Downloaded and ran as directed.
Took over an hour for the files scan to run (I disabled Avast! or I'd still be waiting tomorrow!) It ran through to completion, the log is below:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtAllocateVirtualMemory, Type: Address change 0x8056800D-->EB9C8ED0 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtAssignProcessToJobObject, Type: Address change 0x805A1C30-->EB9C9700 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtClose, Type: Address change 0x80566DB9-->EB8CE6B8 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtConnectPort, Type: Address change 0x8058A87C-->EB9C6DA0 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtCreateFile, Type: Address change 0x8056FC68-->EB9D69C0 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x8056E819-->EB8CE574 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtCreatePort, Type: Address change 0x80597561-->EB9C68E0 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtCreateProcess, Type: Address change 0x805B0B24-->EB9C3620 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtCreateProcessEx, Type: Address change 0x80581EFE-->EB9C3A30 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtCreateSection, Type: Address change 0x8056469B-->EB9C2EF0 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtCreateThread, Type: Address change 0x8057C51B-->EB9C4F20 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtDebugActiveProcess, Type: Address change 0x806593E1-->EB9C5B90 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtDeleteValueKey, Type: Address change 0x80593B28-->EB8CEA52 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtDuplicateObject, Type: Address change 0x80572B96-->EB8CE14C [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtLoadDriver, Type: Address change 0x805A40FA-->EB9C8490 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtOpenFile, Type: Address change 0x8056FC03-->EB9D7040 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtOpenKey, Type: Address change 0x80567D6B-->EB8CE64E [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtOpenProcess, Type: Address change 0x80572D76-->EB8CE08C [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtOpenSection, Type: Address change 0x8057677B-->EB9C3310 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x8058C882-->EB8CE0F0 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtProtectVirtualMemory, Type: Address change 0x80573125-->EB9C9350 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtQueryDirectoryFile, Type: Address change 0x80573585-->EB9C8A70 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtQueryValueKey, Type: Address change 0x8056B173-->EB8CE76E [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtQueueApcThread, Type: Address change 0x8058F70B-->EB9C98A0 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtRequestPort, Type: Address change 0x80589AA8-->EB9C79A0 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtRequestWaitReplyPort, Type: Address change 0x80575F9A-->EB9C7F90 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtRestoreKey, Type: Address change 0x8064C122-->EB8CE72E [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtResumeThread, Type: Address change 0x8057CB8E-->EB9C6340 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtSecureConnectPort, Type: Address change 0x8057EA6A-->EB9C7190 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtSetContextThread, Type: Address change 0x8062C4EB-->EB9C5970 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtSetSystemInformation, Type: Address change 0x805A26E4-->EB9C5D30 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x80573CFD-->EB8CE8AE [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtShutdownSystem, Type: Address change 0x80645923-->EB9C8370 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtSuspendProcess, Type: Address change 0x8062E0CD-->EB9C6520 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtSuspendThread, Type: Address change 0x805DFA98-->EB9C6130 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtSystemDebugControl, Type: Address change 0x80648481-->EB9C5F40 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtTerminateProcess, Type: Address change 0x805847BC-->EB9C4C80 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtTerminateThread, Type: Address change 0x8057BC34-->EB9C5760 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtUnloadDriver, Type: Address change 0x80618800-->EB9C8780 [C:\WINDOWS\system32\drivers\OADriver.sys]
ntoskrnl.exe-->NtWriteVirtualMemory, Type: Address change 0x8057A707-->EB9C9520 [C:\WINDOWS\system32\drivers\OADriver.sys]
==============================================
>Shadow
==============================================
win32k.sys-->NtGdiAlphaBlend, Type: Address change 0xBF8369D9-->EB9C1160 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtGdiBitBlt, Type: Address change 0xBF809ACE-->EB9C0480 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtGdiCreateDIBSection, Type: Address change 0xBF82A0DA-->EB9C1510 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtGdiGetPixel, Type: Address change 0xBF8758B0-->EB9C07D0 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtGdiMaskBlt, Type: Address change 0xBF8342D1-->EB9C0A80 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtGdiOpenDCW, Type: Address change 0xBF8411F0-->EB9C1880 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtGdiTransparentBlt, Type: Address change 0xBF8BF704-->EB9C0E10 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserAttachThreadInput, Type: Address change 0xBF8F7A81-->EB9BCF60 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserBlockInput, Type: Address change 0xBF913B91-->EB9BED60 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserCallHwndParamLock, Type: Address change 0xBF825555-->EB9BE890 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserCallTwoParam, Type: Address change 0xBF82F32E-->EB9BF9D0 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0xBF8678D0-->EB9BDA10 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserGetClipboardData, Type: Address change 0xBF8EDF73-->EB9BF110 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserGetDC, Type: Address change 0xBF8043EA-->EB9BFDC0 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserGetDCEx, Type: Address change 0xBF834E9D-->EB9C0020 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserGetKeyboardState, Type: Address change 0xBF8BA0D9-->EB9BD8E0 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserGetKeyState, Type: Address change 0xBF81C8EB-->EB9BD7B0 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserGetWindowDC, Type: Address change 0xBF80381C-->EB9C0290 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserMessageCall, Type: Address change 0xBF80EFF3-->EB9BDB40 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserMoveWindow, Type: Address change 0xBF8346C4-->EB9BF4F0 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserPostMessage, Type: Address change 0xBF8084A3-->EB9BE020 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserPostThreadMessage, Type: Address change 0xBF871660-->EB9BE4D0 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserRegisterRawInputDevices, Type: Address change 0xBF9164F0-->EB9BCD70 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserSendInput, Type: Address change 0xBF8C3275-->EB9BEB10 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserSetClipboardViewer, Type: Address change 0xBF8EDCF3-->EB9BEF00 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserSetParent, Type: Address change 0xBF87D7B6-->EB9BF2B0 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserSetWindowPos, Type: Address change 0xBF823E66-->EB9BF880 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserSetWindowsHookAW, Type: Address change 0xBF8BD69C-->EB9BC820 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF8BA199-->EB9BC3C0 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserSetWinEventHook, Type: Address change 0xBF8F01A4-->EB9BCAC0 [C:\WINDOWS\system32\drivers\OADriver.sys]
win32k.sys-->NtUserShowWindow, Type: Address change 0xBF8314B6-->EB9BF790 [C:\WINDOWS\system32\drivers\OADriver.sys]
==============================================
>Processes
==============================================
0x83BC8A00 [4] System
0x83524538 [416] C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc., LexBce Service)
0x832BC798 [552] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x83A85DA0 [608] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x834AC538 [668] C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc., LEXPPS.EXE)
0x8350EC00 [680] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x83694DA0 [704] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x835C8DA0 [752] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x8360B318 [764] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x83A83340 [936] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8355F998 [992] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x83500DA0 [1008] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x83329798 [1156] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x836F19F8 [1236] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x830F2DA0 [1284] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x832FE648 [1400] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8376C230 [1432] C:\WINDOWS\system32\netdde.exe (Microsoft Corporation, Network DDE - DDE Communication)
0x83028DA0 [1452] C:\Program Files\Emsisoft\Online Armor\oahlp.exe (Emsi Software GmbH, Online Armor Component)
0x8308F5B8 [1468] C:\Program Files\Emsisoft\Online Armor\oaui.exe (Emsi Software GmbH, Online Armor Component)
0x832B2798 [1532] C:\Program Files\Emsisoft\Online Armor\oacat.exe (Emsi Software GmbH, Online Armor Component)
0x832E0798 [1560] C:\Program Files\Emsisoft\Online Armor\oasrv.exe (Emsi Software GmbH, Online Armor Component)
0x83714508 [1684] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc., Bonjour Service)
0x836C0CC0 [1740] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x83543A10 [1780] C:\WINDOWS\system32\snmp.exe (Microsoft Corporation, SNMP Service)
0x836F8870 [1828] C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software, avast! Antivirus updating service)
0x834FE7B8 [1876] C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software, avast! antivirus service)
0x8371FDA0 [1948] C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks, Network Connect Service)
0x8305E020 [2044] C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (
www.tortoisesvn.org, TortoiseSVN status cache)
0x8315BDA0 [2084] C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated, Adobe Acrobat SpeedLauncher)
0x8354F568 [2124] C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software, avast! e-Mail Scanner Service)
0x835B9B28 [2236] C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software, avast! Web Scanner)
0x831DCB98 [2308] C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe (Dell Computer Corporation, Dell AIO Printer A920Button Monitor)
0x83564538 [2684] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x83182A80 [2820] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x830645B8 [3040] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc., GoogleToolbarNotifier)
0x83135BD8 [3420] C:\Documents and Settings\William Brophy\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\113caXUtpO.exe (UG North, RKULE, SR2 Normandy)
0x8308FDA0 [3444] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java(TM) Update Scheduler)
0x831403B8 [3460] C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google, gusvc)
0x83113DA0 [3516] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp., PowerCinema Resident Program for Dell)
0x83BD1DA0 [3864] C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation, Dell AIO Printer A920Button Manager)
0x830A1DA0 [3940] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x83072AC0 [3960] C:\WINDOWS\system32\taskmgr.exe (Microsoft Corporation, Windows TaskManager)
0x8307DBC0 [4088] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software, avast! service GUI component)
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4276224 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 56.73 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2180352 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2180352 bytes
0x804D7000 RAW 2180352 bytes
0x804D7000 WMIxWDM 2180352 bytes
0xF648B000 C:\WINDOWS\system32\DRIVERS\fw.sys 2043904 bytes (Check Point Software Technologies, -)
0xF6994000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 1900544 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 )
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6805000 C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF675D000 C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB8C0F000 C:\WINDOWS\System32\drivers\vpn.sys 671744 bytes (Check Point Software Technologies, -)
0xF7542000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF66A2000 C:\WINDOWS\system32\drivers\smwdm.sys 540672 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xEB93B000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF5D19000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xEBA90000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB8B45000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xEB9AA000 C:\WINDOWS\system32\drivers\OADriver.sys 319488 bytes (Emsisoft, OA Helper Driver)
0xB835C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6927000 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys 221184 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xEB908000 C:\WINDOWS\system32\drivers\mfehidk.sys 208896 bytes (McAfee, Inc., Host Intrusion Detection Link Driver)
0xF7660000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7515000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB8CDB000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xEB9F8000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 180224 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB714E000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEBA68000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF667E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF673A000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 143360 bytes (Intel Corporation, NDIS 5 driver)
0xF6904000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF695D000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xEBA46000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xEBA24000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xEB8C6000 C:\WINDOWS\System32\Drivers\aswSP.SYS 135168 bytes (ALWIL Software, avast! self protection module)
0xEB8E7000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806EC000 ACPI_HAL 131968 bytes
0x806EC000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF75F8000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7630000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF74FA000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7618000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEB8AE000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF75CF000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5E12000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB8FA2000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 90112 bytes (ALWIL Software, avast! File System Filter Driver for Windows XP)
0xB8E4D000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6726000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6980000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEBAE8000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF75E6000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF764F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xEE4DF000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF790F000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF773F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF771F000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF294D000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xEDA05000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF791F000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76EF000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF78FF000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF6CB5000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF76CF000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF779F000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76FF000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF6CC5000 C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys 45056 bytes (Juniper Networks, dsNcAdapter)
0xF772F000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF76BF000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF6CA5000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xEEAAB000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)
0xF001A000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF77AF000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF76DF000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xEEA7B000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xEE4BF000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF78EF000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF77BF000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF76AF000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xEEABB000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xEEA9B000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF53CE000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xED9D5000 C:\WINDOWS\system32\drivers\OAnet.sys 36864 bytes (Emsisoft, OA Helper Driver)
0xEEA6B000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xEF339000 C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys 32768 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0xF79E7000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF1A45000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF1A3D000 C:\WINDOWS\system32\drivers\OAmon.sys 32768 bytes (Emsisoft, TDI Helper Driver)
0xF15BE000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF79EF000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF1A5D000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF792F000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF79DF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF0C72000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF79F7000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7A5F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF1A35000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF1A55000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF1A25000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 20480 bytes (ALWIL Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF1A6D000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF1A4D000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7937000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7A4F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7A57000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF2767000 C:\WINDOWS\System32\DRIVERS\Scap.sys 20480 bytes (Check Point Software Technologies, -)
0xF79FF000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF79D7000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xEE40D000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF56F0000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 16384 bytes (ALWIL Software, avast! TDI RDR Driver)
0xF0A53000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF14C2000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7B57000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF56EC000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xEEE72000 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 16384 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF74B9000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xEE540000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7AC3000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF0A33000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xEE550000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x83B5B000 C:\WINDOWS\system32\KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB8EB6000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xEE53C000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7B53000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF1432000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7BE9000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF7C41000 C:\WINDOWS\system32\Drivers\BASFND.sys 8192 bytes (Broadcom Corporation, Broadcom NetDetect Driver.)
0xF7C21000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7C49000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7C1F000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7BB1000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7C23000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7C3F000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7C25000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7BF3000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7C1B000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7BAF000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7D3F000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7D7B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xEE5AD000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7C77000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x83B093B2 ?_empty_? 3150 bytes
==============================================
>Stealth
==============================================
0xF7618000 WARNING: suspicious driver modification [atapi.sys::0x83B093B2]
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B74C, Type: Inline - RelativeJump 0x804E274C-->804E2737 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B760, Type: Inline - RelativeJump 0x804E2760-->804E2789 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B770, Type: Inline - RelativeJump 0x804E2770-->804E2728 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B77C, Type: Inline - RelativeJump 0x804E277C-->804E276F [ntoskrnl.exe]
ntoskrnl.exe+0x0000B78C, Type: Inline - RelativeJump 0x804E278C-->804E27D0 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B7AC, Type: Inline - RelativeJump 0x804E27AC-->D2D1EB8C [unknown_code_page]
ntoskrnl.exe+0x0000B7B8, Type: Inline - RelativeJump 0x804E27B8-->804E274B [ntoskrnl.exe]
ntoskrnl.exe+0x0000B878, Type: Inline - RelativeJump 0x804E2878-->804E281C [ntoskrnl.exe]
ntoskrnl.exe+0x0000B884, Type: Inline - RelativeJump 0x804E2884-->804E28AC [ntoskrnl.exe]
ntoskrnl.exe+0x0000B89C, Type: Inline - RelativeJump 0x804E289C-->804E2887 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B8A8, Type: Inline - RelativeJump 0x804E28A8-->804E28FF [ntoskrnl.exe]
ntoskrnl.exe+0x0000B8CC, Type: Inline - RelativeJump 0x804E28CC-->804E2897 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B8EC, Type: Inline - RelativeJump 0x804E28EC-->804E287C [ntoskrnl.exe]
ntoskrnl.exe+0x0000B96C, Type: Inline - RelativeJump 0x804E296C-->804E291D [ntoskrnl.exe]
ntoskrnl.exe+0x0000B9C4, Type: Inline - RelativeJump 0x804E29C4-->804E296B [ntoskrnl.exe]
ntoskrnl.exe+0x0000B9D8, Type: Inline - RelativeJump 0x804E29D8-->804E2A09 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B9F0, Type: Inline - RelativeJump 0x804E29F0-->804E2993 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B9FC, Type: Inline - RelativeJump 0x804E29FC-->804E2A5B [ntoskrnl.exe]
ntoskrnl.exe+0x0000BA68, Type: Inline - RelativeJump 0x804E2A68-->804E2A18 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BA84, Type: Inline - RelativeCall 0x804E2A84-->E4341616 [unknown_code_page]
ntoskrnl.exe+0x0000BA8C, Type: Inline - RelativeJump 0x804E2A8C-->804E2A15 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BA9C, Type: Inline - RelativeJump 0x804E2A9C-->804E2AD5 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BAAC, Type: Inline - RelativeJump 0x804E2AAC-->804E2B2E [ntoskrnl.exe]
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xEBACF0A8-->ED9D8300 [OAnet.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xEBACF0D4-->ED9D8360 [OAnet.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xEBACF0E0-->ED9D8610 [OAnet.sys]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xEEA70B4C-->ED9D8300 [OAnet.sys]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification 0xEEA70B1C-->ED9D8650 [OAnet.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xEEA70B3C-->ED9D8360 [OAnet.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xEEA70B28-->ED9D8610 [OAnet.sys]
[1284]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E370B9-->00000000 [unknown_code_page]
[1284]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E37251-->00000000 [unknown_code_page]
[1284]ctfmon.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C802367-->00000000 [unknown_code_page]
[1284]ctfmon.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802332-->00000000 [unknown_code_page]
[1284]ctfmon.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7E45A045-->00000000 [unknown_code_page]
[1452]oahlp.exe-->user32.dll-->LoadStringA, Type: Inline - DirectJump 0x7E42DFA8-->00000000 [unknown_code_page]
[1452]oahlp.exe-->user32.dll-->LoadStringW, Type: Inline - DirectJump 0x7E419E36-->00000000 [unknown_code_page]
[1468]oaui.exe-->user32.dll-->LoadStringA, Type: Inline - DirectJump 0x7E42DFA8-->00000000 [unknown_code_page]
[1468]oaui.exe-->user32.dll-->LoadStringW, Type: Inline - DirectJump 0x7E419E36-->00000000 [unknown_code_page]
[1560]oasrv.exe-->user32.dll-->LoadStringA, Type: Inline - DirectJump 0x7E42DFA8-->00000000 [unknown_code_page]
[1560]oasrv.exe-->user32.dll-->LoadStringW, Type: Inline - DirectJump 0x7E419E36-->00000000 [unknown_code_page]
[2044]TSVNCache.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E370B9-->00000000 [unknown_code_page]
[2044]TSVNCache.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E37251-->00000000 [unknown_code_page]
[2044]TSVNCache.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C802367-->00000000 [unknown_code_page]
[2044]TSVNCache.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802332-->00000000 [unknown_code_page]
[2044]TSVNCache.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7E45A045-->00000000 [unknown_code_page]
[2308]dlbkbmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E370B9-->00000000 [unknown_code_page]
[2308]dlbkbmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E37251-->00000000 [unknown_code_page]
[2308]dlbkbmon.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C802367-->00000000 [unknown_code_page]
[2308]dlbkbmon.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802332-->00000000 [unknown_code_page]
[2308]dlbkbmon.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7E45A045-->00000000 [unknown_code_page]
[2820]firefox.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E370B9-->00000000 [unknown_code_page]
[2820]firefox.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E37251-->00000000 [unknown_code_page]
[2820]firefox.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2820]firefox.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2820]firefox.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2820]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2820]firefox.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2820]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2820]firefox.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7E45A045-->00000000 [unknown_code_page]
[3040]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E370B9-->00000000 [unknown_code_page]
[3040]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E37251-->00000000 [unknown_code_page]
[3040]GoogleToolbarNotifier.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C802367-->00000000 [unknown_code_page]
[3040]GoogleToolbarNotifier.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802332-->00000000 [unknown_code_page]
[3040]GoogleToolbarNotifier.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7E45A045-->00000000 [unknown_code_page]
[3444]jusched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E370B9-->00000000 [unknown_code_page]
[3444]jusched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E37251-->00000000 [unknown_code_page]
[3444]jusched.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C802367-->00000000 [unknown_code_page]
[3444]jusched.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802332-->00000000 [unknown_code_page]
[3444]jusched.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7E45A045-->00000000 [unknown_code_page]
[3516]PCMService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E370B9-->00000000 [unknown_code_page]
[3516]PCMService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E37251-->00000000 [unknown_code_page]
[3516]PCMService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C802367-->00000000 [unknown_code_page]
[3516]PCMService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802332-->00000000 [unknown_code_page]
[3516]PCMService.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7E45A045-->00000000 [unknown_code_page]
[3864]dlbkbmgr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E370B9-->00000000 [unknown_code_page]
[3864]dlbkbmgr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E37251-->00000000 [unknown_code_page]
[3864]dlbkbmgr.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C802367-->00000000 [unknown_code_page]
[3864]dlbkbmgr.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802332-->00000000 [unknown_code_page]
[3864]dlbkbmgr.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7E45A045-->00000000 [unknown_code_page]
[3940]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E370B9-->00000000 [unknown_code_page]
[3940]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E37251-->00000000 [unknown_code_page]
[3940]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3940]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3940]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3940]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3940]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3940]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3940]explorer.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7E45A045-->00000000 [unknown_code_page]
[3960]taskmgr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E370B9-->00000000 [unknown_code_page]
[3960]taskmgr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E37251-->00000000 [unknown_code_page]
[3960]taskmgr.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C802367-->00000000 [unknown_code_page]
[3960]taskmgr.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802332-->00000000 [unknown_code_page]
[3960]taskmgr.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7E45A045-->00000000 [unknown_code_page]
[3968]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3968]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3968]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3968]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3968]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3968]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3968]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E41BD76-->00000000 [unknown_code_page]
[4088]ashDisp.exe-->advapi32.dll-->CreateServiceA, Type: Inline - DirectJump 0x77E370B9-->00000000 [unknown_code_page]
[4088]ashDisp.exe-->advapi32.dll-->CreateServiceW, Type: Inline - DirectJump 0x77E37251-->00000000 [unknown_code_page]
[4088]ashDisp.exe-->kernel32.dll-->CreateProcessA, Type: Inline - DirectJump 0x7C802367-->00000000 [unknown_code_page]
[4088]ashDisp.exe-->kernel32.dll-->CreateProcessW, Type: Inline - DirectJump 0x7C802332-->00000000 [unknown_code_page]
[4088]ashDisp.exe-->user32.dll-->ExitWindowsEx, Type: Inline - DirectJump 0x7E45A045-->00000000 [unknown_code_page]
[752]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]
[752]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)