# Windows 7 Advanced DNS problem



## kremkrem (Oct 7, 2011)

Hello,
I have a serious problem with my laptop for a longer time (about 8 months) - it seems that DNS and network isn't working... but not at all. It has begun when I tried to install some proxy software. I was suspicious, when not only ZoneAlarm firewall was on the alert, but also Windows informed me that the instalator tried to put some troians/other viruses in core files of the system. This is why I aborted install process (not by using instalator, stopped by Windows "hammer stop" instead). It seems that no virus was left (at least Avast's full scan says so), but problems with network occured. Tried to fix it with instructions from other forums, but, to my surprise, it worked only for some of software. For example, the only working browser is Firefox (IE and Chrome are experiencing problems with dissolving the address, but works with typing pure IP), and many games and services work (YouTube, Minecraft, HL2 and all mods, Steam log in and update, Frozen Synapse), but some don't (Toribash, Vindictus, Steam browser, practically any MMO, any multi-over-internet flash game, any multi Unity game). I'm really getting pissed off, because I can't use my favourite Chrome on it, or try out Vindictus that was released recently. Please help, I have no idea what to do (except reinstalling/replacing Windows).
Tried changing DNS to manual, tried other ways of connecting internet (and LAN), tried DNS reset (with a funny command line I don't remember, used on Admin rights), tried AntiVirus scan (three times, detected about 10 viruses, already removed) but it only gave me this weird half-working state. Please help, I'm running out of ideas.

My computer:
HP Elitebook 2740p
licensed Windows 7 32-bit
using WiFi for network (tried other ways, no change)

some error logs:

Vindictus (and, extrapolating, any Nexon game):
URL : http://patch.nexoneu.com/Vindictus/en-EU/Output_Full/UpToDateInfo.txt
Buffer : 
InternetOpenUrl Error 12007
ł×Ć®żöĹ©·Î ĂÖ˝Ĺ ĆĐÄˇÁ¤ş¸¸¦ ŔĐľîżĂ Ľö ľř˝Ŕ´Ď´Ů. ŔÎĹÍłÝ Á˘ĽÓ żŔ·ů, ¶Ç´Â ŔĎ˝ĂŔű ĆĐÄˇ Ľ*ąö żŔ·ůŔĎ Ľö ŔÖ˝Ŕ´Ď´Ů.
<checked - 12007 Microsoft error - name not resolved>

Google Chrome (after typing "google.com"):
Błąd 137 (net::ERR_NAME_RESOLUTION_FAILED): Nieznany błąd.

Steam browser (on any website - store, community sections are included)
Unable to connect to server. Server may be offline or you may not connected to the internet.-105

I am aware that this info is far from enough, then feel free to ask about any info or logs or doing scans or whatever. I'm not gonna make it alone.

Krem


----------



## etaf (Oct 2, 2003)

sounds like you have a virus problem - have a read here 
http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

check a proxy - post back a tcp/ip reset and post an ipconfig /all

but i think you have a virus issue - so read the post and post the logs

*------------------------------------------------------------------------*

* Remove any proxy settings *
Check your browser's settings, remove or uncheck any proxy settings if found
http://www.library.kent.edu/page/14299

*------------------------------------------------------------------------*

*------------------------------------------------------------------------*

*TCP/IP stack repair options for use with Vista/Windows 7*

Start, Programs\Accessories and *right click on Command Prompt, select "Run as Administrator" *to open a command prompt.

_Note: Type only the text in *bold* for the following commands._

Reset WINSOCK entries to installation defaults: *netsh winsock reset catalog*

Reset IPv4 TCP/IP stack to installation defaults. *netsh int ipv4 reset reset.log*

Reset IPv6 TCP/IP stack to installation defaults. *netsh int ipv6 reset reset.log*

Reboot the machine.

If you receive the message 
*The requested operation requires elevation.*
Then please open the command prompt as administrator - as requested above 
Start, Programs\Accessories and *right click on Command Prompt, select "Run as Administrator" *to open a command prompt.

Post back the results here - we need to know these commands worked correctly
rightclick in the box
select all
enter
control key + C key - to copy
then reply here and 
control key + V to paste

*------------------------------------------------------------------------*

*------------------------------------------------------------------------*
* ipconfig /all *
If you cannot access the internet with this PC, then you will need to paste the results into something like notepad and then copy onto a machine that can access the internet and post results here

We would like to see the results from ipconfig /all post back the results in a reply here

Hold the *Windows* key and press *R*, then type *CMD* then press *Enter* to open a command prompt box (A new dialogue box - black with white font, will appear on screen ):

In the command prompt window that opens, type the following command:

_Note that there is a space before the /ALL, but there is *NOT* a space after the / in the following command._

* ipconfig /all > network.txt & network.txt *

It will export the results to notepad and then automatically open notepad.

Now all you need to do is copy and paste those results to a reply here
to do that:
From the notepad menu - choose *Edit* - *Select all* 
all the text will be highlighted
Next
From the notepad menu - choose *Edit* - *Copy*
Now go back to the forum - reply and then right click in the reply box and *paste* 
*------------------------------------------------------------------------*


----------



## kremkrem (Oct 7, 2011)

While doing something else, I had a little accident with browser and lost hour worth of gathering logs from "what I should have posted". First, I'm not a total noob, I know how to use command line (something I love at linux), how I launch it in administrative rights. Because I've not read that I have to copy, I'll only say that I received something like "Winsock catalog reset successful", for IPv4 I got that settings where reset correctly, and in IPv6 that there were no common settings (I don't use it, not big surprise). Gonna reboot now and after that I'll send the logs from HijackThis etc.
By the way, sorry for not posting them, but I went to this point from google, haven't been on the main page X/.


----------



## kremkrem (Oct 7, 2011)

I can't upload files... in some ways. The way this forum does is one of them. Sorry, everything to publish (my private programs  )
Ok, I'm writing it third time, the other two crashed at sending.
Two things should be additionally mentioned:
1. netsh didn't change a thing
2. HijackThis popped a window that it can't access some system file called "C:/Windows/drivers/etc/hosts". It can be that I tried to modify it as one of advices from other forum. Oh well...

There are logs:

HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:19:57, on 2011-10-07
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\Explorer.EXE
C:\Program Files\WTouch\WTouchUser.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\snuvcdsm.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\slawek\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\slawek\Downloads\HijackThis.exe
C:\windows\system32\cmd.exe
C:\windows\system32\conhost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 8.8.8.8:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\slawek\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~1\ALLPLA~1\Iplex\IPLEXT~1.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SNUVCDSM] C:\windows\snuvcdsm.exe
O4 - HKLM\..\Run: [HP Connection Manager.exe] "C:\Program Files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Users\slawek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [DAT7FDC.tmp.exe] C:\Users\slawek\AppData\Local\Temp\DAT7FDC.tmp.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\slawek\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\slawek\AppData\Roaming\FlashGetBHO\GetUrl.htm
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4121C421-93E2-48AF-AD67-F9D723C5F13D}: NameServer = 193.41.112.14 193.41.112.18
O17 - HKLM\System\CCS\Services\Tcpip\..\{45A9A540-B186-48BF-B952-5B73D6048E3B}: NameServer = 193.41.112.14 193.41.112.18
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF8C3EE3-93D2-4438-974E-80FE5C392990}: NameServer = 213.158.199.1 213.158.199.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{4121C421-93E2-48AF-AD67-F9D723C5F13D}: NameServer = 193.41.112.14 193.41.112.18
O17 - HKLM\System\CS2\Services\Tcpip\..\{4121C421-93E2-48AF-AD67-F9D723C5F13D}: NameServer = 193.41.112.14 193.41.112.18
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP SkyRoom (Hp.Skyroom.Windows.Service) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: Qualcomm Gobi 2000 Download Service (HP) (QDLService2kHP) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
O23 - Service: Remote Graphics Sender Service (rgsender) - Hewlett-Packard, Inc. - c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: HP Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

--
End of file - 12723 bytes

DDS (DDS.txt):

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by slawek at 22:03:08 on 2011-10-07
Microsoft Windows 7 Professional 6.1.7600.0.1250.48.1045.18.2991.1506 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\STacSV.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\Program Files\WTouch\WTouchService.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\ProgramData\DatacardService\DCService.exe
c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\windows\system32\Dwm.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
C:\windows\system32\conhost.exe
C:\ProgramData\DatacardService\DCSHelper.exe
c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\windows\system32\conhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\snuvcdsm.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\slawek\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\windows\system32\igfxext.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\windows\system32\sppsvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mDefault_Page_URL = hxxp://www.bing.com
mStart Page = hxxp://www.bing.com
uInternet Settings,ProxyServer = 8.8.8.8:80
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\hewlett-packard\hp protecttools security manager\bin\DPAgent.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\hewlett-packard\hp protecttools security manager\bin\DpOtsPluginIe8.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\slawek\appdata\roaming\flashgetbho\FlashGetBHO3.dll
BHO: WhIeHelperObj Class: {c900b400-cdfe-11d3-976a-00e02913a9e0} - c:\program files\webhancer\programs\whiehlpr.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: IplexToALLPlayer: {df925ef3-7a87-44e4-9caf-8d7b280bf616} - c:\progra~1\allpla~1\iplex\IPLEXT~1.DLL
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Google Update] "c:\users\slawek\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [ALLUpdate] "c:\program files\allplayer\ALLUpdate.exe" "sleep"
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [DAT7FDC.tmp.exe] c:\users\slawek\appdata\local\temp\DAT7FDC.tmp.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HPPowerAssistant] c:\program files\hewlett-packard\hp power assistant\HPPA_Main.exe /hidden
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [SNUVCDSM] c:\windows\snuvcdsm.exe
mRun: [<NO NAME>] 
mRun: [HP Connection Manager.exe] "c:\program files\hewlett-packard\hp connection manager\HP Connection Manager.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\slawek\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 3 (0x3)
IE: Download all by FlashGet3 - c:\users\slawek\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\slawek\appdata\roaming\flashgetbho\GetUrl.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: Interfaces\{4121C421-93E2-48AF-AD67-F9D723C5F13D} : NameServer = 193.41.112.14 193.41.112.18
TCP: Interfaces\{45A9A540-B186-48BF-B952-5B73D6048E3B} : NameServer = 193.41.112.14 193.41.112.18
TCP: Interfaces\{BF8C3EE3-93D2-4438-974E-80FE5C392990} : NameServer = 213.158.199.1 213.158.199.5
TCP: Interfaces\{F491F92D-0F6E-45A5-9A24-6DD0DF4C4FB4} : DhcpNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = DPPassFilter scecli
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\slawek\appdata\roaming\mozilla\firefox\profiles\55dagbb8.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\hewlett-packard\hp protecttools security manager\bin\firefoxext\components\dpffcli.dll
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\programdata\nexoneu\ngm\npNxGameeu.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\slawek\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\slawek\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2010-1-26 51800]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2010-1-26 13256]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-28 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-28 320856]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-7-29 218688]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2010-1-26 40088]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\AEstSrv.exe [2010-11-14 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-28 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-7-28 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-11 44768]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-5-8 229376]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2009-12-16 102968]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\2009 password filter for hp protecttools\PTChangeFilterService.exe [2010-1-12 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-1-27 102968]
R2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\hewlett-packard\hp skyroom\Hp.Skyroom.Windows.Service.exe [2009-11-21 124984]
R2 HPDayStarterService;HP DayStarter Service;c:\program files\hewlett-packard\hp quicklook\HPDayStarterService.exe [2010-6-14 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2010-1-26 281192]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 26168]
R2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\qualcomm\qdlservice2k\QDLService2kHP.exe [2010-1-19 330488]
R2 rgsender;Remote Graphics Sender Service;c:\program files\hewlett-packard\hp skyroom\remote graphics sender\rgsendersvc.exe [2010-11-14 379904]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]
R2 SMManager;HP Connection Manager Service;c:\program files\hewlett-packard\hp connection manager\SMManager.exe [2009-12-3 82760]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-11-14 2320920]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-11-14 98160]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-9-4 227896]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-9-4 215208]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-9-19 70656]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-1-7 132352]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2009-11-27 209920]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-2-1 6755840]
R3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D);c:\windows\system32\drivers\qcfilterhp2k.sys [2010-1-19 5248]
R3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\drivers\qcusbnethp2k.sys [2010-1-19 206848]
R3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\drivers\qcusbserhp2k.sys [2010-1-19 106368]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2010-9-4 49152]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 wacomvthid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-11-14 13480]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2010-12-13 37104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-9-4 48640]
S2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-9-4 47616]
S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-9-4 38912]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-1-21 1639728]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-11-14 29472]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-9-19 101504]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-9-19 206336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 StorSvc;Usługa magazynu;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-9 1343400]
.
=============== Created Last 30 ================
.
2011-10-06 18:08:26 -------- d-----w- C:\Nexon
2011-10-06 18:06:58 -------- d-----w- c:\programdata\NexonEU
2011-10-06 15:49:32 -------- d-----w- c:\users\slawek\appdata\local\Zachtronics Industries
2011-10-06 15:28:47 -------- d-----w- c:\program files\Zachtronics Industries
2011-10-05 15:00:28 0 ---ha-w- c:\users\slawek\BITE045.tmp
2011-10-01 05:01:24 -------- d-----w- C:\FrozenSynapse
2011-09-24 16:02:02 -------- d-----w- c:\users\slawek\appdata\local\Eclipse
2011-09-24 16:01:39 -------- d-----w- c:\users\slawek\workspace
2011-09-19 18:19:04 70656 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2011-09-19 18:19:04 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2011-09-19 18:19:04 51584 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2011-09-19 18:19:04 26880 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2011-09-19 18:19:04 167936 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2011-09-19 18:19:04 1461992 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01009.dll
2011-09-19 18:18:57 27136 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-09-19 18:18:57 206336 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-09-19 18:18:57 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2011-09-19 18:18:57 105984 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-09-19 18:18:49 101504 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2011-09-19 18:18:07 -------- d-----w- c:\program files\Internet w Cyfrowym Polsacie
2011-09-19 18:17:27 -------- d-----w- c:\programdata\DatacardService
2011-09-12 16:59:37 -------- d-----w- c:\program files\Lame For Audacity
2011-09-08 19:34:28 -------- d-----w- c:\users\slawek\appdata\roaming\Golly
.
==================== Find3M ====================
.
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-01 14:19:51 32 ----a-w- c:\windows\system32\mnprxpd2d.bin
2011-08-31 10:25:44 0 ----a-w- c:\windows\system32\shoB0E.tmp
2011-08-24 12:54:59 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-24 12:54:59 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-24 12:54:56 809496 ----a-r- c:\windows\system32\tmp8881.tmp
2011-08-24 12:54:56 809496 ----a-r- c:\windows\system32\tmp8880.tmp
2011-07-29 07:47:50 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: TOSHIBA_ rev.QS00 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83042000]<< >>UNKNOWN [0x8BDB0000]<< >>UNKNOWN [0x8C9CA000]<< >>UNKNOWN [0x8C98F000]<< >>UNKNOWN [0x8300B000]<< >>UNKNOWN [0x837A7000]<< >>UNKNOWN [0x8BF03000]<< >>UNKNOWN [0x8BABA000]<< 
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x8307E448] -> \Device\Harddisk0\DR0[0x879E2368]
\Driver\Disk[0x879E0C98] -> IRP_MJ_CREATE -> 0x8BDB439F
3 [0x8BDB459E] -> ntkrnlpa!IofCallDriver[0x8307E448] -> [0x879E3080]
\Driver\hpdskflt[0x8799D7D8] -> IRP_MJ_CREATE -> 0x8C990FB0
5 [0x8C991090] -> ntkrnlpa!IofCallDriver[0x8307E448] -> [0x86F1C958]
\Driver\ACPI[0x86DCFE38] -> IRP_MJ_CREATE -> 0x837B04AA
7 [0x837B03B2] -> ntkrnlpa!IofCallDriver[0x8307E448] -> \Device\Ide\IAAStorageDevice-0[0x86EA9028]
\Driver\iaStor[0x86F18AE0] -> IRP_MJ_CREATE -> 0x8BF4D770
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK 
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:04:26,64 ===============

DDS (Attach.txt):

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 2010-12-08 13:22:04
System Uptime: 2011-10-07 21:58:52 (1 hours ago)
.
Motherboard: Hewlett-Packard | | 7007
Processor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz | CPU 1 | 2508/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 216 GiB total, 103,443 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (FAT32) - 2 GiB total, 1,378 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Intel(R) Management Engine Interface
Device ID: PCI\VEN_8086&DEV_3B64&SUBSYS_7007103C&REV_06\3&21436425&0&B0
Manufacturer: Intel
Name: Intel(R) Management Engine Interface
PNP Device ID: PCI\VEN_8086&DEV_3B64&SUBSYS_7007103C&REV_06\3&21436425&0&B0
Service: HECI
.
Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
Description: Intel(R) Active Management Technology - SOL
Device ID: PCI\VEN_8086&DEV_3B67&SUBSYS_7007103C&REV_06\3&21436425&0&B3
Manufacturer: Intel
Name: Intel(R) Active Management Technology - SOL (COM4)
PNP Device ID: PCI\VEN_8086&DEV_3B67&SUBSYS_7007103C&REV_06\3&21436425&0&B3
Service: Serial
.
==== System Restore Points ===================
.
RP185: 2011-09-24 11:24:53 - Zaplanowany punkt kontrolny
RP186: 2011-10-01 19:59:31 - Zaplanowany punkt kontrolny
RP187: 2011-10-06 21:44:53 - Przed_operacja
.
==== Installed Programs ======================
.
Able MIDI Editor 1.32 (remove only)
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2 - Polish
AGEIA PhysX v7.09.13
ALLPlayer V4.X
Altitude 
Atom Zombie Smasher
Audacity 1.3.12 (Unicode)
avast! Free Antivirus
Bandisoft MPEG-1 Decoder
Bing Rewards Client Installer
Broadcom 2070 Bluetooth 2.1 + EDR
Cogs
DAEMON Tools Lite
DAEMON Tools Toolbar
Dev-C++ 5 beta 9 release (4.9.9.2)
Drive Encryption for HP ProtectTools
Dungeon Crawl Stone Soup
Energy Star Digital Logo
Fiddler2
FlashGet 3.7
Foldit
FreeMind
Frozen Synapse
GIMP 2.6.11
Google Chrome
Guilty Gear Isuka
Half-Life 2: Deathmatch
Hex Online
HP 3D DriveGuard
HP Business Card Reader
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP ESU for Microsoft Windows 7
HP Power Assistant
HP Power Data
HP ProtectTools Security Manager
HP Quick Launch Buttons
HP QuickLook
HP QuickWeb
HP Setup
HP SkyRoom
HP SoftPaq Download Manager
HP Software Framework
HP Software Setup
HP Wallpaper
HP Web Camera
HP Webcam
HP Webcam Driver
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Network Connections Drivers
Intel® Matrix Storage Manager
Internet w Cyfrowym Polsacie
IZArc 4.1.2
Jack Claw
Japoński Multimedialny Kurs podstawowy
Java Auto Updater
Java(TM) 6 Update 16
Java(TM) 6 Update 22
LAME v3.98.3 for Audacity
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile PLK Language Pack
Microsoft Office 2010
Microsoft Office Starter 2010 - Polski
Microsoft Silverlight
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Moduł Szybka instalacja pakietu Microsoft Office 2010
Mozilla Firefox 6.0.2 (x86 pl)
Mozilla Thunderbird (3.1.10)
Nexon Game Manager
OJOsoft Total Video Converter
OpenAL
OpenOffice.org 3.1
osu!
Pirates, Vikings, & Knights II
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
Pre-Boot Security for HP ProtectTools
Process Hacker 1.11
QLBCASL
Qualcomm Gobi 2000 Package for HP
Quick Memory Editor 5.5
Remote Graphics Receiver
Remote Graphics Sender
RICOH Media Driver
Sid Meier's Pirates!
Source Multiplayer Dedicated Server
Source SDK
SpaceChem
SpeedFan (remove only)
Steam
Sterownik dotykowy?(touch)
Synaptics Pointing Device Driver
Theft Recovery
Unity Web Player
Validity Fingerprint Driver
Vindictus EU
Windows 7 Default Setting
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live ID Sign-in Assistant
WinFF 1.3.2
WinPcap 4.1.2
Wise PC Engineer 6.3.8
Xvid Video Codec
YouTube Downloader 2.7
ZoneAlarm
.
==== End Of File ===========================

GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-07 20:20:40
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.QS00
Running: c14ibz9g.exe; Driver: C:\Users\slawek\AppData\Local\Temp\ufdcrpob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x91127374]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9510A2B8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x920F6BBA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0x920F748A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x920F6610]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x91129996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x911299EE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x920EFE42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x91129B04]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x92111760]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x911298EC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x920F711A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x9210B5AE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x9210B9D6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x92115EE0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x91129940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x91129AB2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x9210BE4A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x920F7278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x91127398]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x920F0B7E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x92113212]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x92112B06]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x9210A38E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9510A368]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x91127162]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x92113BE0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x92113E1E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x921142D0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x911273BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x91129EFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x91127E54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x911299C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x91129A16]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x920F0730]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x91129B2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x91129918]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x9210DAD4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x91129A7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9112996E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0x9210D6C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x91129ADC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9510A400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x91127D1A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x92114CB8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x9211459A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x920F61A4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x9211571E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x920F68DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x911273E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x91127404]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x920F0F8A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x92115242]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x911271BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x911272F8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x92112226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x911272D4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x9210C6D4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x9210C404]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x91127428]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83045589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8306A092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 214 83071824 4 Bytes [74, 73, 12, 91]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 8307184C 4 Bytes [B8, A2, 10, 95]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 83071858 8 Bytes [BA, 6B, 0F, 92, 8A, 74, 0F, ...] {MOV EDX, 0x8a920f6b; JZ 0x16; XCHG EDX, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 830718EC 4 Bytes [10, 66, 0F, 92] {ADC [ESI+0xf], AH; XCHG EDX, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 2F0 83071900 16 Bytes [96, 99, 12, 91, EE, 99, 12, ...]
.text ... 
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8320B2CB 5 Bytes JMP 9511B3DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 83225003 5 Bytes JMP 9511CE9C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8326F5CA 4 Bytes CALL 911284C5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 832776A5 4 Bytes CALL 911284DB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text sptd.sys 8BA35000 8 Bytes [8E, 7A, 41, 83, A0, 57, 41, ...]
.text sptd.sys 8BA35009 23 Bytes [57, 41, 83, A6, F1, 41, 83, ...]
.text sptd.sys 8BA35024 4 Bytes [32, 15, B6, 8B]
.text sptd.sys 8BA3502C 42 Bytes [F5, 72, 1A, 83, D8, FE, 03, ...]
.text sptd.sys 8BA35057 3 Bytes [83, 23, F4] {AND DWORD [EBX], -0xc}
.text ... 
.sptd2 C:\windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8BB0F0AD]
? C:\windows\System32\Drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
? C:\windows\System32\Drivers\SafeBoot.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces.
.text USBPORT.SYS!DllUnload 95E3CCA0 5 Bytes JMP 880AD1C8 
.text win32k.sys!EngMultiByteToUnicodeN + 7246  8277988F 5 Bytes JMP 9112A4BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngIsSemaphoreOwned + 8A1B 827908BF 5 Bytes JMP 9112A5E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + BFF3 827B1592 5 Bytes JMP 9112AFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 3322 827C4DAF 5 Bytes JMP 9112A0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4027 827C5AB4 5 Bytes JMP 9112AD7E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + 177B 827CB3E5 5 Bytes JMP 9112A4CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 79A5 827E7900 5 Bytes JMP 9112A14A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 868C 827E85E7 5 Bytes JMP 91129FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 927C 827E91D7 5 Bytes JMP 9112A326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateSemaphore + A803 828041DC 5 Bytes JMP 9112AD0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateSemaphore + CBB8 82806591 5 Bytes JMP 91129F32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 56E 8280FBCD 5 Bytes JMP 9112AD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 5201 82814860 5 Bytes JMP 9112B1BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 6119 82827A8A 5 Bytes JMP 9112A016 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 1AE86 8283C7F7 5 Bytes JMP 9112AD96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_bEnum + 9780 8284FCEC 5 Bytes JMP 9112A28E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26C1 82857DCA 5 Bytes JMP 9112B070 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bPolyBezierTo + F8 8286B71C 3 Bytes JMP 9112A254 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bPolyBezierTo + FC 8286B720 1 Byte [0E]
.text win32k.sys!EngAcquireSemaphoreSharedNoWait + 1F5A 8287B760 5 Bytes JMP 9112B118 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + EB5 828A60AF 5 Bytes JMP 9112A1AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetCurrentGamma + 1C7A 828AA0CC 5 Bytes JMP 9112A1E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetPointerShape + C86 828ACD49 5 Bytes JMP 9112AEFA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_cEnumStart + 6D0A 828B5A05 5 Bytes JMP 9112A096 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\Users\slawek\AppData\Local\Temp\mbr.sys Nie można odnaleźć określonego pliku. !

---- User code sections - GMER 1.0.15 ----

.text  C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[308] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[308] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[308] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[308] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00210A08 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[308] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002103FC 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[308] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00210804 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[308] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002101F8 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[308] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00210600 
.text C:\windows\system32\csrss.exe[536] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\wininit.exe[604] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000303FC 
.text C:\windows\system32\wininit.exe[604] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000301F8 
.text C:\windows\system32\wininit.exe[604] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\wininit.exe[604] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 000C0A08 
.text C:\windows\system32\wininit.exe[604] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 000C03FC 
.text C:\windows\system32\wininit.exe[604] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 000C0804 
.text C:\windows\system32\wininit.exe[604] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 000C01F8 
.text C:\windows\system32\wininit.exe[604] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 000C0600 
.text C:\windows\system32\csrss.exe[616] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\services.exe[664] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\system32\services.exe[664] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\system32\services.exe[664] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\lsass.exe[696] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\system32\lsass.exe[696] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\system32\lsass.exe[696] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[700] kernel32.dll!SetUnhandledExceptionFilter 75B53162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[700] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\lsm.exe[704] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\system32\lsm.exe[704] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\system32\lsm.exe[704] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[780] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\Program Files\Mozilla Firefox\firefox.exe[780] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\Program Files\Mozilla Firefox\firefox.exe[780] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[780] USER32.dll!UnhookWindowsHookEx  7722CC7B 5 Bytes JMP 00170A08 
.text C:\Program Files\Mozilla Firefox\firefox.exe[780] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001703FC 
.text C:\Program Files\Mozilla Firefox\firefox.exe[780] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00170804 
.text C:\Program Files\Mozilla Firefox\firefox.exe[780] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001701F8 
.text C:\Program Files\Mozilla Firefox\firefox.exe[780] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00170600 
.text C:\windows\system32\svchost.exe[800] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\system32\svchost.exe[800] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\system32\svchost.exe[800] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\winlogon.exe[836] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000303FC 
.text C:\windows\system32\winlogon.exe[836] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000301F8 
.text C:\windows\system32\winlogon.exe[836] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\winlogon.exe[836] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00050A08 
.text C:\windows\system32\winlogon.exe[836] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 000503FC 
.text C:\windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00050804 
.text C:\windows\system32\winlogon.exe[836] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 000501F8 
.text C:\windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00050600 
.text C:\Users\slawek\Downloads\HijackThis.exe[868] ntdll.dll!LdrUnloadDll  7734BEAF 5 Bytes JMP 001503FC 
.text C:\Users\slawek\Downloads\HijackThis.exe[868] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001501F8 
.text C:\Users\slawek\Downloads\HijackThis.exe[868] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Users\slawek\Downloads\HijackThis.exe[868] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00170A08 
.text C:\Users\slawek\Downloads\HijackThis.exe[868] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001703FC 
.text C:\Users\slawek\Downloads\HijackThis.exe[868] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00170804 
.text C:\Users\slawek\Downloads\HijackThis.exe[868] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001701F8 
.text C:\Users\slawek\Downloads\HijackThis.exe[868] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00170600 
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[912] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[912] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[912] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[912] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00200A08 
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[912] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002003FC 
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[912] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00200804 
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[912] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002001F8 
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[912] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00200600 
.text C:\windows\system32\svchost.exe[960] ntdll.dll!LdrUnloadDll  7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\system32\svchost.exe[960] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\system32\svchost.exe[960] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\System32\svchost.exe[1044] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\System32\svchost.exe[1044] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\System32\svchost.exe[1044] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\System32\svchost.exe[1044] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 001F0A08 
.text C:\windows\System32\svchost.exe[1044] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001F03FC 
.text C:\windows\System32\svchost.exe[1044] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 001F0804 
.text C:\windows\System32\svchost.exe[1044] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001F01F8 
.text C:\windows\System32\svchost.exe[1044] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 001F0600 
.text C:\windows\System32\svchost.exe[1092] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\System32\svchost.exe[1092] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\System32\svchost.exe[1092] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\System32\svchost.exe[1092] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 008F0A08 
.text C:\windows\System32\svchost.exe[1092] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 008F03FC 
.text C:\windows\System32\svchost.exe[1092] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 008F0804 
.text C:\windows\System32\svchost.exe[1092] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 008F01F8 
.text C:\windows\System32\svchost.exe[1092] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 008F0600 
.text C:\windows\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\system32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00AA0A08 
.text C:\windows\system32\svchost.exe[1124] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 00AA03FC 
.text C:\windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00AA0804 
.text C:\windows\system32\svchost.exe[1124] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 00AA01F8 
.text C:\windows\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00AA0600 
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\STacSV.exe[1152] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\STacSV.exe[1152] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\STacSV.exe[1152] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\STacSV.exe[1152] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00190A08 
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\STacSV.exe[1152] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001903FC 
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\STacSV.exe[1152] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00190804 
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\STacSV.exe[1152] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001901F8 
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\STacSV.exe[1152] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00190600 
.text C:\windows\system32\svchost.exe[1440] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\system32\svchost.exe[1440] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\system32\svchost.exe[1440] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\svchost.exe[1440] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00A00A08 
.text C:\windows\system32\svchost.exe[1440] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 00A003FC 
.text C:\windows\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00A00804 
.text C:\windows\system32\svchost.exe[1440] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 00A001F8 
.text C:\windows\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00A00600 
.text C:\windows\system32\Hpservice.exe[1540] ntdll.dll!LdrUnloadDll  7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\system32\Hpservice.exe[1540] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\system32\Hpservice.exe[1540] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\Hpservice.exe[1540] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00100A08 
.text C:\windows\system32\Hpservice.exe[1540] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001003FC 
.text C:\windows\system32\Hpservice.exe[1540] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00100804 
.text C:\windows\system32\Hpservice.exe[1540] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001001F8 
.text C:\windows\system32\Hpservice.exe[1540] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00100600 
.text C:\Program Files\WTouch\WTouchService.exe[1600] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\WTouch\WTouchService.exe[1600] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\WTouch\WTouchService.exe[1600] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\WTouch\WTouchService.exe[1600] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 001F0A08 
.text C:\Program Files\WTouch\WTouchService.exe[1600] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001F03FC 
.text C:\Program Files\WTouch\WTouchService.exe[1600] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 001F0804 
.text C:\Program Files\WTouch\WTouchService.exe[1600] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001F01F8 
.text C:\Program Files\WTouch\WTouchService.exe[1600] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 001F0600 
.text C:\windows\SYSTEM32\WISPTIS.EXE[1608] ntdll.dll!LdrUnloadDll  7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\SYSTEM32\WISPTIS.EXE[1608] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\SYSTEM32\WISPTIS.EXE[1608] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\SYSTEM32\WISPTIS.EXE[1608] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00090A08 
.text C:\windows\SYSTEM32\WISPTIS.EXE[1608] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 000903FC 
.text C:\windows\SYSTEM32\WISPTIS.EXE[1608] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00090804 
.text C:\windows\SYSTEM32\WISPTIS.EXE[1608] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 000901F8 
.text C:\windows\SYSTEM32\WISPTIS.EXE[1608] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00090600 
.text C:\windows\system32\svchost.exe[1748] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\system32\svchost.exe[1748] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\system32\svchost.exe[1748] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\svchost.exe[1748] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00EF0A08 
.text C:\windows\system32\svchost.exe[1748] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 00EF03FC 
.text C:\windows\system32\svchost.exe[1748] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00EF0804 
.text C:\windows\system32\svchost.exe[1748] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 00EF01F8 
.text C:\windows\system32\svchost.exe[1748] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00EF0600 
.text C:\Windows\System32\ZoneLabs\vsmon.exe[1872] ntdll.dll!LdrUnloadDll  7734BEAF 5 Bytes JMP 000603FC 
.text C:\Windows\System32\ZoneLabs\vsmon.exe[1872] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\Windows\System32\ZoneLabs\vsmon.exe[1872] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Windows\System32\ZoneLabs\vsmon.exe[1872] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00130A08 
.text C:\Windows\System32\ZoneLabs\vsmon.exe[1872] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001303FC 
.text C:\Windows\System32\ZoneLabs\vsmon.exe[1872] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00130804 
.text C:\Windows\System32\ZoneLabs\vsmon.exe[1872] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001301F8 
.text C:\Windows\System32\ZoneLabs\vsmon.exe[1872] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00130600 
.text C:\windows\system32\svchost.exe[1996] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\system32\svchost.exe[1996] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\system32\svchost.exe[1996] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\svchost.exe[1996] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00240A08 
.text C:\windows\system32\svchost.exe[1996] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002403FC 
.text C:\windows\system32\svchost.exe[1996] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00240804 
.text C:\windows\system32\svchost.exe[1996] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002401F8 
.text C:\windows\system32\svchost.exe[1996] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00240600 
.text C:\windows\System32\spoolsv.exe[2128] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\System32\spoolsv.exe[2128] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\System32\spoolsv.exe[2128] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\System32\spoolsv.exe[2128] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00100A08 
.text C:\windows\System32\spoolsv.exe[2128] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001003FC 
.text C:\windows\System32\spoolsv.exe[2128] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00100804 
.text C:\windows\System32\spoolsv.exe[2128] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001001F8 
.text C:\windows\System32\spoolsv.exe[2128] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00100600 
.text C:\windows\system32\svchost.exe[2160] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\system32\svchost.exe[2160] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\system32\svchost.exe[2160] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\svchost.exe[2160] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00980A08 
.text C:\windows\system32\svchost.exe[2160] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 009803FC 
.text C:\windows\system32\svchost.exe[2160] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00980804 
.text C:\windows\system32\svchost.exe[2160] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 009801F8 
.text C:\windows\system32\svchost.exe[2160] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00980600 
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[2192] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[2192] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[2192] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[2192] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00180A08 
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[2192] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001803FC 
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[2192] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00180804 
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[2192] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001801F8 
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[2192] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00180600 
.text C:\windows\system32\cmd.exe[2216] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\system32\cmd.exe[2216] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\system32\cmd.exe[2216] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\cmd.exe[2216] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00100A08 
.text C:\windows\system32\cmd.exe[2216] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001003FC 
.text C:\windows\system32\cmd.exe[2216] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00100804 
.text C:\windows\system32\cmd.exe[2216] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001001F8 
.text C:\windows\system32\cmd.exe[2216] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00100600 
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2268] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\aestsrv.exe[2356] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\aestsrv.exe[2356] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\aestsrv.exe[2356] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[2368] KERNEL32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2384] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000A03FC 
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2384] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000A01F8 
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2384] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2384] USER32.dll!UnhookWindowsHookEx  7722CC7B 5 Bytes JMP 00140A08 
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2384] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001403FC 
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2384] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00140804 
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2384] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001401F8 
.text C:\Program Files\LSI SoftModem\agrsmsvc.exe[2384] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00140600 
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2416] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2416] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2416] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2416] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00200A08 
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2416] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002003FC 
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2416] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00200804 
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2416] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002001F8 
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2416] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00200600 
.text C:\ProgramData\DatacardService\DCService.exe[2464] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\ProgramData\DatacardService\DCService.exe[2464] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\ProgramData\DatacardService\DCService.exe[2464] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\ProgramData\DatacardService\DCService.exe[2464] USER32.dll!UnhookWindowsHookEx  7722CC7B 5 Bytes JMP 002F0A08 
.text C:\ProgramData\DatacardService\DCService.exe[2464] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002F03FC 
.text C:\ProgramData\DatacardService\DCService.exe[2464] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 002F0804 
.text C:\ProgramData\DatacardService\DCService.exe[2464] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002F01F8 
.text C:\ProgramData\DatacardService\DCService.exe[2464] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 002F0600 
.text c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe[2500] KERNEL32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe[2592] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe[2592] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe[2592] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2652] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2652] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2652] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2652] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00180A08 
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2652] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001803FC 
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2652] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00180804 
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2652] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001801F8 
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2652] USER32.dll!SetWindowsHookExA  77256DFA 5 Bytes JMP 00180600 
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2684] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2684] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2684] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2684] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00080A08 
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2684] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 000803FC 
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2684] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00080804 
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2684] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 000801F8 
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2684] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00080600 
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2716] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2716] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2716] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2716] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00210A08 
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2716] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002103FC 
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2716] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00210804 
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2716] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002101F8 
.text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2716] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00210600 
.text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe[2748] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe[2748] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe[2748] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe[2748] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00100A08 
.text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe[2748] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001003FC 
.text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe[2748] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00100804 
.text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe[2748] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001001F8 
.text C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe[2748] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00100600 
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00140A08 
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001403FC 
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00140804 
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001401F8 
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[3072] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00140600 
.text C:\windows\system32\svchost.exe[3100] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000A03FC 
.text C:\windows\system32\svchost.exe[3100] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000A01F8 
.text C:\windows\system32\svchost.exe[3100] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3152] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000503FC 
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3152] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000501F8 
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3152] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3152] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00130A08 
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3152] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001303FC 
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3152] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00130804 
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3152] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001301F8 
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3152] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00130600 
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3236] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3236] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3236] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3236] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 001F0A08 
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3236] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001F03FC 
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3236] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 001F0804 
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3236] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001F01F8 
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[3236] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 001F0600 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe[3296] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe[3296] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe[3296] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe[3296] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 001F0A08 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe[3296] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001F03FC 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe[3296] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 001F0804 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe[3296] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001F01F8 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe[3296] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 001F0600 
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3320] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3320] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3320] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3320] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 001A0A08 
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3320] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001A03FC 
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3320] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 001A0804 
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3320] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001A01F8 
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3320] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 001A0600 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe[3332] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe[3332] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe[3332] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe[3332] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00290A08 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe[3332] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002903FC 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe[3332] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00290804 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe[3332] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002901F8 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe[3332] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00290600 
.text C:\windows\system32\svchost.exe[3568] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\system32\svchost.exe[3568] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\system32\svchost.exe[3568] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\svchost.exe[3568] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 001C0A08 
.text C:\windows\system32\svchost.exe[3568] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001C03FC 
.text C:\windows\system32\svchost.exe[3568] USER32.dll!SetWindowsHookExW  7723210A 5 Bytes JMP 001C0804 
.text C:\windows\system32\svchost.exe[3568] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001C01F8 
.text C:\windows\system32\svchost.exe[3568] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 001C0600 
.text C:\windows\system32\wbem\wmiprvse.exe[3580] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\system32\wbem\wmiprvse.exe[3580] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\system32\wbem\wmiprvse.exe[3580] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\wbem\wmiprvse.exe[3580] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00290A08 
.text C:\windows\system32\wbem\wmiprvse.exe[3580] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002903FC 
.text C:\windows\system32\wbem\wmiprvse.exe[3580] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00290804 
.text C:\windows\system32\wbem\wmiprvse.exe[3580] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002901F8 
.text C:\windows\system32\wbem\wmiprvse.exe[3580] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00290600 
.text C:\windows\system32\wbem\wmiprvse.exe[3600] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\system32\wbem\wmiprvse.exe[3600] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\system32\wbem\wmiprvse.exe[3600] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\wbem\wmiprvse.exe[3600] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 000E0A08 
.text C:\windows\system32\wbem\wmiprvse.exe[3600] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 000E03FC 
.text C:\windows\system32\wbem\wmiprvse.exe[3600] USER32.dll!SetWindowsHookExW  7723210A 5 Bytes JMP 000E0804 
.text C:\windows\system32\wbem\wmiprvse.exe[3600] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 000E01F8 
.text C:\windows\system32\wbem\wmiprvse.exe[3600] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 000E0600 
.text C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe[3644] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe[3644] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe[3644] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe[3644] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00200A08 
.text C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe[3644] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002003FC 
.text C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe[3644] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00200804 
.text C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe[3644] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002001F8 
.text C:\Program Files\Hewlett-Packard\HP Connection Manager\SMManager.exe[3644] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00200600 
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3772] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000503FC 
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3772] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000501F8 
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3772] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3772] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00130A08 
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3772] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001303FC 
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3772] USER32.dll!SetWindowsHookExW  7723210A 5 Bytes JMP 00130804 
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3772] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001301F8 
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3772] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00130600 
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3844] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3844] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3844] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3844] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00150A08 
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3844] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001503FC 
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3844] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00150804 
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3844] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001501F8 
.text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3844] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00150600 
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3860] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3860] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3860] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3860] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00110A08 
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3860] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001103FC 
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3860] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00110804 
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3860] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001101F8 
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3860] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00110600 
.text C:\windows\system32\SearchIndexer.exe[4016] ntdll.dll!LdrUnloadDll  7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\system32\SearchIndexer.exe[4016] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\system32\SearchIndexer.exe[4016] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\SearchIndexer.exe[4016] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00190A08 
.text C:\windows\system32\SearchIndexer.exe[4016] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001903FC 
.text C:\windows\system32\SearchIndexer.exe[4016] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00190804 
.text C:\windows\system32\SearchIndexer.exe[4016] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001901F8 
.text C:\windows\system32\SearchIndexer.exe[4016] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00190600 
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4048] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4048] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4048] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4048] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00300A08 
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4048] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 003003FC 
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4048] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00300804 
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4048] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 003001F8 
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4048] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00300600 
.text C:\Program Files\Windows Sidebar\sidebar.exe[4100] ntdll.dll!LdrUnloadDll  7734BEAF 5 Bytes JMP 000603FC 
.text C:\Program Files\Windows Sidebar\sidebar.exe[4100] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\Program Files\Windows Sidebar\sidebar.exe[4100] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4100] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00110A08 
.text C:\Program Files\Windows Sidebar\sidebar.exe[4100] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001103FC 
.text C:\Program Files\Windows Sidebar\sidebar.exe[4100] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00110804 
.text C:\Program Files\Windows Sidebar\sidebar.exe[4100] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001101F8 
.text C:\Program Files\Windows Sidebar\sidebar.exe[4100] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00110600 
.text C:\Users\slawek\AppData\Local\Google\Update\GoogleUpdate.exe[4260] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001703FC 
.text C:\Users\slawek\AppData\Local\Google\Update\GoogleUpdate.exe[4260] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001701F8 
.text C:\Users\slawek\AppData\Local\Google\Update\GoogleUpdate.exe[4260] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Users\slawek\AppData\Local\Google\Update\GoogleUpdate.exe[4260] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00210A08 
.text C:\Users\slawek\AppData\Local\Google\Update\GoogleUpdate.exe[4260] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002103FC 
.text C:\Users\slawek\AppData\Local\Google\Update\GoogleUpdate.exe[4260] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00210804 
.text C:\Users\slawek\AppData\Local\Google\Update\GoogleUpdate.exe[4260] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002101F8 
.text C:\Users\slawek\AppData\Local\Google\Update\GoogleUpdate.exe[4260] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00210600 
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4268] ntdll.dll!LdrUnloadDll  7734BEAF 5 Bytes JMP 001703FC 
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4268] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001701F8 
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4268] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4268] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00200A08 
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4268] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002003FC 
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4268] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00200804 
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4268] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002001F8 
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4268] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00200600 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe[4716] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe[4716] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe[4716] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe[4716] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00470A08 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe[4716] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 004703FC 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe[4716] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00470804 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe[4716] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 004701F8 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe[4716] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00470600 
.text C:\windows\system32\conhost.exe[4724] ntdll.dll!LdrUnloadDll  7734BEAF 5 Bytes JMP 000303FC 
.text C:\windows\system32\conhost.exe[4724] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000301F8 
.text C:\windows\system32\conhost.exe[4724] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\conhost.exe[4724] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 000C0A08 
.text C:\windows\system32\conhost.exe[4724] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 000C03FC 
.text C:\windows\system32\conhost.exe[4724] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 000C0804 
.text C:\windows\system32\conhost.exe[4724] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 000C01F8 
.text C:\windows\system32\conhost.exe[4724] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 000C0600 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe[4792] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe[4792] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe[4792] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe[4792] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00370A08 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe[4792] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 003703FC 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe[4792] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00370804 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe[4792] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 003701F8 
.text c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe[4792] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00370600 
.text C:\windows\system32\conhost.exe[4800] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000303FC 
.text C:\windows\system32\conhost.exe[4800] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000301F8 
.text C:\windows\system32\conhost.exe[4800] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\conhost.exe[4800] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 000C0A08 
.text C:\windows\system32\conhost.exe[4800] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 000C03FC 
.text C:\windows\system32\conhost.exe[4800] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 000C0804 
.text C:\windows\system32\conhost.exe[4800] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 000C01F8 
.text C:\windows\system32\conhost.exe[4800] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 000C0600 
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4888] KERNEL32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4928] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4928] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4928] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4928] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 001F0A08 
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4928] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001F03FC 
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4928] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 001F0804 
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4928] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001F01F8 
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4928] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 001F0600 
.text C:\windows\system32\taskhost.exe[5000] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000503FC 
.text C:\windows\system32\taskhost.exe[5000] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000501F8 
.text C:\windows\system32\taskhost.exe[5000] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\taskhost.exe[5000] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 000E0A08 
.text C:\windows\system32\taskhost.exe[5000] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 000E03FC 
.text C:\windows\system32\taskhost.exe[5000] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 000E0804 
.text C:\windows\system32\taskhost.exe[5000] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 000E01F8 
.text C:\windows\system32\taskhost.exe[5000] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 000E0600 
.text C:\windows\SYSTEM32\WISPTIS.EXE[5152] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\SYSTEM32\WISPTIS.EXE[5152] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\SYSTEM32\WISPTIS.EXE[5152] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\SYSTEM32\WISPTIS.EXE[5152] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00100A08 
.text C:\windows\SYSTEM32\WISPTIS.EXE[5152] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001003FC 
.text C:\windows\SYSTEM32\WISPTIS.EXE[5152] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00100804 
.text C:\windows\SYSTEM32\WISPTIS.EXE[5152] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001001F8 
.text C:\windows\SYSTEM32\WISPTIS.EXE[5152] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00100600 
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[5160] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[5160] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[5160] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[5160] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00130A08 
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[5160] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001303FC 
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[5160] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00130804 
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[5160] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001301F8 
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[5160] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00130600 
.text C:\windows\system32\Dwm.exe[5172] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000A03FC 
.text C:\windows\system32\Dwm.exe[5172] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000A01F8 
.text C:\windows\system32\Dwm.exe[5172] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\Dwm.exe[5172] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 000C0A08 
.text C:\windows\system32\Dwm.exe[5172] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 000C03FC 
.text C:\windows\system32\Dwm.exe[5172] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 000C0804 
.text C:\windows\system32\Dwm.exe[5172] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 000C01F8 
.text C:\windows\system32\Dwm.exe[5172] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 000C0600 
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5180] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5180] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5180] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5180] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 001F0A08 
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5180] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001F03FC 
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5180] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 001F0804 
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5180] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001F01F8 
.text c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[5180] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 001F0600 
.text C:\windows\Explorer.EXE[5284] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\Explorer.EXE[5284] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\Explorer.EXE[5284] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\Explorer.EXE[5284] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00250A08 
.text C:\windows\Explorer.EXE[5284] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002503FC 
.text C:\windows\Explorer.EXE[5284] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00250804 
.text C:\windows\Explorer.EXE[5284] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002501F8 
.text C:\windows\Explorer.EXE[5284] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00250600 
.text C:\Program Files\WTouch\WTouchUser.exe[5304] ntdll.dll!LdrUnloadDll  7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\WTouch\WTouchUser.exe[5304] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\WTouch\WTouchUser.exe[5304] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\WTouch\WTouchUser.exe[5304] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 001F0A08 
.text C:\Program Files\WTouch\WTouchUser.exe[5304] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001F03FC 
.text C:\Program Files\WTouch\WTouchUser.exe[5304] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 001F0804 
.text C:\Program Files\WTouch\WTouchUser.exe[5304] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001F01F8 
.text C:\Program Files\WTouch\WTouchUser.exe[5304] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 001F0600 
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[5496] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[5496] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[5496] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[5496] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00200A08 
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[5496] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002003FC 
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[5496] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00200804 
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[5496] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002001F8 
.text C:\Program Files\DAEMON Tools Lite\DTLite.exe[5496] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00200600 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[5604] ntdll.dll!LdrUnloadDll  7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[5604] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[5604] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[5604] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00200A08 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[5604] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002003FC 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[5604] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00200804 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[5604] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002001F8 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[5604] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00200600 
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5612] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5612] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5612] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5612] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 001F0A08 
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5612] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001F03FC 
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5612] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 001F0804 
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5612] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001F01F8 
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5612] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 001F0600 
.text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe[5624] KERNEL32.dll!GetBinaryTypeW + 70  75B67984 1 Byte [62]
.text C:\ProgramData\DatacardService\DCSHelper.exe[5644] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\ProgramData\DatacardService\DCSHelper.exe[5644] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\ProgramData\DatacardService\DCSHelper.exe[5644] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\ProgramData\DatacardService\DCSHelper.exe[5644] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 001F0A08 
.text C:\ProgramData\DatacardService\DCSHelper.exe[5644] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001F03FC 
.text C:\ProgramData\DatacardService\DCSHelper.exe[5644] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 001F0804 
.text C:\ProgramData\DatacardService\DCSHelper.exe[5644] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001F01F8 
.text C:\ProgramData\DatacardService\DCSHelper.exe[5644] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 001F0600 
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5652] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5652] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5652] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5652] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 001F0A08 
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5652] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001F03FC 
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5652] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 001F0804 
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5652] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001F01F8 
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5652] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 001F0600 
.text C:\Windows\System32\igfxtray.exe[5716] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Windows\System32\igfxtray.exe[5716] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Windows\System32\igfxtray.exe[5716] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[5716] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00200A08 
.text C:\Windows\System32\igfxtray.exe[5716] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002003FC 
.text C:\Windows\System32\igfxtray.exe[5716] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00200804 
.text C:\Windows\System32\igfxtray.exe[5716] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002001F8 
.text C:\Windows\System32\igfxtray.exe[5716] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00200600 
.text C:\Windows\System32\hkcmd.exe[5748] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Windows\System32\hkcmd.exe[5748] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Windows\System32\hkcmd.exe[5748] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[5748] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00200A08 
.text C:\Windows\System32\hkcmd.exe[5748] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002003FC 
.text C:\Windows\System32\hkcmd.exe[5748] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00200804 
.text C:\Windows\System32\hkcmd.exe[5748] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002001F8 
.text C:\Windows\System32\hkcmd.exe[5748] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00200600 
.text C:\Program Files\Common Files\Steam\SteamService.exe[5776] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\Common Files\Steam\SteamService.exe[5776] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\Common Files\Steam\SteamService.exe[5776] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Common Files\Steam\SteamService.exe[5776] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00180A08 
.text C:\Program Files\Common Files\Steam\SteamService.exe[5776] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001803FC 
.text C:\Program Files\Common Files\Steam\SteamService.exe[5776] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00180804 
.text C:\Program Files\Common Files\Steam\SteamService.exe[5776] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001801F8 
.text C:\Program Files\Common Files\Steam\SteamService.exe[5776] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00180600 
.text C:\Windows\System32\igfxpers.exe[5784] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Windows\System32\igfxpers.exe[5784] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Windows\System32\igfxpers.exe[5784] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[5784] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00200A08 
.text C:\Windows\System32\igfxpers.exe[5784] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002003FC 
.text C:\Windows\System32\igfxpers.exe[5784] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00200804 
.text C:\Windows\System32\igfxpers.exe[5784] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002001F8 
.text C:\Windows\System32\igfxpers.exe[5784] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00200600 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5872] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5872] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5872] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5872] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 002F0A08 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5872] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002F03FC 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5872] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 002F0804 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5872] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002F01F8 
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[5872] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 002F0600 
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5908] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5908] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5908] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5908] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00580A08 
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5908] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 005803FC 
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5908] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00580804 
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5908] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 005801F8 
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[5908] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00580600 
.text C:\Program Files\IDT\WDM\sttray.exe[5968] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\IDT\WDM\sttray.exe[5968] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\IDT\WDM\sttray.exe[5968] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\IDT\WDM\sttray.exe[5968] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 001F0A08 
.text C:\Program Files\IDT\WDM\sttray.exe[5968] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001F03FC 
.text C:\Program Files\IDT\WDM\sttray.exe[5968] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 001F0804 
.text C:\Program Files\IDT\WDM\sttray.exe[5968] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001F01F8 
.text C:\Program Files\IDT\WDM\sttray.exe[5968] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 001F0600 
.text C:\windows\system32\igfxsrvc.exe[5976] ntdll.dll!LdrUnloadDll  7734BEAF 5 Bytes JMP 001603FC 
.text C:\windows\system32\igfxsrvc.exe[5976] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\windows\system32\igfxsrvc.exe[5976] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\igfxsrvc.exe[5976] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 001F0A08 
.text C:\windows\system32\igfxsrvc.exe[5976] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001F03FC 
.text C:\windows\system32\igfxsrvc.exe[5976] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 001F0804 
.text C:\windows\system32\igfxsrvc.exe[5976] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001F01F8 
.text C:\windows\system32\igfxsrvc.exe[5976] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 001F0600 
.text C:\windows\system32\conhost.exe[6000] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000303FC 
.text C:\windows\system32\conhost.exe[6000] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000301F8 
.text C:\windows\system32\conhost.exe[6000] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\system32\conhost.exe[6000] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 000C0A08 
.text C:\windows\system32\conhost.exe[6000] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 000C03FC 
.text C:\windows\system32\conhost.exe[6000] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 000C0804 
.text C:\windows\system32\conhost.exe[6000] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 000C01F8 
.text C:\windows\system32\conhost.exe[6000] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 000C0600 
.text C:\Windows\snuvcdsm.exe[6088] ntdll.dll!LdrUnloadDll  7734BEAF 5 Bytes JMP 001603FC 
.text C:\Windows\snuvcdsm.exe[6088] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Windows\snuvcdsm.exe[6088] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Windows\snuvcdsm.exe[6088] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00180A08 
.text C:\Windows\snuvcdsm.exe[6088] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001803FC 
.text C:\Windows\snuvcdsm.exe[6088] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00180804 
.text C:\Windows\snuvcdsm.exe[6088] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001801F8 
.text C:\Windows\snuvcdsm.exe[6088] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00180600 
.text C:\Program Files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe[6104] KERNEL32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6272] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6272] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6272] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6272] USER32.dll!SetWindowLongA 7722B1E3 5 Bytes JMP 5A37A800 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6272] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00190A08 
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6272] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001903FC 
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6272] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00190804 
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6272] USER32.dll!SetWinEventHook  7723507E 5 Bytes JMP 001901F8 
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6272] USER32.dll!SetWindowLongW 77236614 5 Bytes JMP 5A37A792 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6272] USER32.dll!GetWindowInfo 77236A82 5 Bytes JMP 5A18229C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6272] USER32.dll!TrackPopupMenu 77254B3B 5 Bytes JMP 5A182861 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6272] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00190600 
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[6276] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[6276] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[6276] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[6276] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 003F0A08 
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[6276] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 003F03FC 
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[6276] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 003F0804 
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[6276] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 003F01F8 
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[6276] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 003F0600 
.text C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe[6396] KERNEL32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[6400] KERNEL32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6440] KERNEL32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[6456] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[6456] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[6456] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[6456] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00300A08 
.text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[6456] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 003003FC 
.text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[6456] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00300804 
.text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[6456] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 003001F8 
.text C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe[6456] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00300600 
.text C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6484] KERNEL32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6792] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6792] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6792] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6792] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00100A08 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6792] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001003FC 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6792] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00100804 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6792] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001001F8 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6792] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00100600 
.text C:\windows\System32\svchost.exe[6980] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\windows\System32\svchost.exe[6980] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\windows\System32\svchost.exe[6980] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\windows\System32\svchost.exe[6980] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00150A08 
.text C:\windows\System32\svchost.exe[6980] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001503FC 
.text C:\windows\System32\svchost.exe[6980] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00150804 
.text C:\windows\System32\svchost.exe[6980] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001501F8 
.text C:\windows\System32\svchost.exe[6980] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00150600 
.text C:\Program Files\Steam\Steam.exe[7300] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\Steam\Steam.exe[7300] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\Steam\Steam.exe[7300] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Steam\Steam.exe[7300] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 001F0A08 
.text C:\Program Files\Steam\Steam.exe[7300] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 001F03FC 
.text C:\Program Files\Steam\Steam.exe[7300] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 001F0804 
.text C:\Program Files\Steam\Steam.exe[7300] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 001F01F8 
.text C:\Program Files\Steam\Steam.exe[7300] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 001F0600 
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[7340] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[7340] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[7340] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[7340] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 002F0A08 
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[7340] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002F03FC 
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[7340] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 002F0804 
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[7340] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002F01F8 
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[7340] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 002F0600 
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7488] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 000603FC 
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7488] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 000601F8 
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7488] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7488] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00080A08 
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7488] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 000803FC 
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7488] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00080804 
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7488] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 000801F8 
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[7488] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00080600 
.text C:\Users\slawek\Downloads\c14ibz9g.exe[7524] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Users\slawek\Downloads\c14ibz9g.exe[7524] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Users\slawek\Downloads\c14ibz9g.exe[7524] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Users\slawek\Downloads\c14ibz9g.exe[7524] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00210A08 
.text C:\Users\slawek\Downloads\c14ibz9g.exe[7524] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 002103FC 
.text C:\Users\slawek\Downloads\c14ibz9g.exe[7524] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00210804 
.text C:\Users\slawek\Downloads\c14ibz9g.exe[7524] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 002101F8 
.text C:\Users\slawek\Downloads\c14ibz9g.exe[7524] USER32.dll!SetWindowsHookExA 77256DFA 5 Bytes JMP 00210600 
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7624] ntdll.dll!LdrUnloadDll 7734BEAF 5 Bytes JMP 001603FC 
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7624] ntdll.dll!LdrLoadDll 7734F5B5 5 Bytes JMP 001601F8 
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7624] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7624] USER32.dll!UnhookWindowsHookEx 7722CC7B 5 Bytes JMP 00340A08 
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7624] USER32.dll!UnhookWinEvent 7722D924 5 Bytes JMP 003403FC 
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7624] USER32.dll!SetWindowsHookExW 7723210A 5 Bytes JMP 00340804 
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7624] USER32.dll!SetWinEventHook 7723507E 5 Bytes JMP 003401F8 
.text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7624] USER32.dll!SetWindowsHookExA  77256DFA 5 Bytes JMP 00340600 
.text C:\windows\system32\AUDIODG.EXE[7900] kernel32.dll!GetBinaryTypeW + 70 75B67984 1 Byte [62]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8BA3671C] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8BA36F0E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8BA3722E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8BA370EC] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8BA36910] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [920FC100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [920FB90E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [920FA06C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [920FBAB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [920FBAB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [920FC100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [920FB90E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [920FA06C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [920FBAB8] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [920FA06C] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [920FC100] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [920FB90E] \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\windows\Explorer.EXE[5284] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73DD2494] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5284] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73DB5624] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5284] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73DB56E2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5284] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [73DD250F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5284] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73DC8573] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5284] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73DC4D27] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5284] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73DC50CE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5284] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73DC51A3] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5284] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73DC66D0] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5284] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73DC82CA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5284] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73DC8819] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5284] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73DC907A] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5284] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73DCE21D] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[5284] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73DC4C59] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86DED1E8
Device \FileSystem\fastfat \FatCdrom 881851E8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-0 880C71E8
Device \Driver\usbehci \Device\USBPDO-1 880C71E8
Device \Driver\PCI_PNP1445 \Device\000000a0 sptd.sys

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{BF8C3EE3-93D2-4438-974E-80FE5C392990} 87CCF1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F491F92D-0F6E-45A5-9A24-6DD0DF4C4FB4} 87CCF1E8
Device \Driver\cdrom \Device\CdRom0 89B8D1E8
Device \Driver\iaStor \Device\Ide\iaStor0 [8BF61770] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 86DD31E8
Device \Driver\atapi \Device\Ide\IdePort1 86DD31E8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8BF61770] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 89B8D1E8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBt_Wins_Export 87CCF1E8
Device \Driver\ACPI_HAL \Device\00000084 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbehci \Device\USBFDO-0 880C71E8
Device \Driver\usbehci \Device\USBFDO-1 880C71E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{A2224DE7-1B1D-44E6-B695-CA213496BD45} 87CCF1E8
Device \Driver\a3ug2g7z \Device\Scsi\a3ug2g7z1Port3Path0Target1Lun0 881E01E8
Device \Driver\a3ug2g7z \Device\Scsi\a3ug2g7z1 881E01E8
Device \FileSystem\fastfat \Fat 881851E8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd509261 
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3959ed22c 
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC 
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0xD0 0xA6 0xDA 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xB6 0xD6 0xC8 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x2B 0x06 0x43 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xBA 0xE5 0xA7 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd509261 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3959ed22c (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x81 0xCE 0x69 0xB7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xB6 0xD6 0xC8 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x2B 0x06 0x43 0x1D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xBA 0xE5 0xA7 0x37 ...

---- EOF - GMER 1.0.15 ----


----------



## etaf (Oct 2, 2003)

i will move to the virus forum

did you try the reset if so post results and post ipconfig /all results 

thanks 

it may take 48 hours for a virus guru to reply if you have no reply in that time = post a reply with the word "bump" here yourself to bring the thread back to the top of the forum


----------



## kremkrem (Oct 7, 2011)

Resetting, copy from command line (I know, second was mistyped):

C:\windows\system32>netsh winsock reset catalog

Pomyślnie zresetowano Winsock Catalog.
Musisz ponownie uruchomić komputer, aby ukończyć resetowanie.

C:\windows\system32>netsh ipv4 reset reset.log
Nie znaleziono następującego polecenia: ipv4 reset reset.log.

C:\windows\system32>netsh int ipv4 reset reset.log
Resetowanie Interfejs - OK!
Do ukończenia tej akcji wymagane jest ponowne uruchomienie komputera.

C:\windows\system32>netsh int ipv6 reset reset.log
Brak ustawień określonych przez użytkownika do zresetowania.

C:\windows\system32>

Gonna reboot and post ipconfig /all


> *Edited by moderator - ETAF to show in english - that all worked ok >*
> Resetting, copy from the command line (I know, you mistyped second):
> 
> C: \ WINDOWS \ system32> netsh winsock reset catalog
> ...


----------



## kevinf80 (Mar 21, 2006)

Hiya kremkrem,

*Please read carefully and follow these steps.*

Download *TDSSKiller* and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on *TDSSKiller.exe* to run the application, then on *Start Scan.*










If an infected file is detected, the default action will be *Cure*, click on *Continue.*










If a suspicious file is detected, the default action will be *Skip*, click on *Continue.*










It may ask you to reboot the computer to complete the process. Click on *Reboot Now*.










If no reboot is require, click on *Report*. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.

Next,








Please download *Malwarebytes* Anti-Malware and save it to your desktop.
*Alernative D/L mirror*
*Alternative D/L mirror*

Double Click mbam-setup.exe to install the application.

 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let me see the two produced logs....

Kevin


----------



## kremkrem (Oct 7, 2011)

TDSS Killer tells me that nothing needs deleting, but there are two suspicious (but not malicious) things: sptd and SafeBoot. No log produced.

However, mbam found 6 intruders. Here goes log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Wersja bazy: 7900

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2011-10-08 15:58:02
mbam-log-2011-10-08 (15-58-02).txt

Typ skanowania: Szybkie skanowanie
Przeskanowano obiektów: 171260
Upłynęło: 7 minut, 55 sekund

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 6
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 0

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C900B400-CDFE-11D3-976A-00E02913A9E0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C900B400-CDFE-11D3-976A-00E02913A9E0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0} (Adware.WebHancer) -> Quarantined and deleted successfully.

Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
(Nie znaleziono zagrożeń)

Sorry, but I had no linguistic options .
That's all for now, gonna reboot and retry.

=======================================
Not a change. Any more ideas?


----------



## kevinf80 (Mar 21, 2006)

Ok nadal w następujący sposób

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

*Link 1*
*Link 2*


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available *Here* if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available *Here* if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read *Here* why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log from Combofix in next reply please...

Also check here C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b]". for TDSSKiller log

Kevin

Kevin


----------



## kremkrem (Oct 7, 2011)

Got the combofix, gonna execute it in minutes.
Meanwhile, I've found a log from TDSS:

16:00:24.0241 3724 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
16:00:24.0389 3724 ============================================================
16:00:24.0389 3724 Current date / time: 2011/10/08 16:00:24.0389
16:00:24.0389 3724 SystemInfo:
16:00:24.0389 3724 
16:00:24.0389 3724 OS Version: 6.1.7600 ServicePack: 0.0
16:00:24.0389 3724 Product type: Workstation
16:00:24.0389 3724 ComputerName: SLAWEK-HP
16:00:24.0390 3724 UserName: slawek
16:00:24.0390 3724 Windows directory: C:\windows
16:00:24.0390 3724 System windows directory: C:\windows
16:00:24.0390 3724 Processor architecture: Intel x86
16:00:24.0390 3724 Number of processors: 4
16:00:24.0390 3724 Page size: 0x1000
16:00:24.0390 3724 Boot type: Normal boot
16:00:24.0390 3724 ============================================================
16:00:24.0918 3724 Initialize success
16:00:29.0794 6640 ============================================================
16:00:29.0794 6640 Scan started
16:00:29.0794 6640 Mode: Manual; 
16:00:29.0794 6640 ============================================================
16:00:30.0573 6640 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
16:00:30.0575 6640 1394ohci - ok
16:00:30.0634 6640 Accelerometer  (4df5e6215a102a192b2b6dbb61f2fba5) C:\windows\system32\DRIVERS\Accelerometer.sys
16:00:30.0635 6640 Accelerometer - ok
16:00:30.0673 6640 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
16:00:30.0675 6640 ACPI - ok
16:00:30.0706 6640 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
16:00:30.0707 6640 AcpiPmi - ok
16:00:30.0747 6640 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
16:00:30.0749 6640 adp94xx - ok
16:00:30.0780 6640 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
16:00:30.0782 6640 adpahci - ok
16:00:30.0810 6640 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
16:00:30.0811 6640 adpu320 - ok
16:00:30.0877 6640 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
16:00:30.0879 6640 AFD - ok
16:00:30.0965 6640 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
16:00:30.0971 6640 AgereSoftModem - ok
16:00:31.0089 6640 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
16:00:31.0090 6640 agp440 - ok
16:00:31.0123 6640 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
16:00:31.0124 6640 aic78xx - ok
16:00:31.0178 6640 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
16:00:31.0179 6640 aliide - ok
16:00:31.0210 6640 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
16:00:31.0211 6640 amdagp - ok
16:00:31.0240 6640 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
16:00:31.0241 6640 amdide - ok
16:00:31.0283 6640 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
16:00:31.0284 6640 AmdK8 - ok
16:00:31.0293 6640 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
16:00:31.0294 6640 AmdPPM - ok
16:00:31.0325 6640 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
16:00:31.0326 6640 amdsata - ok
16:00:31.0349 6640 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
16:00:31.0350 6640 amdsbs - ok
16:00:31.0389 6640 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
16:00:31.0390 6640 amdxata - ok
16:00:31.0432 6640 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
16:00:31.0433 6640 AppID - ok
16:00:31.0488 6640 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
16:00:31.0490 6640 arc - ok
16:00:31.0507 6640 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
16:00:31.0508 6640 arcsas - ok
16:00:31.0651 6640 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\windows\system32\drivers\aswFsBlk.sys
16:00:31.0652 6640 aswFsBlk - ok
16:00:31.0695 6640 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\windows\system32\drivers\aswMonFlt.sys
16:00:31.0695 6640 aswMonFlt - ok
16:00:31.0721 6640 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\windows\system32\drivers\aswRdr.sys
16:00:31.0722 6640 aswRdr - ok
16:00:31.0774 6640 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\windows\system32\drivers\aswSnx.sys
16:00:31.0776 6640 aswSnx - ok
16:00:31.0804 6640 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\windows\system32\drivers\aswSP.sys
16:00:31.0807 6640 aswSP - ok
16:00:31.0836 6640 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\windows\system32\drivers\aswTdi.sys
16:00:31.0837 6640 aswTdi - ok
16:00:31.0861 6640 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
16:00:31.0862 6640 AsyncMac - ok
16:00:31.0905 6640 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
16:00:31.0905 6640 atapi - ok
16:00:31.0948 6640 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
16:00:31.0951 6640 b06bdrv - ok
16:00:31.0998 6640 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
16:00:32.0000 6640 b57nd60x - ok
16:00:32.0032 6640 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
16:00:32.0033 6640 Beep - ok
16:00:32.0135 6640 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
16:00:32.0136 6640 blbdrive - ok
16:00:32.0168 6640 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
16:00:32.0170 6640 bowser - ok
16:00:32.0210 6640 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
16:00:32.0211 6640 BrFiltLo - ok
16:00:32.0233 6640 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
16:00:32.0234 6640 BrFiltUp - ok
16:00:32.0262 6640 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
16:00:32.0264 6640 Brserid - ok
16:00:32.0287 6640 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
16:00:32.0288 6640 BrSerWdm - ok
16:00:32.0297 6640 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
16:00:32.0298 6640 BrUsbMdm - ok
16:00:32.0330 6640 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
16:00:32.0331 6640 BrUsbSer - ok
16:00:32.0352 6640 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
16:00:32.0353 6640 BthEnum - ok
16:00:32.0379 6640 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
16:00:32.0380 6640 BTHMODEM - ok
16:00:32.0401 6640 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
16:00:32.0402 6640 BthPan - ok
16:00:32.0485 6640 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
16:00:32.0488 6640 BTHPORT - ok
16:00:32.0526 6640 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
16:00:32.0527 6640 BTHUSB - ok
16:00:32.0564 6640 btwaudio (7e826be3b3558208d5c9b00034e51be5) C:\windows\system32\drivers\btwaudio.sys
16:00:32.0566 6640 btwaudio - ok
16:00:32.0620 6640 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\windows\system32\drivers\btwavdt.sys
16:00:32.0621 6640 btwavdt - ok
16:00:32.0707 6640 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
16:00:32.0707 6640 btwl2cap - ok
16:00:32.0724 6640 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\windows\system32\DRIVERS\btwrchid.sys
16:00:32.0725 6640 btwrchid - ok
16:00:32.0769 6640 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
16:00:32.0770 6640 cdfs - ok
16:00:32.0813 6640 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
16:00:32.0814 6640 cdrom - ok
16:00:32.0849 6640 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
16:00:32.0850 6640 circlass - ok
16:00:32.0902 6640 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
16:00:32.0905 6640 CLFS - ok
16:00:32.0919 6640 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
16:00:32.0920 6640 CmBatt - ok
16:00:32.0947 6640 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
16:00:32.0948 6640 cmdide - ok
16:00:32.0988 6640 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
16:00:32.0991 6640 CNG - ok
16:00:33.0033 6640 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
16:00:33.0034 6640 Compbatt - ok
16:00:33.0077 6640 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
16:00:33.0078 6640 CompositeBus - ok
16:00:33.0140 6640 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
16:00:33.0141 6640 crcdisk - ok
16:00:33.0208 6640 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\windows\system32\drivers\csc.sys
16:00:33.0211 6640 CSC - ok
16:00:33.0341 6640 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
16:00:33.0342 6640 DfsC - ok
16:00:33.0380 6640 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
16:00:33.0381 6640 discache - ok
16:00:33.0408 6640 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
16:00:33.0409 6640 Disk - ok
16:00:33.0468 6640 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
16:00:33.0469 6640 drmkaud - ok
16:00:33.0536 6640 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\windows\system32\DRIVERS\dtsoftbus01.sys
16:00:33.0538 6640 dtsoftbus01 - ok
16:00:33.0600 6640 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
16:00:33.0605 6640 DXGKrnl - ok
16:00:33.0651 6640 e1kexpress (3d042b4c6fdde698a3d6bd0b6191c92f) C:\windows\system32\DRIVERS\e1k6232.sys
16:00:33.0653 6640 e1kexpress - ok
16:00:33.0665 6640 EagleNT - ok
16:00:33.0801 6640 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
16:00:33.0817 6640 ebdrv - ok
16:00:34.0019 6640 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
16:00:34.0024 6640 elxstor - ok
16:00:34.0058 6640 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
16:00:34.0059 6640 ErrDev - ok
16:00:34.0166 6640 ewusbnet (aba5756393410ec871d803d8d1b12fcd) C:\windows\system32\DRIVERS\ewusbnet.sys
16:00:34.0169 6640 ewusbnet - ok
16:00:34.0238 6640 ew_hwusbdev (e98a64c7f106740a38fb2b78197816f8) C:\windows\system32\DRIVERS\ew_hwusbdev.sys
16:00:34.0240 6640 ew_hwusbdev - ok
16:00:34.0291 6640 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
16:00:34.0294 6640 exfat - ok
16:00:34.0325 6640 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
16:00:34.0328 6640 fastfat - ok
16:00:34.0363 6640 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
16:00:34.0365 6640 fdc - ok
16:00:34.0604 6640 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
16:00:34.0606 6640 FileInfo - ok
16:00:34.0660 6640 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
16:00:34.0662 6640 Filetrace - ok
16:00:34.0700 6640 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
16:00:34.0702 6640 flpydisk - ok
16:00:34.0750 6640 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
16:00:34.0753 6640 FltMgr - ok
16:00:34.0794 6640 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
16:00:34.0796 6640 FsDepends - ok
16:00:34.0831 6640 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
16:00:34.0833 6640 Fs_Rec - ok
16:00:34.0911 6640 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
16:00:34.0914 6640 fvevol - ok
16:00:34.0953 6640 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
16:00:34.0955 6640 gagp30kx - ok
16:00:35.0035 6640 giveio (77ebf3e9386daa51551af429052d88d0) C:\windows\system32\giveio.sys
16:00:35.0037 6640 giveio - ok
16:00:35.0141 6640 hamachi (833051c6c6c42117191935f734cfbd97) C:\windows\system32\DRIVERS\hamachi.sys
16:00:35.0143 6640 hamachi - ok
16:00:35.0199 6640 HBtnKey (7dad592a4d28092d584cfb4deef1373d) C:\windows\system32\DRIVERS\cpqbttn.sys
16:00:35.0200 6640 HBtnKey - ok
16:00:35.0269 6640 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
16:00:35.0270 6640 hcw85cir - ok
16:00:35.0327 6640 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
16:00:35.0330 6640 HdAudAddService - ok
16:00:35.0363 6640 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
16:00:35.0364 6640 HDAudBus - ok
16:00:35.0388 6640 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
16:00:35.0389 6640 HECI - ok
16:00:35.0406 6640 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
16:00:35.0409 6640 HidBatt - ok
16:00:35.0455 6640 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
16:00:35.0457 6640 HidBth - ok
16:00:35.0528 6640 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
16:00:35.0529 6640 HidIr - ok
16:00:35.0558 6640 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
16:00:35.0558 6640 HidUsb - ok
16:00:35.0649 6640 hpdskflt (e1d82f0c8456abb03b7df5d623ca47d1) C:\windows\system32\DRIVERS\hpdskflt.sys
16:00:35.0650 6640 hpdskflt - ok
16:00:35.0688 6640 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
16:00:35.0689 6640 HpqKbFiltr - ok
16:00:35.0732 6640 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
16:00:35.0734 6640 HpSAMD - ok
16:00:35.0801 6640 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
16:00:35.0805 6640 HTTP - ok
16:00:35.0948 6640 huawei_enumerator (bb3c8e4b88842f3a1b9c5d603210c277) C:\windows\system32\DRIVERS\ew_jubusenum.sys
16:00:35.0949 6640 huawei_enumerator - ok
16:00:35.0993 6640 hwdatacard (0b3957226ec94b1ecb7b9348bb535a23) C:\windows\system32\DRIVERS\ewusbmdm.sys
16:00:35.0994 6640 hwdatacard - ok
16:00:36.0043 6640 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
16:00:36.0044 6640 hwpolicy - ok
16:00:36.0101 6640 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
16:00:36.0102 6640 i8042prt - ok
16:00:36.0159 6640 iaStor (592a0b130ff567a1725f96ad1510d551) C:\windows\system32\DRIVERS\iaStor.sys
16:00:36.0161 6640 iaStor - ok
16:00:36.0206 6640 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
16:00:36.0210 6640 iaStorV - ok
16:00:36.0386 6640 igfx (4ee7874572a515d112d2f35112f5ad41) C:\windows\system32\DRIVERS\igdkmd32.sys
16:00:36.0416 6640 igfx - ok
16:00:36.0604 6640 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
16:00:36.0606 6640 iirsp - ok
16:00:36.0672 6640 Impcd (1e8154841a0a24d6b38778f07831a82b) C:\windows\system32\DRIVERS\Impcd.sys
16:00:36.0675 6640 Impcd - ok
16:00:36.0718 6640 IntcDAud (2d79c681ce6d53a0c6c725a84594df4c) C:\windows\system32\DRIVERS\IntcDAud.sys
16:00:36.0719 6640 IntcDAud - ok
16:00:36.0762 6640 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
16:00:36.0763 6640 intelide - ok
16:00:36.0806 6640 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
16:00:36.0808 6640 intelppm - ok
16:00:36.0843 6640 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:00:36.0844 6640 IpFilterDriver - ok
16:00:36.0887 6640 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
16:00:36.0889 6640 IPMIDRV - ok
16:00:36.0917 6640 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
16:00:36.0919 6640 IPNAT - ok
16:00:36.0973 6640 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
16:00:36.0975 6640 IRENUM - ok
16:00:37.0039 6640 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
16:00:37.0041 6640 isapnp - ok
16:00:37.0141 6640 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
16:00:37.0143 6640 iScsiPrt - ok
16:00:37.0152 6640 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
16:00:37.0153 6640 kbdclass - ok
16:00:37.0177 6640 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
16:00:37.0178 6640 kbdhid - ok
16:00:37.0201 6640 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
16:00:37.0202 6640 KSecDD - ok
16:00:37.0248 6640 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
16:00:37.0250 6640 KSecPkg - ok
16:00:37.0289 6640 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
16:00:37.0290 6640 lltdio - ok
16:00:37.0312 6640 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
16:00:37.0313 6640 LSI_FC - ok
16:00:37.0353 6640 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
16:00:37.0355 6640 LSI_SAS - ok
16:00:37.0380 6640 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
16:00:37.0381 6640 LSI_SAS2 - ok
16:00:37.0562 6640 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
16:00:37.0563 6640 LSI_SCSI - ok
16:00:37.0587 6640 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
16:00:37.0588 6640 luafv - ok
16:00:37.0675 6640 MBAMSwissArmy - ok
16:00:37.0713 6640 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
16:00:37.0714 6640 megasas - ok
16:00:37.0742 6640 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
16:00:37.0744 6640 MegaSR - ok
16:00:37.0887 6640 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
16:00:37.0888 6640 Modem - ok
16:00:37.0912 6640 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
16:00:37.0913 6640 monitor - ok
16:00:37.0962 6640 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
16:00:37.0963 6640 mouclass - ok
16:00:38.0001 6640 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
16:00:38.0002 6640 mouhid - ok
16:00:38.0040 6640 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
16:00:38.0042 6640 mountmgr - ok
16:00:38.0087 6640 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
16:00:38.0089 6640 mpio - ok
16:00:38.0132 6640 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
16:00:38.0134 6640 mpsdrv - ok
16:00:38.0167 6640 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
16:00:38.0168 6640 MRxDAV - ok
16:00:38.0236 6640 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys
16:00:38.0238 6640 mrxsmb - ok
16:00:38.0296 6640 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:00:38.0299 6640 mrxsmb10 - ok
16:00:38.0327 6640 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:00:38.0329 6640 mrxsmb20 - ok
16:00:38.0465 6640 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
16:00:38.0466 6640 msahci - ok
16:00:38.0510 6640 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
16:00:38.0511 6640 msdsm - ok
16:00:38.0568 6640 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
16:00:38.0569 6640 Msfs - ok
16:00:38.0597 6640 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
16:00:38.0598 6640 mshidkmdf - ok
16:00:38.0656 6640 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
16:00:38.0657 6640 msisadrv - ok
16:00:38.0691 6640 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
16:00:38.0692 6640 MSKSSRV - ok
16:00:38.0727 6640 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
16:00:38.0728 6640 MSPCLOCK - ok
16:00:38.0745 6640 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
16:00:38.0746 6640 MSPQM - ok
16:00:38.0768 6640 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
16:00:38.0770 6640 MsRPC - ok
16:00:38.0810 6640 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
16:00:38.0812 6640 mssmbios - ok
16:00:38.0951 6640 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
16:00:38.0953 6640 MSTEE - ok
16:00:39.0039 6640 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
16:00:39.0040 6640 MTConfig - ok
16:00:39.0085 6640 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
16:00:39.0088 6640 Mup - ok
16:00:39.0150 6640 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
16:00:39.0155 6640 NativeWifiP - ok
16:00:39.0228 6640 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
16:00:39.0232 6640 NDIS - ok
16:00:39.0254 6640 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
16:00:39.0255 6640 NdisCap - ok
16:00:39.0289 6640 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
16:00:39.0290 6640 NdisTapi - ok
16:00:39.0357 6640 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
16:00:39.0358 6640 Ndisuio - ok
16:00:39.0408 6640 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
16:00:39.0410 6640 NdisWan - ok
16:00:39.0548 6640 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
16:00:39.0550 6640 NDProxy - ok
16:00:39.0585 6640 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
16:00:39.0587 6640 NetBIOS - ok
16:00:39.0613 6640 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
16:00:39.0615 6640 NetBT - ok
16:00:40.0052 6640 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\windows\system32\DRIVERS\NETw5s32.sys
16:00:40.0093 6640 NETw5s32 - ok
16:00:40.0244 6640 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
16:00:40.0245 6640 nfrd960 - ok
16:00:40.0289 6640 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\windows\system32\drivers\npf.sys
16:00:40.0290 6640 NPF - ok
16:00:40.0326 6640 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
16:00:40.0327 6640 Npfs - ok
16:00:40.0361 6640 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
16:00:40.0362 6640 nsiproxy - ok
16:00:40.0500 6640 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
16:00:40.0516 6640 Ntfs - ok
16:00:40.0550 6640 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
16:00:40.0551 6640 Null - ok
16:00:40.0597 6640 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
16:00:40.0599 6640 nvraid - ok
16:00:40.0716 6640 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
16:00:40.0718 6640 nvstor - ok
16:00:40.0759 6640 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
16:00:40.0760 6640 nv_agp - ok
16:00:40.0833 6640 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
16:00:40.0834 6640 ohci1394 - ok
16:00:40.0907 6640 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
16:00:40.0909 6640 Parport - ok
16:00:40.0984 6640 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
16:00:40.0985 6640 partmgr - ok
16:00:41.0007 6640 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
16:00:41.0008 6640 Parvdm - ok
16:00:41.0037 6640 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
16:00:41.0039 6640 pci - ok
16:00:41.0088 6640 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
16:00:41.0089 6640 pciide - ok
16:00:41.0245 6640 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
16:00:41.0247 6640 pcmcia - ok
16:00:41.0261 6640 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
16:00:41.0263 6640 pcw - ok
16:00:41.0298 6640 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
16:00:41.0302 6640 PEAUTH - ok
16:00:41.0372 6640 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
16:00:41.0373 6640 PptpMiniport - ok
16:00:41.0394 6640 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
16:00:41.0395 6640 Processor - ok
16:00:41.0440 6640 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
16:00:41.0441 6640 Psched - ok
16:00:41.0483 6640 qcfilterhp2k (9f9f6f299aaa4728a29536da2073121b) C:\windows\system32\DRIVERS\qcfilterhp2k.sys
16:00:41.0484 6640 qcfilterhp2k - ok
16:00:41.0772 6640 qcusbnethp2k (c01626b34bbd466d304938864aa504e7) C:\windows\system32\DRIVERS\qcusbnethp2k.sys
16:00:41.0773 6640 qcusbnethp2k - ok
16:00:41.0883 6640 qcusbserhp2k (fda379f6c51b8a5dce95d108369ff137) C:\windows\system32\DRIVERS\qcusbserhp2k.sys
16:00:41.0886 6640 qcusbserhp2k - ok
16:00:41.0994 6640 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
16:00:42.0004 6640 ql2300 - ok
16:00:42.0099 6640 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
16:00:42.0101 6640 ql40xx - ok
16:00:42.0149 6640 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
16:00:42.0152 6640 QWAVEdrv - ok
16:00:42.0189 6640 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
16:00:42.0191 6640 RasAcd - ok
16:00:42.0236 6640 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
16:00:42.0237 6640 RasAgileVpn - ok
16:00:42.0389 6640 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
16:00:42.0393 6640 Rasl2tp - ok
16:00:42.0437 6640 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
16:00:42.0439 6640 RasPppoe - ok
16:00:42.0460 6640 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
16:00:42.0461 6640 RasSstp - ok
16:00:42.0491 6640 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
16:00:42.0494 6640 rdbss - ok
16:00:42.0544 6640 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
16:00:42.0546 6640 rdpbus - ok
16:00:42.0590 6640 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
16:00:42.0592 6640 RDPCDD - ok
16:00:42.0679 6640 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\windows\system32\drivers\rdpdr.sys
16:00:42.0681 6640 RDPDR - ok
16:00:42.0719 6640 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
16:00:42.0721 6640 RDPENCDD - ok
16:00:42.0746 6640 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
16:00:42.0747 6640 RDPREFMP - ok
16:00:42.0783 6640 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
16:00:42.0785 6640 RDPWD - ok
16:00:43.0012 6640 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
16:00:43.0015 6640 rdyboost - ok
16:00:43.0076 6640 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
16:00:43.0080 6640 RFCOMM - ok
16:00:43.0159 6640 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\windows\system32\DRIVERS\rimmptsk.sys
16:00:43.0161 6640 rimmptsk - ok
16:00:43.0195 6640 rimspci (e891f07815af88075705ef6a248711f6) C:\windows\system32\DRIVERS\rimspe86.sys
16:00:43.0197 6640 rimspci - ok
16:00:43.0254 6640 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\windows\system32\DRIVERS\rimsptsk.sys
16:00:43.0256 6640 rimsptsk - ok
16:00:43.0406 6640 risdpcie (d853d35f792a3a44726a794bf9a0bbc3) C:\windows\system32\DRIVERS\risdpe86.sys
16:00:43.0408 6640 risdpcie - ok
16:00:43.0468 6640 rismc32 (470fc46e2989f6606043c1c5365b15fd) C:\windows\system32\DRIVERS\rismc32.sys
16:00:43.0470 6640 rismc32 - ok
16:00:43.0510 6640 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\windows\system32\DRIVERS\rixdptsk.sys
16:00:43.0511 6640 rismxdp - ok
16:00:43.0543 6640 rixdpcie (cf2de2365fd99e5b8e38c9f3467dcdb8) C:\windows\system32\DRIVERS\rixdpe86.sys
16:00:43.0544 6640 rixdpcie - ok
16:00:43.0602 6640 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
16:00:43.0604 6640 rspndr - ok
16:00:43.0640 6640 RsvLock (98872dd0c249ae2314e35644498a37b7) C:\windows\system32\drivers\RsvLock.sys
16:00:43.0641 6640 RsvLock - ok
16:00:43.0676 6640 s3cap (5423d8437051e89dd34749f242c98648) C:\windows\system32\DRIVERS\vms3cap.sys
16:00:43.0677 6640 s3cap - ok
16:00:43.0708 6640 SafeBoot (f3aadd30da4830df3a785da82b7d125a) C:\windows\system32\drivers\SafeBoot.sys
16:00:43.0708 6640 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: f3aadd30da4830df3a785da82b7d125a
16:00:43.0712 6640 SafeBoot ( LockedFile.Multi.Generic ) - warning
16:00:43.0712 6640 SafeBoot - detected LockedFile.Multi.Generic (1)
16:00:43.0856 6640 SbAlg (c344e569f59cf5ab42bb1bd9bc8c61bc) C:\windows\system32\drivers\SbAlg.sys
16:00:43.0858 6640 SbAlg - ok
16:00:43.0903 6640 SbFsLock (b7cddf87da5cd335482653f23b61a870) C:\windows\system32\drivers\SbFsLock.sys
16:00:43.0904 6640 SbFsLock - ok
16:00:43.0924 6640 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
16:00:43.0925 6640 sbp2port - ok
16:00:43.0940 6640 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
16:00:43.0942 6640 scfilter - ok
16:00:43.0990 6640 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\windows\system32\DRIVERS\sdbus.sys
16:00:43.0991 6640 sdbus - ok
16:00:44.0063 6640 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
16:00:44.0064 6640 secdrv - ok
16:00:44.0130 6640 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
16:00:44.0131 6640 Serenum - ok
16:00:44.0173 6640 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
16:00:44.0175 6640 Serial - ok
16:00:44.0226 6640 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
16:00:44.0227 6640 sermouse - ok
16:00:44.0455 6640 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
16:00:44.0456 6640 sffdisk - ok
16:00:44.0480 6640 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
16:00:44.0482 6640 sffp_mmc - ok
16:00:44.0494 6640 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys
16:00:44.0495 6640 sffp_sd - ok
16:00:44.0533 6640 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
16:00:44.0535 6640 sfloppy - ok
16:00:44.0592 6640 Sftfs (cc895997c0995a07b6b2779a3b21918b) C:\windows\system32\DRIVERS\Sftfslh.sys
16:00:44.0602 6640 Sftfs - ok
16:00:44.0671 6640 Sftplay (cf5e9798637795db59697f5e40fca993) C:\windows\system32\DRIVERS\Sftplaylh.sys
16:00:44.0673 6640 Sftplay - ok
16:00:44.0701 6640 Sftredir (4c8076ff8938b365eeec9123969e0350) C:\windows\system32\DRIVERS\Sftredirlh.sys
16:00:44.0702 6640 Sftredir - ok
16:00:44.0736 6640 Sftvol (6095a5f221eca9dada2c9ee80ec0d92d) C:\windows\system32\DRIVERS\Sftvollh.sys
16:00:44.0737 6640 Sftvol - ok
16:00:44.0812 6640 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
16:00:44.0815 6640 sisagp - ok
16:00:44.0929 6640 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
16:00:44.0931 6640 SiSRaid2 - ok
16:00:45.0016 6640 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
16:00:45.0019 6640 SiSRaid4 - ok
16:00:45.0061 6640 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
16:00:45.0062 6640 Smb - ok
16:00:45.0193 6640 SNP2UVC (1db08cbdda27e3f143137638d422cf45) C:\windows\system32\DRIVERS\snp2uvc.sys
16:00:45.0210 6640 SNP2UVC - ok
16:00:45.0254 6640 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\windows\system32\speedfan.sys
16:00:45.0259 6640 speedfan - ok
16:00:45.0381 6640 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
16:00:45.0382 6640 spldr - ok
16:00:45.0489 6640 sptd (614deea4bdcec3fd5a07bdc705723ad7) C:\windows\System32\Drivers\sptd.sys
16:00:45.0489 6640 Suspicious file (NoAccess): C:\windows\System32\Drivers\sptd.sys. md5: 614deea4bdcec3fd5a07bdc705723ad7
16:00:45.0497 6640 sptd ( LockedFile.Multi.Generic ) - warning
16:00:45.0497 6640 sptd - detected LockedFile.Multi.Generic (1)
16:00:45.0540 6640 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\windows\system32\DRIVERS\srv.sys
16:00:45.0543 6640 srv - ok
16:00:45.0589 6640 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\windows\system32\DRIVERS\srv2.sys
16:00:45.0592 6640 srv2 - ok
16:00:45.0778 6640 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\windows\system32\DRIVERS\srvnet.sys
16:00:45.0782 6640 srvnet - ok
16:00:45.0967 6640 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
16:00:45.0968 6640 stexstor - ok
16:00:46.0176 6640 STHDA (1a55b390a3bfdd17c98695ab2f91a7f8) C:\windows\system32\DRIVERS\stwrt.sys
16:00:46.0181 6640 STHDA - ok
16:00:46.0253 6640 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\windows\system32\DRIVERS\vmstorfl.sys
16:00:46.0255 6640 storflt - ok
16:00:46.0296 6640 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\windows\system32\DRIVERS\storvsc.sys
16:00:46.0297 6640 storvsc - ok
16:00:46.0311 6640 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
16:00:46.0312 6640 swenum - ok
16:00:46.0355 6640 SynTP (916a6435b54bd87c65950425aed642b7) C:\windows\system32\DRIVERS\SynTP.sys
16:00:46.0357 6640 SynTP - ok
16:00:46.0445 6640 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
16:00:46.0454 6640 Tcpip - ok
16:00:46.0621 6640 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
16:00:46.0638 6640 TCPIP6 - ok
16:00:46.0694 6640 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
16:00:46.0696 6640 tcpipreg - ok
16:00:46.0719 6640 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
16:00:46.0720 6640 TDPIPE - ok
16:00:46.0742 6640 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
16:00:46.0744 6640 TDTCP - ok
16:00:46.0775 6640 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
16:00:46.0776 6640 tdx - ok
16:00:46.0844 6640 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
16:00:46.0847 6640 TermDD - ok
16:00:46.0905 6640 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\windows\system32\drivers\tpm.sys
16:00:46.0906 6640 TPM - ok
16:00:47.0049 6640 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
16:00:47.0051 6640 tssecsrv - ok
16:00:47.0086 6640 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
16:00:47.0088 6640 tunnel - ok
16:00:47.0119 6640 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
16:00:47.0120 6640 uagp35 - ok
16:00:47.0158 6640 udfs (2efee45a340e1590e37c2f2bac16d051) C:\windows\system32\DRIVERS\udfs.sys
16:00:47.0161 6640 udfs - ok
16:00:47.0202 6640 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
16:00:47.0204 6640 uliagpkx - ok
16:00:47.0240 6640 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
16:00:47.0241 6640 umbus - ok
16:00:47.0270 6640 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
16:00:47.0272 6640 UmPass - ok
16:00:47.0457 6640 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
16:00:47.0458 6640 usbccgp - ok
16:00:47.0556 6640 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
16:00:47.0558 6640 usbcir - ok
16:00:47.0594 6640 usbehci (0eeedd78c2bedac75e8ed1ba8d77878b) C:\windows\system32\DRIVERS\usbehci.sys
16:00:47.0595 6640 usbehci - ok
16:00:47.0624 6640 usbhub (ba50148445e5b2b3abdba208fc9b6fb5) C:\windows\system32\DRIVERS\usbhub.sys
16:00:47.0626 6640 usbhub - ok
16:00:47.0675 6640 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
16:00:47.0677 6640 usbohci - ok
16:00:47.0691 6640 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
16:00:47.0692 6640 usbprint - ok
16:00:47.0725 6640 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
16:00:47.0728 6640 USBSTOR - ok
16:00:47.0752 6640 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
16:00:47.0754 6640 usbuhci - ok
16:00:47.0794 6640 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
16:00:47.0796 6640 usbvideo - ok
16:00:47.0931 6640 utm4otc2 - ok
16:00:47.0998 6640 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
16:00:48.0000 6640 vdrvroot - ok
16:00:48.0054 6640 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
16:00:48.0056 6640 vga - ok
16:00:48.0089 6640 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
16:00:48.0091 6640 VgaSave - ok
16:00:48.0153 6640 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
16:00:48.0156 6640 vhdmp - ok
16:00:48.0181 6640 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
16:00:48.0183 6640 viaagp - ok
16:00:48.0354 6640 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
16:00:48.0356 6640 ViaC7 - ok
16:00:48.0405 6640 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
16:00:48.0407 6640 viaide - ok
16:00:48.0450 6640 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\windows\system32\DRIVERS\vmbus.sys
16:00:48.0452 6640 vmbus - ok
16:00:48.0463 6640 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\windows\system32\DRIVERS\VMBusHID.sys
16:00:48.0465 6640 VMBusHID - ok
16:00:48.0515 6640 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
16:00:48.0516 6640 volmgr - ok
16:00:48.0594 6640 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
16:00:48.0598 6640 volmgrx - ok
16:00:48.0736 6640 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
16:00:48.0738 6640 volsnap - ok
16:00:48.0969 6640 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\windows\system32\DRIVERS\vpchbus.sys
16:00:48.0973 6640 vpcbus - ok
16:00:49.0057 6640 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\windows\system32\DRIVERS\vpcnfltr.sys
16:00:49.0058 6640 vpcnfltr - ok
16:00:49.0109 6640 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\windows\system32\DRIVERS\vpcusb.sys
16:00:49.0111 6640 vpcusb - ok
16:00:49.0167 6640 vpcvmm (b21e23c100d6d5162b95cf6f05b4e035) C:\windows\system32\drivers\vpcvmm.sys
16:00:49.0169 6640 vpcvmm - ok
16:00:49.0281 6640 Vsdatant (24334b105bde93d82495358b219f7b76) C:\windows\system32\DRIVERS\vsdatant.sys
16:00:49.0285 6640 Vsdatant - ok
16:00:49.0403 6640 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
16:00:49.0406 6640 vsmraid - ok
16:00:49.0511 6640 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
16:00:49.0514 6640 vwifibus - ok
16:00:49.0559 6640 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
16:00:49.0560 6640 vwififlt - ok
16:00:49.0585 6640 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
16:00:49.0586 6640 vwifimp - ok
16:00:49.0638 6640 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\windows\system32\DRIVERS\wacommousefilter.sys
16:00:49.0639 6640 wacommousefilter - ok
16:00:49.0674 6640 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
16:00:49.0676 6640 WacomPen - ok
16:00:49.0970 6640 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\windows\system32\DRIVERS\wacomvhid.sys
16:00:49.0972 6640 wacomvhid - ok
16:00:50.0187 6640 wacomvthid (6d95cb7cefe61b62472076187277edf6) C:\windows\system32\DRIVERS\WacomVTHid.sys
16:00:50.0190 6640 wacomvthid - ok
16:00:50.0244 6640 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
16:00:50.0245 6640 WANARP - ok
16:00:50.0253 6640 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
16:00:50.0255 6640 Wanarpv6 - ok
16:00:50.0325 6640 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
16:00:50.0326 6640 Wd - ok
16:00:50.0355 6640 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
16:00:50.0358 6640 Wdf01000 - ok
16:00:50.0415 6640 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
16:00:50.0417 6640 WfpLwf - ok
16:00:50.0443 6640 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
16:00:50.0444 6640 WIMMount - ok
16:00:50.0545 6640 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUSB.sys
16:00:50.0547 6640 WinUSB - ok
16:00:50.0682 6640 wisdpen (2a5fa390419d8916dbd777a49b2fa30f) C:\windows\system32\DRIVERS\wisdpen.sys
16:00:50.0684 6640 wisdpen - ok
16:00:50.0738 6640 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
16:00:50.0740 6640 WmiAcpi - ok
16:00:50.0836 6640 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
16:00:50.0838 6640 ws2ifsl - ok
16:00:50.0902 6640 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
16:00:50.0903 6640 WudfPf - ok
16:00:50.0936 6640 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
16:00:50.0938 6640 WUDFRd - ok
16:00:50.0995 6640 xusb21 (c26c68bcbac1f33f890c226769759209) C:\windows\system32\DRIVERS\xusb21.sys
16:00:50.0996 6640 xusb21 - ok
16:00:51.0056 6640 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:00:51.0078 6640 \Device\Harddisk0\DR0 - ok
16:00:51.0081 6640 Boot (0x1200) (a737895d80bcd5ca5ec5db4ee4b2830a) \Device\Harddisk0\DR0\Partition0
16:00:51.0081 6640 \Device\Harddisk0\DR0\Partition0 - ok
16:00:51.0100 6640 Boot (0x1200) (ea53075d68364224771d8d11d69fff69) \Device\Harddisk0\DR0\Partition1
16:00:51.0101 6640 \Device\Harddisk0\DR0\Partition1 - ok
16:00:51.0151 6640 Boot (0x1200) (0f8f8e3765cd3eb29d0b96b6a6c9f7f4) \Device\Harddisk0\DR0\Partition2
16:00:51.0152 6640 \Device\Harddisk0\DR0\Partition2 - ok
16:00:51.0195 6640 Boot (0x1200) (bbd06a30c5ea49429ff90777d8f19bd7) \Device\Harddisk0\DR0\Partition3
16:00:51.0195 6640 \Device\Harddisk0\DR0\Partition3 - ok
16:00:51.0196 6640 ============================================================
16:00:51.0196 6640 Scan finished
16:00:51.0196 6640 ============================================================
16:00:51.0204 0540 Detected object count: 2
16:00:51.0204 0540 Actual detected object count: 2
16:02:46.0583 0540 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
16:02:46.0584 0540 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip 
16:02:46.0585 0540 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:02:46.0585 0540 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
16:02:48.0353 5140 Deinitialize success

About the autorun - autoexecuting autoruns that are shut down is something I'd welcome. It's enough, if I can do it manually (double click on cd/found the autorun.exe on a CD myself).

Combofix log comes soon!


----------



## kevinf80 (Mar 21, 2006)

Post the log when you`re ready


----------



## kremkrem (Oct 7, 2011)

ComboFix log goes here:

ComboFix 11-10-07.02 - slawek 2011-10-09 9:25.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.48.1045.18.2991.1669 [GMT 2:00]
Uruchomiony z: c:\users\slawek\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Utworzono nowy punkt przywracania
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\DatacardService\DCService.exe
C:\Thumbs.db
c:\users\slawek\AppData\Local\Temp\DAT7FDC.tmp.exe
c:\users\slawek\BITE045.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DCService.exe
.
.
((((((((((((((((((((((((( Pliki utworzone od 2011-09-09 do 2011-10-09 )))))))))))))))))))))))))))))))
.
.
2011-10-09 07:34 . 2011-10-09 07:49 -------- d-----w- c:\users\slawek\AppData\Local\temp
2011-10-09 07:34 . 2011-10-09 07:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-08 13:41 . 2011-10-08 13:41 -------- d-----w- c:\users\slawek\AppData\Roaming\Malwarebytes
2011-10-08 13:41 . 2011-10-08 13:41 -------- d-----w- c:\programdata\Malwarebytes
2011-10-08 13:41 . 2011-10-08 13:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-08 13:41 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-06 18:08 . 2011-10-06 18:08 -------- d-----w- C:\Nexon
2011-10-06 18:06 . 2011-10-06 18:14 -------- d-----w- c:\programdata\NexonEU
2011-10-06 15:49 . 2011-10-06 15:49 -------- d-----w- c:\users\slawek\AppData\Local\Zachtronics Industries
2011-10-06 15:28 . 2011-10-06 15:28 -------- d-----w- c:\program files\Zachtronics Industries
2011-10-01 05:01 . 2011-10-01 18:36 -------- d-----w- C:\FrozenSynapse
2011-09-24 16:02 . 2011-09-24 16:02 -------- d-----w- c:\users\slawek\AppData\Local\Eclipse
2011-09-24 16:01 . 2011-09-24 16:03 -------- d-----w- c:\users\slawek\workspace
2011-09-19 18:19 . 2010-05-22 12:48 167936 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2011-09-19 18:19 . 2010-05-22 12:48 26880 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2011-09-19 18:19 . 2010-05-22 12:48 70656 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2011-09-19 18:19 . 2010-05-22 12:48 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2011-09-19 18:19 . 2010-05-22 12:48 51584 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2011-09-19 18:19 . 2009-07-14 10:27 1461992 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01009.dll
2011-09-19 18:18 . 2010-04-30 14:52 206336 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-09-19 18:18 . 2010-03-25 08:08 105984 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-09-19 18:18 . 2010-03-20 10:06 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2011-09-19 18:18 . 2010-01-18 16:48 27136 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-09-19 18:18 . 2010-03-20 09:56 101504 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2011-09-19 18:18 . 2011-09-19 18:20 -------- d-----w- c:\program files\Internet w Cyfrowym Polsacie
2011-09-19 18:17 . 2011-10-09 07:34 -------- d-----w- c:\programdata\DatacardService
2011-09-12 16:59 . 2011-09-12 16:59 -------- d-----w- c:\program files\Lame For Audacity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 20:45 . 2011-07-28 18:58 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-07-28 18:58 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-07-28 18:58 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-07-28 18:58 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-07-28 18:58 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-07-28 18:58 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-07-28 18:58 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-07-28 18:58 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-31 10:25 . 2011-08-31 10:25 0 ----a-w- c:\windows\system32\shoB0E.tmp
2011-08-24 12:54 . 2011-01-30 11:30 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-24 12:54 . 2011-01-30 11:30 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-24 12:54 . 2011-08-24 12:54 809496  ----a-r- c:\windows\system32\tmp8881.tmp
2011-08-24 12:54 . 2009-06-03 09:25 809496 ----a-r- c:\windows\system32\tmp8880.tmp
2011-07-29 07:47 . 2011-07-29 07:47 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-09-07 16:11 . 2011-07-09 06:56 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF925EF3-7A87-44E4-9CAF-8D7B280BF616}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2011-02-07 1362944]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-07-13 351800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2009-12-16 1690680]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-22 1684776]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-18 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-18 166936]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-02-03 111640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-01-21 495708]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-09-18 27184]
"HP Connection Manager.exe"="c:\program files\Hewlett-Packard\HP Connection Manager\HP Connection Manager.exe" [2009-12-03 1119048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\users\slawek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-10-29 47616]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-12-12 38912]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-21 1639728]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 29472]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-30 206336]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-10-21 4208208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 utm4otc2;AVZ Kernel Driver;c:\windows\system32\Drivers\utm4otc2.sys [x]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-09 1343400]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-29 218688]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\aestsrv.exe [2009-03-03 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2009-12-16 102968]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2009-11-20 124984]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-06-14 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-01-26 281192]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\QUALCOMM\QDLService2k\QDLService2kHP.exe [2010-01-19 330488]
S2 rgsender;Remote Graphics Sender Service;c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2009-11-19 379904]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 SMManager;HP Connection Manager Service;c:\program files\Hewlett-Packard\HP Connection Manager\SMManager.exe [2009-12-03 82760]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-02-03 2320920]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2010-12-13 98160]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-01-07 215208]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-05-22 70656]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-07 132352]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-27 209920]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-02-01 6755840]
S3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D);c:\windows\system32\DRIVERS\qcfilterhp2k.sys [2010-01-19 5248]
S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\DRIVERS\qcusbnethp2k.sys [2010-01-19 206848]
S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\DRIVERS\qcusbserhp2k.sys [2010-01-19 106368]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 wacomvthid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2009-07-09 13480]
S3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [2010-12-13 37104]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-225376568-3839698062-1861396292-1000Core.job
- c:\users\slawek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 22:04]
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-225376568-3839698062-1861396292-1000UA.job
- c:\users\slawek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 22:04]
.
2011-10-05 c:\windows\Tasks\HPCeeScheduleForslawek.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
mStart Page = hxxp://www.bing.com
uInternet Settings,ProxyServer = 8.8.8.8:80
IE: Download all by FlashGet3 - c:\users\slawek\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\slawek\AppData\Roaming\FlashGetBHO\GetUrl.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4121C421-93E2-48AF-AD67-F9D723C5F13D}: NameServer = 193.41.112.14 193.41.112.18
TCP: Interfaces\{45A9A540-B186-48BF-B952-5B73D6048E3B}: NameServer = 193.41.112.14 193.41.112.18
TCP: Interfaces\{BF8C3EE3-93D2-4438-974E-80FE5C392990}: NameServer = 213.158.199.1 213.158.199.5
FF - ProfilePath - c:\users\slawek\AppData\Roaming\Mozilla\Firefox\Profiles\55dagbb8.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'Explorer.exe'(7776)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9ce7180b73fb7a7d\STacSV.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\taskhost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\WTouch\WTouchUser.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxext.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Czas ukończenia: 2011-10-09 09:54:03 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2011-10-09 07:54
.
Przed: 110 289 555 456 bajtów wolnych
Po: 112 556 822 528 bajtów wolnych
.
- - End Of File - - 07032AF31C33BBCE6CC63FFE20C6DD61


----------



## kevinf80 (Mar 21, 2006)

Run the following please:

*Run ESET Online Scan*

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
*ESET OnlineScan*
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check









*Leave the tick out of remove found threats*
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push








You can refer to *this animation* by *neomage* if needed.
Frequently asked questions available *Here* *Please read them before running the scan.*

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here *"C:\Program Files\ESET\EsetOnlineScanner\log.txt".*

Let me see the log please....


----------



## kremkrem (Oct 7, 2011)

Fail, ESET can't connect and download anything for itself. (Downloaded in firefox - exec has problems with connecting; in IE - no web page can be opened)
Let's try something else.


----------



## kevinf80 (Mar 21, 2006)

Please perform this online scan: *F-Secure Online Scanner * 
Follow the directions in the F-Secure page for proper Installation.

 You may receive an alert on the address bar at this point to install the ActiveX control. 
 Click on that alert and then click "*Install ActiveX component*". 
 Read the license agreement and click "*Accept*". 
 Click "*Full System Scan*" to download the scanning components and begin scan and cleaning. 
 When the scan completes, click the "*I want to decide item by item*" button. 
 For each item found, Select "*Disinfect*" and click "*Next*". 
 When done, click the "*Show Report*" button, then copy and paste the entire report into your next reply.


----------



## kremkrem (Oct 7, 2011)

Sorry, but you know, this F-Secure software uses Java Applet for scanning (that's ok) and IE to show the results (more than bad). In other words, it doesn't work.
Please, if you can, choose some software I can download without any extern downloaders, and it should work fine.
Those errors are caused by the problem we're trying to solve. I mention it just to make sure you know why I've got these problems.


----------



## kevinf80 (Mar 21, 2006)

Do you have an internet connection?

Did you set up the following Proxy

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,*ProxyServer = 8.8.8.8:80*


----------



## kremkrem (Oct 7, 2011)

First, I have an internet connection. I post from the machine I have problems with, using Firefox. As I said in the very first post, the situation with my system is weird: there is a connection, but for most apps resolving hostnames doesn't work (but in Firefox works). So, I can connect using Firefox, or, sometimes, using raw IP.
Second... I barely understand the notation you just have used. But checked the Windows options... yes, I set the 8.8.8.8:80 proxy, I surely remember doing so. Found it was Google DNS server, and tried as a possible solution. But it didn't work, so I turned off using proxy for system (by unchecking a box). And the fact that the adress is typed, doesn't (or at least shouldn't) matter.


----------



## kevinf80 (Mar 21, 2006)

When you turned off the proxy by removing the tick from "Proxy server" under Lan settings did you put a tick in "Automatically detect setting" under automatic configuration? see attached image

Also what can you tell me about this program *ALLPlayer* did you install it? Read the information at the following links:

http://www.threatexpert.com/files/allupdate.exe.html

http://www.prevx.com/filenames/61275102296173309-X1/ALLUPDATE.EXE.html

I ask about this program because it was installed by user not by malware...

Kevin


----------



## kremkrem (Oct 7, 2011)

Yeah...
Well, I hadn't switched the "automaticly detect" option on, I forgot about that. Now I've done it.
AllPlayer... yup, that was me. I've installed it. Avast was suspicious about the allupdate.exe, so I've either blocked it or let it on in sandbox (because that one was default). Well, when I've reconsidered that, I concluded I don't really need it anymore. Therefore I uninstalled it.
In short: it didn't work.
Let's try something else. I don't really like the vision of reinstalling the system... especially that it came with machine, so I don't have the CD/DVD...
PS. I've noticed you like Ubuntu, while I personally love it. As a coincidence, I've got a liveUSB with 10.04 lucid on board. If you're thinking about trick involving it, feel free to do so, I like Ubuntu, and I'm not a moron who is scared by its bash (aka terminal).


----------



## kevinf80 (Mar 21, 2006)

I`m only looking for malware on your system, you mentioned having issues for approximately 8 months, All Player was installed February of this year so it was a definite suspect.

OK I`d like to see an in depth scan with an AV to check that Combofix missed nothing, as you had problems with ESET and F-Secure we can use Avast.

Right click on the Avast Icon next to your clock and select *"open avast user interface"*
On the interface select *Scan Computer*










On the next window select *Boot time scan*










Onthe next window select *Schedule now*










On the next window select *Restart Computer*










Let your system re-boot and carry out the boot time scan, let me know what it finds. Also tell me if Internet Explorer works now since turning on the "Automatically detect" option...

Regarding Ubuntu, I only use that for online banking and anything with financial implications, I just dont trust windows....(any version)


----------



## kremkrem (Oct 7, 2011)

I've just done the on-boot scan. It said that it scanned everything (unlike the in-Windows scan), but found nothing.
I've just noted that your suspicion about AllPlayer was wrong, because I forgot to tell you, that the problem was caused by a stopped trial of installing an infected proxy software (that fact was mentioned by me in the very first post). Terrible thing I forgot the name of this application, but, as I searched on the net the day I got the problem, it was known to install rootkits and trojans.
But it was such a long time ago that I don't remember the name! Stupid, stupid, stupid, stupid, stupid, stupid, stupid, stupid.....
PS
It sometimes take time to answer, because there is big time difference between the place I live in and that forum's time (my time indicates 9 hours forward).


----------



## kevinf80 (Mar 21, 2006)

What is the status of your system now, is IE working? do have any issues/concerns


----------



## kremkrem (Oct 7, 2011)

Nothing has changed: IE doesn't load any pages, services that haven't worked doesn't work, and ones that have worked work.


----------



## kevinf80 (Mar 21, 2006)

Run Fixit for Internet Explorer, available here http://support.microsoft.com/kb/318378 Lets see if IE responds to the fix


----------



## kremkrem (Oct 7, 2011)

FixIt couldn't do anything because of failed attempt to connect to the (Microsoft) server. Dang, Microsoft sometimes really sucks.


----------



## kevinf80 (Mar 21, 2006)

Back up YOUR REGISTRY with ERUNT.....


Download *ERUNT* 
_(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)_
Install *ERUNT* by following the prompts
_(use the default install settings but say no to the portion that asks you to add *ERUNT* to the start-up folder, if you like you can enable this option later)_
Start *ERUNT*
_(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)_
Choose a location for the backup
_(the default location is C:\WINDOWS\ERDNT which is acceptable)._
Make sure that at least the first two check boxes are ticked
Press *OK*
Press *YES* to create the folder.










Next,

Please follow these instructions carefully:

Open Notepad, check the Format Menu and make sure Word Wrap is NOT selected. Then copy and paste the following from inside the code box to Notepad:


```
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\DisableWindowsUpdateAccess]		

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoWindowsUpdate"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoWindowsUpdate"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000000

[-HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDevMgrUpdate"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"NoUpdateCheck"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]
"DisableWindowsUpdateAccess"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoWindowsUpdate"=dword:00000000
```
Next, Click on the File Menu, then Save As ... and click on the drop down menu to change the file type to All Files.

Next navigate to your desktop, and enter the file name *fixme.reg*, and click Save.

You should now find a new file on your desktop named *fixme.reg*. Double click on *fixme.reg*. You will get a warning,
agree to the merge, and then a message the file has been merged will immediately pop up.

Then reboot.

Next,

Add the Windows Update Web site and the Microsoft Update Web site to the Trusted Sites list, follow these steps:


Start Windows Internet Explorer:
On the Tools menu, click Internet Options.
Note If you are using Internet Explorer 7, and the menu is not available, press the ALT key on your keyboard to access the Internet Explorer Menu.
Click the Security tab, and then click Trusted Sites.
Click Sites, and then click to clear the Require server verification (https for all sites in this zone check box.
In the Add this Web site to the zone box, type the following addresses, and then click Add after you type each address:

*http://*.windowsupdate.microsoft.com
http://*.windowsupdate.com
http://update.microsoft.com*

Click OK two times.

Try the updates again.


----------



## kremkrem (Oct 7, 2011)

ERUNT... hey, I already know this app! Ok, I've done backup.
Now there's some neat register editing file... have run that.
Restart, added the 3 trusted sites and cleared the https: verification box.
Nothing changed. (try update? What did you mean? I've tried to run fixit again as an update, but nothing)


----------



## kevinf80 (Mar 21, 2006)

Do the following :

Select the Windows Key and R Key together, in the open box either type or copy and paste *services.msc*

In the new window scroll to Background Intelligence Service, what is the Status and Start up type? They should be *Started* and *Automatic (delayed)* respectively.

Also check the following dependencies:

*Com + Event system* this should be *Started* and *Automatic*

*Remote Procedure Call (RPC)* this also should be *Started* and *Automatic*

Let me know if the above are correct.....


----------



## kremkrem (Oct 7, 2011)

I think I've managed to translate the service names right.
Background Intelligence Service (Us&#322;uga Inteligentnego Transferu w Tle)
Status: Started, Start up type: Automatic (delayed)

COM+ Event System (System Zdarze&#324; COM+)
Status: Started, Start up type: Automatic

Remote Procedure Call (RPC) (Zdalne wywo&#322;ywanie procedur (RPC))
Status: Started, Start up type: Automatic


----------



## kevinf80 (Mar 21, 2006)

Those settings are correct, I`m at a loss with this one, Can you remove the proxy that you have set up and see if that makes any difference?

If that does not help I`ll ask one of the Technical guys to have another look, this does not seem to be a malware issue.

One last scan:

Please run the MGA Diagnostic Tool and post back the report it creates:

Download *MGADiag* to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.


Please download MGADiag and save it to your desktop.
Double click the







icon on your desktop.
Push








Push








Go to Start -> Run and type in "Notepad"
Go to Edit -> Paste in notepad.
x out all of the numbers and letters in the line beginning with "Windows Product Key:"
Copy and paste that log here.


----------



## etaf (Oct 2, 2003)

theres quite a lot occurred here - so i will repeat a few steps again - apologies for this

i'll also move to the networking forum where other posters will be able to reply

so can you confirm the problem again - cannot connect to the internet using a cable connection or a wireless connection

can you show us a device manager screen shot also an ipconfig /all - see below 
also post the results of a tcp/ip reset

what happens in safemode with networking

*------------------------------------------------------------------------*
*Safemode with networking*
with a cable connected from PC to router 
check the cable - see if there is a light on the router accosiated with the cable port used , also check if you have a green/yellow light on the PC LAN port 
- try safemode with networking
as the PC starts keep tapping F8 - a menu appears - choose 
*safemode with networking* - see if that works 
*------------------------------------------------------------------------*

Can you remove zone alarm 
use the removal tool as well 
https://support.zonealarm.com/index...lete-full-uninstall-of-zonealarm-9x-and-below

http://download.zonealarm.com/bin/free/support/download/clean.exe

*------------------------------------------------------------------------*
* Device Manager *
Post back the results in device manager
If you cannot access the internet with this PC, then you will need to copy the program across to the faulty PC
Start > control Panel {Vista set to classic view}> system > {Vista, device manager on left hand side} {XP hardware Tab, device manager button} > 
windows 7
start > control panel> System and Security> Device Manager

*network adaptors, click on the + * > post back the devices listed there
are there any ! ? or X

post a screen shot of the device manager - network adapters

To post a screen shot of the active window, hold the Alt key and press the PrtScn key. Open the Windows PAINT application and Paste the screen shot. You can then use PAINT to trim to suit, and save it as a JPG format file. 
To upload it to the forum, open the full reply window and use the Manage Attachments button to upload it here
Full details are here http://library.techguy.org/wiki/TSG_Posting_a_Screenshot
*------------------------------------------------------------------------*

*------------------------------------------------------------------------*
* ipconfig /all *
If you cannot access the internet with this PC, then you will need to paste the results into something like notepad and then copy onto a machine that can access the internet and post results here

We would like to see the results from ipconfig /all post back the results in a reply here

Hold the *Windows* key and press *R*, then type *CMD* then press *Enter* to open a command prompt box (A new dialogue box - black with white font, will appear on screen ):

In the command prompt window that opens, type the following command:

_Note that there is a space before the /ALL, but there is *NOT* a space after the / in the following command._

* ipconfig /all > network.txt & network.txt *

It will export the results to notepad and then automatically open notepad.

Now all you need to do is copy and paste those results to a reply here
to do that:
From the notepad menu - choose *Edit* - *Select all* 
all the text will be highlighted
Next
From the notepad menu - choose *Edit* - *Copy*
Now go back to the forum - reply and then right click in the reply box and *paste* 
*------------------------------------------------------------------------*

*------------------------------------------------------------------------*

*TCP/IP stack repair options for use with Vista/Windows 7*

Start, Programs\Accessories and *right click on Command Prompt, select "Run as Administrator" *to open a command prompt.

_Note: Type only the text in *bold* for the following commands._

Reset WINSOCK entries to installation defaults: *netsh winsock reset catalog*

Reset IPv4 TCP/IP stack to installation defaults. *netsh int ipv4 reset reset.log*

Reset IPv6 TCP/IP stack to installation defaults. *netsh int ipv6 reset reset.log*

Reboot the machine.

If you receive the message 
*The requested operation requires elevation.*
Then please open the command prompt as administrator - as requested above 
Start, Programs\Accessories and *right click on Command Prompt, select "Run as Administrator" *to open a command prompt.

Post back the results here - we need to know these commands worked correctly
rightclick in the box
select all
enter
control key + C key - to copy
then reply here and 
control key + V to paste

*------------------------------------------------------------------------*


----------



## kremkrem (Oct 7, 2011)

MGADiag log (I've *-ated the serial, as Kevin wished):
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-*****
Windows Product Key Hash: yr8OHoeXhbT4dc6MxGYjdAStSPY=
Windows Product ID: 00371-OEM-8992671-00008
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {D676CDFD-338D-4D70-88BE-5BA367E9DAC4}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7600.win7_gdr.101026-1503
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D676CDFD-338D-4D70-88BE-5BA367E9DAC4}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-6P6GT</PKey><PID>00371-OEM-8992671-00008</PID><PIDType>2</PIDType><SID>S-1-5-21-225376568-3839698062-1861396292</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>7007____</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>68COU Ver. F.02</Version><SMBIOSVersion major="2" minor="6"/><Date>20100823000000.000000+000</Date></BIOS><HWID>CABB3607018400FC</HWID><UserLCID>0415</UserLCID><SystemLCID>0415</SystemLCID><TimeZone>Środkowoeuropejski czas stand.(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Wersja usługi licencjonowania oprogramowania: 6.1.7600.16385

Nazwa: Windows(R) 7, Professional edition
Opis: Windows Operating System - Windows(R) 7, OEM_SLP channel
Identyfikator aktywacji: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Identyfikator aplikacji: 55c92734-d682-4d71-983e-d6ec3f16059f
Rozszerzony identyfikator PID: 00371-00178-926-700008-02-1045-7600.0000-3422010
Identyfikator instalacji: 016665763220762926456193590906344311711175938633370580
Adres URL certyfikatu procesora: http://go.microsoft.com/fwlink/?LinkID=88338
Adres URL certyfikatu komputera: http://go.microsoft.com/fwlink/?LinkID=88339
Adres URL licencji użytkowania: http://go.microsoft.com/fwlink/?LinkID=88341
Adres URL certyfikatu klucza produktu: http://go.microsoft.com/fwlink/?LinkID=88340
Częściowy klucz produktu: 6P6GT
Stan licencji: licencjonowano
Licznik pozostałych operacji przywrócenia pierwotnego stanu licencjonowania systemu Windows: 1
Godzina zaufana: 2011-10-14 09:14:07

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x80072EE7
HealthStatus: 0x0000000000000000
Event Time Stamp: 9:15:2011 19:47
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: OgAAAAIABAABAAEAAQABAAAABAABAAEAeqgKodFNdxasY2J1UuX+3lJlZrhVx3ye2AqaqGh1vE9cXQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM 7007 
FACP HPQOEM 7007 
HPET HPQOEM 7007 
MCFG HPQOEM 7007 
TCPA HPQOEM 7007 
SSDT HPQOEM SataAhci
SSDT HPQOEM SataAhci
SLIC HPQOEM SLIC-MPC
SSDT HPQOEM SataAhci
SSDT HPQOEM SataAhci
SSDT HPQOEM SataAhci
ASF! HPQOEM 7007

-----------------------------------------------------------

I don't have time to respond to everything at once, so I'll edit this post several times to get complete info here.

I CANNOT confirm that I can't connect to the internet - because I can. I can use for example Firefox, Steam (except its browser), Minecraft, Frozen Synapse etc. I can't use IE, Toribash (multi), Steam (its browser), Vindictus (and mostly any MMO).

And I'd like to say it's not my only machine in my house, every is using a wireless connection to the router. And, except the problematic machine, they are working in 100%.

I've already done TCP/IP stack repair options for use with Vista/Windows 7 earlier by the instructions other people gave me here, console said everything went fine, but situation hasn't changed. However, log is still there, few posts earlier.

*Device Manager: *(polish localization of Windows makes the things harder)
*







*
*
ipconfig /all *(oh, that polish characters...)*:*

Konfiguracja IP systemu Windows

Nazwa hosta . . . . . . . . . . . : slawek-HP
Sufiks podstawowej domeny DNS . . : 
Typ w©zˆa . . . . . . . . . . . . : Hybrydowy
Routing IP wˆĄczony . . . . . . . : Nie
Serwer WINS Proxy wˆĄczony. . . . : Nie
Lista przeszukiwania sufiks˘w DNS : pl

Karta kom˘rkowego poˆĄczenia szerokopasmowego Kom˘rkowe poˆĄczenie szerokopasmowe:

Stan no˜nika . . . . . . . . . . .: No˜nik odˆĄczony
Sufiks DNS konkretnego poˆĄczenia : 
Opis. . . . . . . . . . . . . . . : HP un2420 Mobile Broadband Module Network Device
Adres fizyczny. . . . . . . . . . : 00-A0-C6-00-00-00
DHCP wˆĄczone . . . . . . . . . . : Nie
Autokonfiguracja wˆĄczona . . . . : Tak

Karta Ethernet PoˆĄczenie lokalne:

Stan no˜nika . . . . . . . . . . .: No˜nik odˆĄczony
Sufiks DNS konkretnego poˆĄczenia : 
Opis. . . . . . . . . . . . . . . : Intel(R) 82577LM Gigabit Network Connection
Adres fizyczny. . . . . . . . . . : 1C-C1-DE-C0-CD-7F
DHCP wˆĄczone . . . . . . . . . . : Tak
Autokonfiguracja wˆĄczona . . . . : Tak

Karta bezprzewodowej sieci LAN PoˆĄczenie sieci bezprzewodowej:

Sufiks DNS konkretnego poˆĄczenia : pl
Opis. . . . . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6200 AGN
Adres fizyczny. . . . . . . . . . : 58-94-6B-04-3B-C8
DHCP wˆĄczone . . . . . . . . . . : Tak
Autokonfiguracja wˆĄczona . . . . : Tak
Adres IPv4. . . . . . . . . . . . . : 192.168.1.3(Preferowane) 
Maska podsieci. . . . . . . . . . : 255.255.255.0
Dzierľawa uzyskana. . . . . . . . : 14 pa«dziernika 2011 08:11:25
Dzierľawa wygasa. . . . . . . . . : 15 pa«dziernika 2011 08:11:26
Brama domy˜lna. . . . . . . . . . : 192.168.1.254
Serwer DHCP . . . . . . . . . . . : 192.168.1.254
Serwery DNS . . . . . . . . . . . : 192.168.1.254
NetBIOS przez Tcpip . . . . . . . : WˆĄczony

Karta tunelowa isatap.{BF8C3EE3-93D2-4438-974E-80FE5C392990}:

Stan no˜nika . . . . . . . . . . .: No˜nik odˆĄczony
Sufiks DNS konkretnego poˆĄczenia : 
Opis. . . . . . . . . . . . . . . : Karta Microsoft ISATAP #2
Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP wˆĄczone . . . . . . . . . . : Nie
Autokonfiguracja wˆĄczona . . . . : Tak

Karta tunelowa isatap.{A2224DE7-1B1D-44E6-B695-CA213496BD45}:

Stan no˜nika . . . . . . . . . . .: No˜nik odˆĄczony
Sufiks DNS konkretnego poˆĄczenia : 
Opis. . . . . . . . . . . . . . . : Karta Microsoft ISATAP #3
Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP wˆĄczone . . . . . . . . . . : Nie
Autokonfiguracja wˆĄczona . . . . : Tak

Karta tunelowa isatap.pl:

Stan no˜nika . . . . . . . . . . .: No˜nik odˆĄczony
Sufiks DNS konkretnego poˆĄczenia : pl
Opis. . . . . . . . . . . . . . . : Karta Microsoft ISATAP #4
Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP wˆĄczone . . . . . . . . . . : Nie
Autokonfiguracja wˆĄczona . . . . : Tak

Karta tunelowa Teredo Tunneling Pseudo-Interface:

Stan no˜nika . . . . . . . . . . .: No˜nik odˆĄczony
Sufiks DNS konkretnego poˆĄczenia : 
Opis. . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Adres fizyczny. . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP wˆĄczone . . . . . . . . . . : Nie
Autokonfiguracja wˆĄczona . . . . : Tak


----------



## etaf (Oct 2, 2003)

> I CANNOT confirm that I can't connect to the internet - because I can. I can use for example Firefox, Steam (except its browser), Minecraft, Frozen Synapse etc. I can't use IE, Toribash (multi), Steam (its browser), Vindictus (and mostly any MMO).


Start> search bar> CMD to open a DOS window and type:

Type the following command 
* ipconfig /flushdns *

Post back the results
rightclick in the box
select all
enter
control key + C key - to copy
then reply here and 
control key + V to paste

then try the following two commands

*net stop dnscache

net start dnscache*

then post the results


----------



## kremkrem (Oct 7, 2011)

Microsoft Windows [Wersja 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. Wszelkie prawa zastrzeżone.

C:\Users\slawek>ipconfig /flushdns

Konfiguracja IP systemu Windows

Pomyślnie opróżniono pamięć podręczną programu rozpoznawania nazw DNS.

C:\Users\slawek>net stop dnscache
Wystąpił błąd systemu 5.

Odmowa dostępu.

C:\Users\slawek>

------------------------------------------------------------
whoops, so I launched cmd with administrative rights:
------------------------------------------------------------
Microsoft Windows [Wersja 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. Wszelkie prawa zastrzeżone.

C:\windows\system32>net stop dnscache
Usługa Klient DNS jest właśnie zatrzymywana.
Usługa Klient DNS została zatrzymana pomyślnie.

C:\windows\system32>net start dnscache
Usługa Klient DNS jest właśnie uruchamiana.
Pomyślnie uruchomiono usługę Klient DNS.

C:\windows\system32>
----------------------------------------------------------
PS. I know how to use cmd. If you want, just say: type cmd command "ipconfig /flushdns" and post the results, and I'll know how to do it, instructions are unnecessary.

And I forgot to mention, what is the key of the problem, but I think (deducing form your post), that you know it: applications cannot resolve addresses. For example, Google Chrome can't load page from address google.pl, but it'd load it, if you give its IP instead.


----------



## etaf (Oct 2, 2003)

> but it'd load it, if you give its IP instead.


 is that the case with all the sites ?
thats a typical DNS issue and thats the issue i was trying to resolve above

try google open dns -

*------------------------------------------------------------------------*

* Google public DNS *

Google public DNS
http://code.google.com/speed/public-dns/

Theres also a link on how to setup those DNS IP address
http://code.google.com/speed/public-dns/docs/using.html

*------------------------------------------------------------------------*


----------



## kremkrem (Oct 7, 2011)

've set DNS to 8.8.8.8. Nothing changed.

Yes, the case is with every site.


----------



## etaf (Oct 2, 2003)

i'm out of ideas i'm afraid 

you've carried out the tcp/ip reset - and it worked correctly - no change
you've removed any proxy setting - no change
you've removed zonealarm and any other security suite that may have been on the pc in the past - no change
you've set up open dns - no change
you've flush and stopped and started dns - no change
you've tried safemode with networking - no change
you've tried different browsers ie, chrome, firefox - no change

AND no malware found on PC - no change

not sure what else to suggest now


----------



## kremkrem (Oct 7, 2011)

Hey, look guys!
I don't know, how much it helps, but I found out that among 5 kinds of error that can occur while calling an adress resolving function: host not found error, couldn't connect to local server = try again, unrecoverable error, no data error and no adress error; I get: unrecoverable error. Doesn't sound positive, but, well, does it tell anything? Just came up with this while trying to run Desura.


----------

