dat
[2005/05/13 21:11:04 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/13 21:07:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/13 21:02:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/13 21:01:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/13 20:10:10 | 000,000,347 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/13 20:06:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/05/13 20:05:59 | 000,442,704 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/05/13 20:05:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/05/13 20:05:59 | 000,071,930 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/05/13 20:05:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/05/13 20:05:56 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/05/13 20:05:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/05/13 20:05:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/05/13 20:05:37 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/05/13 20:05:36 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/05/13 20:05:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/05/13 20:05:06 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2005/05/13 13:57:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/13 13:56:24 | 000,216,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/04/08 18:42:06 | 000,087,540 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/03/28 17:59:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/03/28 17:44:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/03/25 11:59:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/03/15 12:50:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2005/02/28 17:28:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/10/21 18:55:27 | 000,037,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/05/09 20:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/29 18:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/05/12 23:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2005/10/27 10:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jes-Soft
[2008/01/24 00:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/10 22:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\US Cellular
[2005/05/13 23:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/02/10 22:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2005/05/13 22:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2005/05/13 22:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2010/02/23 23:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AnvSoft
[2010/12/13 22:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/18 12:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN
[2005/07/31 20:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2011/05/12 23:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2007/04/16 11:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sammsoft
[2005/05/13 22:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\toshiba
[2009/12/10 22:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\US Cellular

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/01/24 00:12:53 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/05/14 21:20:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/01/29 18:33:31 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
[2009/11/25 15:38:27 | 000,029,702 | ---- | M] () -- C:\drwtsn32.log
[2010/03/17 13:57:11 | 000,000,171 | ---- | M] () -- C:\garmin.log
[2011/05/15 20:51:59 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2005/05/13 21:05:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/05/13 23:22:53 | 000,000,893 | -H-- | M] () -- C:\IPH.PH
[2010/05/06 22:59:28 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2005/05/13 21:05:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 07:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/05/15 20:51:57 | 352,321,536 | -HS- | M] () -- C:\pagefile.sys
[2010/03/17 13:57:32 | 000,000,169 | ---- | M] () -- C:\PC_Basemap.log
[2011/05/14 23:57:15 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2011/05/14 16:50:33 | 000,044,498 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_14.05.2011_16.47.47_log.txt
[2011/05/14 17:06:15 | 000,044,498 | ---- | M] () -- C:\TDSSKiller.2.5.1.0_14.05.2011_17.05.04_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/05/13 21:04:29 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/07/29 04:36:00 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBLPP5C.DLL
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/10 07:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2004/12/08 18:04:46 | 000,045,056 | ---- | M] (TOSHIBA) -- C:\WINDOWS\cfdemo.scr
[2007/01/29 23:56:15 | 032,694,346 | ---- | M] (Goldshell Digital Media) -- C:\WINDOWS\sat_screensaver_30mb.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2005/09/27 11:20:45 | 000,001,530 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/05/13 13:56:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/05/13 13:56:00 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/05/13 13:56:00 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2005/05/13 21:05:15 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2005/04/29 17:33:34 | 000,004,096 | -HS- | M] () -- C:\WINDOWS\system32\Thumbs.db
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2005/07/31 14:40:36 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2002/05/06 13:19:45 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2009/05/29 20:27:46 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2011/05/13 18:29:02 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\h59xj5j9.exe
[2011/05/13 18:39:14 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/13 18:29:54 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2011/05/15 21:02:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/05/14 19:00:54 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 07:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2005/05/13 13:58:04 | 000,004,128 | ---- | M] () -- C:\WINDOWS\Driver Cache\INFCACHE.1

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/07/31 14:40:35 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/05/15 20:56:12 | 000,016,384 | -HS- | M] () -- C:\Documents and Settings\Owner\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/04 07:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 03:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 03:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/04 03:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/10/13 11:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 03:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 03:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 03:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 03:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 03:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\sat_screensaver_30mb.scr:SummaryInformation
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66E02052

< End of report >

 

OTL Extras logfile created on: 5/15/2011 9:07:10 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 216.00 Mb Available Physical Memory | 48.00% Memory free
718.00 Mb Paging File | 498.00 Mb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 14.56 Gb Free Space | 39.07% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-USER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1935131824-3669761680-3639548161-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002
"443:TCP" = 443:TCP:LocalSubNetisabled:java

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*isabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*isabled:QuickTime Player -- (Apple Computer, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Camera Window DVC
"{001EB665-D9EC-415E-9E13-AD2125B2B992}" = RAW Image Task 2.1
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1B15D991-5619-4BC1-B71E-3DE793B792FC}" = ArcSoft MediaConverter 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 25
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}" = Motorola Driver Installation
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{489B4046-7A60-4396-8AC8-D574939F3F49}" = US Cellular QuickLink Mobile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Lexmark Photo Center
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5B2C6141-F8CF-4BD5-B6CD-AEB55DEB1543}" = iQue 3600a Operating Instructions
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}" = Canon PhotoRecord
"{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = MovieEdit Task
"{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Camera Window DS
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{89EB3ED7-225A-412E-B048-623D502C000F}" = Camera Window MC
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"{A7C9EE7F-AB00-47D6-98D5-01AE126C7355}" = iQue - ContactLocation
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C865B036-B1D9-417F-BA37-E0D5D391B79F}" = Garmin PC Basemap v2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4194E5A-8CF9-4E0B-AD99-AE8FCBEBD381}" = Palm Desktop for Garmin iQue 3600a
"{E8F728D0-C3F0-42EB-BBC2-C4A38A577CB1}" = Motorola Phone Tools
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Any Video Converter_is1" = Any Video Converter 3.0.5
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Basketball Playbook_is1" = Basketball Playbook 008
"CdaC13Ba" = Cda Product Service - shared component
"CUZ4_is1" = CAM UnZip 4.42
"Fn-esse" = TOSHIBA Fn-esse
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{001AB29C-5468-4972-8D24-2EBDB2B12133}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Lexmark Photo Center
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{68D27126-BF6A-457D-8DD0-5F35E8D41310}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"InstallShield_{89EB3ED7-225A-412E-B048-623D502C000F}" = Canon Camera Window MC 5 for ZoomBrowser EX
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"InterActual Player" = InterActual Player
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notebook_Maximizer" = Notebook Maximizer
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"QuickTime" = QuickTime
"sat_screensaver_30mb.scr" = sat_screensaver_30mb
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.6
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

continued: