1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Avast error 10050/No internet/no win defender

Discussion in 'Virus & Other Malware Removal' started by Charlie2688, Dec 16, 2011.

Thread Status:
Not open for further replies.
  1. Charlie2688

    Charlie2688 Thread Starter

    Joined:
    Dec 16, 2011
    Messages:
    3
    Hi!

    A few days ago I had an Avast alert blocking some rookit the next day I found out I had not internet, no firewall, no windows defender and Avast displaying the Error 10050

    I’ve run a series of cleaning programs (Avira Antivir Rescue, Rkill, tdsskiller, SuperantiSpyware and Malwarebytes Anti-Malware) and have deleted several infected files

    Not that it seems I might be clean (still not a 110% sure) I still have the problem of having no internet, no windows defender (error 0x80070424), Avast with error 10050 but apparently I was able to fix Windows Firewall (which according to other forums was originally deleted) and now seems "fine"

    As a reference I seem to have a very similar problem to this other user

    http://forums.techguy.org/virus-other-malware-removal/1030181-avast-error-10050-a.html

    Help!
     
  2. Charlie2688

    Charlie2688 Thread Starter

    Joined:
    Dec 16, 2011
    Messages:
    3
    --------------------------------------Hijackthis report-------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:59:57, on 16/12/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Windows\vsnpstd3.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DAP\DAP.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Windows\System32\RunDll32.exe
    C:\Users\Charlie\Desktop\Scanners\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.kodak.com:81/proxy.pac
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Messenger Plus Toolbar - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
    O2 - BHO: Messenger Plus - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
    O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Messenger Plus Toolbar - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio de red')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio de red')
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
    O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
    O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
    O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Servicio Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Servicio de Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
    O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
    O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
    O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
    O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe
    O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
    O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe
    O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
    O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
    O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe
    O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
    O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
    O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    --
    End of file - 25491 bytes



    --------------------------------------------DDS report-------------------------------------------
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Charlie at 14:06:15 on 2011-12-16
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.34.3082.18.3579.2531 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Windows\vsnpstd3.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DAP\DAP.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\nlssrv32.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Windows\System32\RunDll32.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.ec/
    uURLSearchHooks: Messenger Plus Toolbar: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - c:\program files\messenger_plus\prxtbMess.dll
    mURLSearchHooks: Messenger Plus Toolbar: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - c:\program files\messenger_plus\prxtbMess.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
    BHO: Messenger Plus Toolbar: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - c:\program files\messenger_plus\prxtbMess.dll
    BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
    TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Messenger Plus Toolbar: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - c:\program files\messenger_plus\prxtbMess.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [AdobeBridge]
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
    uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [snpstd3] c:\windows\vsnpstd3.exe
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
    mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
    mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\dap\dapextie.htm
    IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.10.1
    TCP: Interfaces\{5E367C39-F3F0-456F-A052-C9B1981CBD6E} : DhcpNameServer = 200.63.212.110 200.25.144.1
    TCP: Interfaces\{B760247C-3CDA-41B8-9A17-C17AA40707CD} : DhcpNameServer = 192.168.10.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
    Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-17 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-16 314456]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-16 20568]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-16 55128]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-12-4 44768]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-15 366152]
    R2 NAUpdate;Actualización de Nero;c:\program files\nero\update\NASvc.exe [2010-2-18 462632]
    R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-4-1 66560]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-15 22216]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-10-26 139880]
    R3 RTL8167;Controlador NT de Realtek 8167;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Servicio Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-14 136176]
    S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-1-14 8192]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\common files\futuremark shared\futuremark systeminfo\FMSISvc.exe [2010-12-8 128928]
    S3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-14 136176]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    .
    =============== Created Last 30 ================
    .
    2011-12-16 18:54:32 -------- d-----w- c:\users\charlie\appdata\local\{3F32EFCE-3072-4E0F-8E9E-4E6F7073EF0A}
    2011-12-16 18:49:08 -------- d-----w- c:\users\charlie\appdata\local\{0CC17921-0DF3-4082-8E44-8F79525422F8}
    2011-12-16 17:00:21 -------- d-----w- c:\users\charlie\appdata\local\{55BB8D5B-447C-4753-A048-F6DF0313B561}
    2011-12-16 05:42:29 -------- d-----w- c:\users\charlie\appdata\local\{2E633018-FAE0-493E-8D67-10C5EFC7F7BE}
    2011-12-16 05:21:03 -------- d-----w- c:\users\charlie\appdata\local\{B4C8AAD1-5239-4862-B49A-EE68601F8F56}
    2011-12-16 03:33:51 -------- d-----w- c:\users\charlie\appdata\local\{9C795F19-B5C7-4226-90E5-EE202AADC255}
    2011-12-16 03:14:17 -------- d-----w- c:\users\charlie\appdata\local\{18EC28D4-1442-4A72-B1BB-7C90F0A09B4C}
    2011-12-16 03:12:22 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-12-16 02:51:00 -------- d-----w- c:\users\charlie\appdata\local\{E1A00AE6-1588-48AF-9A3C-D064B301FA55}
    2011-12-16 02:40:24 -------- d-----w- c:\users\charlie\appdata\local\{0E6CBED5-88B7-4129-8A81-A2E43E93B893}
    2011-12-15 21:29:42 -------- d-----w- c:\users\charlie\appdata\local\{F3C2CCF4-2ACE-479A-BC66-83BFCAFBA873}
    2011-12-15 17:27:50 -------- d-----w- c:\users\charlie\appdata\local\{91753B8E-6361-4CA4-91DC-B8E9143808BC}
    2011-12-15 16:01:08 -------- d-----w- c:\users\charlie\appdata\local\{99897BC3-0769-40B0-B747-5544ADD1957F}
    2011-12-15 08:44:46 -------- d-----w- c:\users\charlie\appdata\local\{663C20CF-C483-4FFE-973B-5C9A4698CEBB}
    2011-12-15 08:30:30 -------- d-----w- c:\users\charlie\appdata\roaming\Malwarebytes
    2011-12-15 08:30:22 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-15 08:30:18 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-15 08:30:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-15 08:27:43 -------- d-----w- c:\users\charlie\appdata\local\{CA555153-E13C-457F-A5AB-D9B9C110BCE4}
    2011-12-15 02:26:59 -------- d-----w- c:\users\charlie\appdata\roaming\SUPERAntiSpyware.com
    2011-12-15 02:26:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-12-15 02:26:19 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-12-15 02:24:21 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-12-14 20:27:36 -------- d-----w- c:\users\charlie\appdata\local\{5BFACE61-C29D-4DCA-A0F6-CFED4DCE8FEA}
    2011-12-14 05:38:18 -------- d-----w- c:\users\charlie\appdata\local\{AA3C3676-D22C-415C-BF94-B7C750830342}
    2011-12-13 17:37:33 -------- d-----w- c:\users\charlie\appdata\local\{526C31CE-A48A-4C2F-9B90-6277619AEC12}
    2011-12-13 17:37:02 -------- d-----w- c:\users\charlie\appdata\local\{D908DF18-A1CB-4586-B8DC-10419040C71A}
    2011-12-13 05:36:14 -------- d-----w- c:\users\charlie\appdata\local\{B18BF51B-6ECC-47F7-B592-FFCB79BF3469}
    2011-12-12 17:35:08 -------- d-----w- c:\users\charlie\appdata\local\{354D5154-2FC1-41FB-AD7C-5B5721E9F7E5}
    2011-12-12 17:34:38 -------- d-----w- c:\users\charlie\appdata\local\{F75324B5-3EDE-40CF-8389-C422F5DB8FDD}
    2011-12-12 05:33:53 -------- d-----w- c:\users\charlie\appdata\local\{661D22C4-1EF8-4A5E-8D7D-CEDF99D746BA}
    2011-12-11 17:32:40 -------- d-----w- c:\users\charlie\appdata\local\{F5F6A709-66E4-4550-896D-D7AD0429FDDA}
    2011-12-11 17:32:10 -------- d-----w- c:\users\charlie\appdata\local\{B328A256-7C0F-4B77-8B73-18B126001216}
    2011-12-11 05:31:26 -------- d-----w- c:\users\charlie\appdata\local\{7B66C23D-E3CA-41DD-9362-F00540386883}
    2011-12-11 05:30:56 -------- d-----w- c:\users\charlie\appdata\local\{9CAE5A52-7080-4ECB-9BBD-B4E06EA6541B}
    2011-12-10 17:30:11 -------- d-----w- c:\users\charlie\appdata\local\{DF7770AD-D2D1-416E-B880-E5CEFA2FF777}
    2011-12-10 17:29:41 -------- d-----w- c:\users\charlie\appdata\local\{A6936083-DCF0-4CE7-8772-C71F2FF5B6BD}
    2011-12-10 05:28:57 -------- d-----w- c:\users\charlie\appdata\local\{E3B874A4-074D-41A5-BF18-C676A1ED5079}
    2011-12-10 05:28:27 -------- d-----w- c:\users\charlie\appdata\local\{7A592B26-6EF3-43A1-A72C-86E4DFAB8EBB}
    2011-12-09 17:27:42 -------- d-----w- c:\users\charlie\appdata\local\{C1721517-6578-4BFE-A3B5-FACB715391BC}
    2011-12-09 17:27:13 -------- d-----w- c:\users\charlie\appdata\local\{D94DD713-B85D-41E7-AB5F-C24442A00C90}
    2011-12-09 05:26:29 -------- d-----w- c:\users\charlie\appdata\local\{EAA70D38-5E0F-4B2B-8691-5E47326525E9}
    2011-12-09 05:25:58 -------- d-----w- c:\users\charlie\appdata\local\{C0EBB327-26E1-4759-B1B0-868FC6FCF77E}
    2011-12-08 17:25:13 -------- d-----w- c:\users\charlie\appdata\local\{CEA2047A-C764-44DF-988F-449B6217D9C7}
    2011-12-08 17:24:31 -------- d-----w- c:\users\charlie\appdata\local\{84F8CC64-3DF8-4F4E-A95F-7BB97D3E92B6}
    2011-12-07 22:01:22 -------- d-----w- c:\users\charlie\appdata\local\{6F9BE68F-3E0C-45D1-A947-6B243434B11B}
    2011-12-07 22:00:44 -------- d-----w- c:\users\charlie\appdata\local\{6C4F718B-D283-4286-89E1-0EE3B574597C}
    2011-12-07 15:33:48 -------- d-----w- c:\users\charlie\appdata\local\{40D68EFE-21C7-4947-986A-975EE9D2699C}
    2011-12-07 15:32:51 -------- d-----w- c:\users\charlie\appdata\local\{2FA98E7A-2367-40F0-8AE5-7FB9950BF245}
    2011-12-06 17:33:46 -------- d-----w- c:\users\charlie\appdata\local\{12B7C19F-7848-4E57-A395-776B64AA40B0}
    2011-12-06 17:33:03 -------- d-----w- c:\users\charlie\appdata\local\{C60F39EE-2B08-4DD5-9488-1E1B22EA3921}
    2011-12-06 03:48:30 -------- d-----w- c:\users\charlie\appdata\local\{BA2625DE-33A4-41BF-8014-C9F8A4D423FC}
    2011-12-05 15:47:14 -------- d-----w- c:\users\charlie\appdata\local\{0F978362-C254-476E-8DEF-923A1749A758}
    2011-12-05 15:46:23 -------- d-----w- c:\users\charlie\appdata\local\{ECDDB1F4-6597-4AC9-B400-3F953AD9530B}
    2011-12-04 16:11:41 -------- d-----w- c:\users\charlie\appdata\local\{2FF44CB4-1E23-4885-B618-5F5E544DF348}
    2011-12-04 16:11:07 -------- d-----w- c:\users\charlie\appdata\local\{3D4D57DC-D3ED-44D4-BD3C-AAF7D4C45027}
    2011-12-04 03:39:55 -------- d-----w- c:\users\charlie\appdata\local\{3FF58705-1823-4EC7-BE9F-C8C44622F73E}
    2011-12-03 21:52:37 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
    2011-12-03 21:52:36 -------- d-----w- c:\program files\AMD
    2011-12-03 21:52:29 -------- d-----w- c:\users\charlie\appdata\local\Downloaded Installations
    2011-12-03 15:38:53 -------- d-----w- c:\users\charlie\appdata\local\{5DAA5242-356F-4C80-B8AF-2E85E078F7D7}
    2011-12-03 03:37:39 -------- d-----w- c:\users\charlie\appdata\local\{A7A6DD77-981D-4BC4-A269-F25DA44F1E85}
    2011-12-02 15:36:23 -------- d-----w- c:\users\charlie\appdata\local\{55C94099-3081-46B5-B70E-696138855C1B}
    2011-12-02 15:35:52 -------- d-----w- c:\users\charlie\appdata\local\{2B1C1EC2-93C6-4A0D-A18E-E04D98C56679}
    2011-12-02 03:03:57 -------- d-----w- c:\users\charlie\appdata\local\{2764DAB4-F89E-4839-8714-FFCAB40C1ECB}
    2011-12-02 03:03:26 -------- d-----w- c:\users\charlie\appdata\local\{65626B6E-DD11-41E6-B1C4-F6E403E63940}
    2011-12-01 04:37:22 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{29c71f10-6827-4df6-bdc1-a25c38f6eb7b}\mpengine.dll
    2011-12-01 02:49:41 -------- d-----w- c:\users\charlie\appdata\local\{7C13372C-55AD-4424-95FB-28AC135FFECD}
    2011-12-01 01:59:26 42392 ----a-w- c:\windows\system32\xfcodec.dll
    2011-11-30 22:38:37 -------- d-----w- c:\program files\Research In Motion Limited
    2011-11-30 14:48:37 -------- d-----w- c:\users\charlie\appdata\local\{A117CFC3-614E-43D0-9691-2E8C0D0AF414}
    2011-11-30 02:47:23 -------- d-----w- c:\users\charlie\appdata\local\{292DF325-EE98-49CD-86F3-B69F9E28C080}
    2011-11-30 02:46:53 -------- d-----w- c:\users\charlie\appdata\local\{1D34CDAB-532F-455D-B1E2-3F69FEC523C0}
    2011-11-29 02:39:25 -------- d-----w- c:\users\charlie\appdata\local\{AEB9ABEA-67E8-4CD7-A154-694B6A7A5070}
    2011-11-29 02:38:56 -------- d-----w- c:\users\charlie\appdata\local\{6F235AEC-C3EE-4709-8BA7-F53878B1A9FC}
    2011-11-28 05:08:34 -------- d-----w- c:\users\charlie\appdata\local\{9D91A30C-A151-46E4-9C9B-48B60091CBDB}
    2011-11-27 17:07:17 -------- d-----w- c:\users\charlie\appdata\local\{164B0BA0-4843-4116-94FF-C4E56A4B9CB5}
    2011-11-27 17:06:40 -------- d-----w- c:\users\charlie\appdata\local\{E9F14EB1-2EA8-4964-8ABE-318DE1A936F4}
    2011-11-27 03:55:14 -------- d-----w- c:\users\charlie\appdata\local\{7C884973-F795-4ECF-88F5-5DFFA1595AD7}
    2011-11-26 15:53:56 -------- d-----w- c:\users\charlie\appdata\local\{4F69A0B3-E119-4F5D-AF2E-188186C98283}
    2011-11-26 15:53:26 -------- d-----w- c:\users\charlie\appdata\local\{6B1854B1-D3F7-4D8D-9133-4ED9F2E9914D}
    2011-11-26 01:09:28 -------- d-----w- c:\users\charlie\appdata\local\{F36CF5B6-CEC3-4324-8D79-ADACACF5F0DC}
    2011-11-26 01:08:58 -------- d-----w- c:\users\charlie\appdata\local\{9556645D-BE5B-438A-99C8-8C679C33A5AE}
    2011-11-25 02:37:46 -------- d-----w- c:\users\charlie\appdata\local\{425A9736-ADF2-4AAF-9767-1E46C60792B1}
    2011-11-25 02:37:15 -------- d-----w- c:\users\charlie\appdata\local\{4C834E31-942B-4276-B0D1-B678DF13EFFA}
    2011-11-24 12:44:27 -------- d-----w- c:\users\charlie\appdata\local\{5C55918E-BEC6-45DE-A29E-4BC780BC9E59}
    2011-11-24 12:43:53 -------- d-----w- c:\users\charlie\appdata\local\{BA84076E-46D8-4314-8334-85773CAB57B9}
    2011-11-23 15:22:39 -------- d-----w- c:\users\charlie\appdata\local\{B7C9B658-CB16-49B1-8EC8-5714DC0C8B96}
    2011-11-23 15:22:09 -------- d-----w- c:\users\charlie\appdata\local\{FBB1F5DC-38C1-4318-9EA0-569A27D9F935}
    2011-11-23 02:52:15 -------- d-----w- c:\users\charlie\appdata\local\{A1D7924B-812E-4BB8-9BEB-3EDDEFCF787D}
    2011-11-23 02:51:33 -------- d-----w- c:\users\charlie\appdata\local\{31984F85-16DA-4B08-9A6A-5BCCAC41D4EA}
    2011-11-22 12:46:12 -------- d-----w- c:\users\charlie\appdata\local\{8FB6217C-B9F3-47BB-9F17-9BCDE5B7202D}
    2011-11-22 12:45:27 -------- d-----w- c:\users\charlie\appdata\local\{88E1281F-4BE3-4D75-9646-4033C020232E}
    2011-11-21 22:23:07 -------- d-----w- c:\users\charlie\appdata\local\{4CA09AE8-021E-4441-9208-0A67E6555C4E}
    2011-11-21 22:22:27 -------- d-----w- c:\users\charlie\appdata\local\{DE4CDB70-82AE-4E4F-B536-20C4AF0DA8F0}
    2011-11-21 05:10:49 -------- d-----w- c:\users\charlie\appdata\local\{65E5A58A-BB8E-42D8-8E93-602961415454}
    2011-11-20 17:09:27 -------- d-----w- c:\users\charlie\appdata\local\{D73FA503-C336-4049-9F14-D31FC2693D24}
    2011-11-20 17:08:30 -------- d-----w- c:\users\charlie\appdata\local\{62CDE7F3-B5FD-4974-B10D-EE1D575B7724}
    2011-11-19 16:46:56 -------- d-----w- c:\users\charlie\appdata\local\{4FAFB8AA-7FA3-43B0-B1B8-DDCC98A84134}
    2011-11-19 16:46:17 -------- d-----w- c:\users\charlie\appdata\local\{20CE3397-B6C0-45AD-9B21-C8D8AFEC13E7}
    2011-11-19 00:34:43 -------- d-----w- c:\users\charlie\appdata\local\{B74B6E53-2A10-4585-806A-B2653459ED6F}
    2011-11-19 00:34:02 -------- d-----w- c:\users\charlie\appdata\local\{45284CC9-BF51-4CFE-B362-E5CD310B104B}
    2011-11-18 02:38:25 -------- d-----w- c:\users\charlie\appdata\local\{89962FA9-1FEE-47A4-9D02-427F4527BAF8}
    2011-11-18 02:37:53 -------- d-----w- c:\users\charlie\appdata\local\{F3CA3E2F-5AB9-4C90-8BF1-D38EE16917CB}
    2011-11-17 03:29:00 -------- d-----w- c:\users\charlie\appdata\local\{A26E8DFE-3EB0-479C-9229-025A5D9AED68}
    2011-11-17 03:28:31 -------- d-----w- c:\users\charlie\appdata\local\{8336D595-150E-4486-9C92-B26985B6AEF7}
    .
    ==================== Find3M ====================
    .
    2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:52:07 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-11-18 02:54:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-26 22:25:22 154464376 ----a-w- c:\users\charlie\285.62-desktop-win7-winvista-32bit-international-whql.exe
    2011-10-15 05:54:52 321856 ----a-w- c:\windows\system32\nvStreaming.exe
    2011-10-08 18:29:22 84480 ----a-w- c:\windows\system32\EasyHook32.dll
    2011-10-08 18:29:22 109216 ----a-w- c:\windows\system32\EasyHook64.dll
    2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-29 15:43:37 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-09-29 04:20:25 2339840 ----a-w- c:\windows\system32\win32k.sys
    2011-09-22 02:29:32 0 ----a-w- c:\windows\DXTBA48.tmp
    2011-09-22 02:29:32 0 ----a-w- c:\windows\DXTBA27.tmp
    2011-09-22 02:29:32 0 ----a-w- c:\windows\DXTB9F8.tmp
    .
    ============= FINISH: 14:06:41,55 ===============




    -------------------------------------------GMER report-------------------------------------------

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-16 14:50:14
    Windows 6.1.7600 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T1L0-b WDC_WD1001FALS-00E8B0 rev.05.00K05
    Running: qmkcbubr.exe; Driver: C:\Users\Charlie\AppData\Local\Temp\afdyypod.sys

    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x91C4CFC4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x926AB510]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x91C4F456]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x91C4F4AE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x91C4F5C4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x91C4F3AC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x91C4F4FE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x91C4F400]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x91C4F572]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x91C4CFE8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x926AB5C0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x91C4CDB2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x91C4D00C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x91C4F9BC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x91C4DAA4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x91C4F486]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x91C4F4D6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x91C4F5EE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x91C4F3D8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x91C4F53E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x91C4F42E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x91C4F59C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x926AB658]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x91C4D96A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x91C4D030]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x91C4D054]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x91C4CE0C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x91C4CF48]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x91C4CF24]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x91C4CF6C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x91C4D078]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x926BF7A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83282539 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832A7092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!RtlSidHashLookup + 224 832AE884 4 Bytes [C4, CF, C4, 91]
    .text ntkrnlpa.exe!RtlSidHashLookup + 24C 832AE8AC 4 Bytes [10, B5, 6A, 92]
    .text ntkrnlpa.exe!RtlSidHashLookup + 300 832AE960 8 Bytes [56, F4, C4, 91, AE, F4, C4, ...] {PUSH ESI; HLT ; LES EDX, DWORD [ECX-0x6e3b0b52]}
    .text ntkrnlpa.exe!RtlSidHashLookup + 30C 832AE96C 4 Bytes [C4, F5, C4, 91]
    .text ntkrnlpa.exe!RtlSidHashLookup + 328 832AE988 4 Bytes [AC, F3, C4, 91]
    .text ...
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83448342 5 Bytes JMP 926BC69C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject + 27 83462055 5 Bytes JMP 926BE174 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 834AC65A 4 Bytes CALL 91C4E025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 834B4734 4 Bytes CALL 91C4E03B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 8351A3C8 7 Bytes JMP 926BF7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    ? System32\Drivers\spbp.sys El sistema no puede encontrar la ruta especificada. !
    .text USBPORT.SYS!DllUnload 93C48CA0 5 Bytes JMP 876631D8
    ? C:\Users\Charlie\AppData\Local\Temp\mbr.sys El sistema no puede encontrar el archivo especificado. !
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Windows\system32\Dwm.exe[484] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000A03FC
    .text C:\Windows\system32\Dwm.exe[484] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000A01F8
    .text C:\Windows\system32\Dwm.exe[484] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\system32\Dwm.exe[484] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00130A08
    .text C:\Windows\system32\Dwm.exe[484] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 001303FC
    .text C:\Windows\system32\Dwm.exe[484] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00130804
    .text C:\Windows\system32\Dwm.exe[484] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 001301F8
    .text C:\Windows\system32\Dwm.exe[484] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00130600
    .text C:\Windows\Explorer.EXE[504] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Windows\Explorer.EXE[504] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Windows\Explorer.EXE[504] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\Explorer.EXE[504] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00150A08
    .text C:\Windows\Explorer.EXE[504] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 001503FC
    .text C:\Windows\Explorer.EXE[504] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00150804
    .text C:\Windows\Explorer.EXE[504] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 001501F8
    .text C:\Windows\Explorer.EXE[504] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00150600
    .text C:\Windows\system32\csrss.exe[536] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\vsnpstd3.exe[596] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 001503FC
    .text C:\Windows\vsnpstd3.exe[596] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 001501F8
    .text C:\Windows\vsnpstd3.exe[596] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\vsnpstd3.exe[596] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 002E0A08
    .text C:\Windows\vsnpstd3.exe[596] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 002E03FC
    .text C:\Windows\vsnpstd3.exe[596] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 002E0804
    .text C:\Windows\vsnpstd3.exe[596] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 002E01F8
    .text C:\Windows\vsnpstd3.exe[596] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 002E0600
    .text C:\Windows\system32\csrss.exe[604] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[612] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000303FC
    .text C:\Windows\system32\wininit.exe[612] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000301F8
    .text C:\Windows\system32\wininit.exe[612] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[612] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\wininit.exe[612] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 000C03FC
    .text C:\Windows\system32\wininit.exe[612] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 000C0804
    .text C:\Windows\system32\wininit.exe[612] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\wininit.exe[612] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 000C0600
    .text C:\Windows\system32\services.exe[684] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Windows\system32\services.exe[684] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Windows\system32\services.exe[684] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[692] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000303FC
    .text C:\Windows\system32\winlogon.exe[692] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000301F8
    .text C:\Windows\system32\winlogon.exe[692] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[692] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00100A08
    .text C:\Windows\system32\winlogon.exe[692] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 001003FC
    .text C:\Windows\system32\winlogon.exe[692] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00100804
    .text C:\Windows\system32\winlogon.exe[692] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 001001F8
    .text C:\Windows\system32\winlogon.exe[692] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00100600
    .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[720] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[720] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[720] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[720] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 000F0A08
    .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[720] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 000F03FC
    .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[720] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 000F0804
    .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[720] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 000F01F8
    .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[720] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 000F0600
    .text C:\Windows\system32\lsass.exe[728] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Windows\system32\lsass.exe[728] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Windows\system32\lsass.exe[728] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\system32\lsm.exe[740] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Windows\system32\lsm.exe[740] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Windows\system32\lsm.exe[740] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[836] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[836] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[836] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\system32\nvvsvc.exe[920] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Windows\system32\nvvsvc.exe[920] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Windows\system32\nvvsvc.exe[920] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\system32\nvvsvc.exe[920] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 000F0A08
    .text C:\Windows\system32\nvvsvc.exe[920] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 000F03FC
    .text C:\Windows\system32\nvvsvc.exe[920] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 000F0804
    .text C:\Windows\system32\nvvsvc.exe[920] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 000F01F8
    .text C:\Windows\system32\nvvsvc.exe[920] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 000F0600
    .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[944] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 001503FC
    .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[944] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 001501F8
    .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[944] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[944] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 001F0A08
    .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[944] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 001F03FC
    .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[944] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 001F0804
    .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[944] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 001F01F8
    .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[944] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 001F0600
    .text C:\Windows\system32\svchost.exe[976] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000A03FC
    .text C:\Windows\system32\svchost.exe[976] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000A01F8
    .text C:\Windows\system32\svchost.exe[976] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1064] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000703FC
    .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1064] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000701F8
    .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1064] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1064] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00220A08
    .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1064] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 002203FC
    .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1064] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00220804
    .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1064] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 002201F8
    .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[1064] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00220600
    .text C:\Windows\System32\svchost.exe[1084] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Windows\System32\svchost.exe[1084] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Windows\System32\svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1084] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00190A08
    .text C:\Windows\System32\svchost.exe[1084] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 001903FC
    .text C:\Windows\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00190804
    .text C:\Windows\System32\svchost.exe[1084] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 001901F8
    .text C:\Windows\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00190600
    .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000A03FC
    .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000A01F8
    .text C:\Windows\System32\svchost.exe[1120] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1120] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00380A08
    .text C:\Windows\System32\svchost.exe[1120] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 003803FC
    .text C:\Windows\System32\svchost.exe[1120] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00380804
    .text C:\Windows\System32\svchost.exe[1120] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 003801F8
    .text C:\Windows\System32\svchost.exe[1120] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00380600
    .text C:\Windows\system32\svchost.exe[1148] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000A03FC
    .text C:\Windows\system32\svchost.exe[1148] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000A01F8
    .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1176] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 001703FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1176] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 001701F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1176] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1176] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00310A08
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1176] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 003103FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1176] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00310804
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1176] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 003101F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1176] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00310600
    .text C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe[1236] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 001603FC
    .text C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe[1236] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 001601F8
    .text C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe[1236] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe[1236] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00300A08
    .text C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe[1236] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 003003FC
    .text C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe[1236] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00300804
    .text C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe[1236] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 003001F8
    .text C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe[1236] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00300600
    .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1300] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00440A08
    .text C:\Windows\system32\svchost.exe[1300] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 004403FC
    .text C:\Windows\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00440804
    .text C:\Windows\system32\svchost.exe[1300] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 004401F8
    .text C:\Windows\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00440600
    .text C:\Windows\system32\svchost.exe[1404] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[1404] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[1404] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!SetUnhandledExceptionFilter 76D530E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1480] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 001603FC
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 001601F8
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 001F0A08
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 001F03FC
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 001F0804
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 001F01F8
    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1556] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 001F0600
    .text C:\Windows\system32\nvvsvc.exe[1568] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Windows\system32\nvvsvc.exe[1568] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Windows\system32\nvvsvc.exe[1568] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\system32\nvvsvc.exe[1568] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 001F0A08
    .text C:\Windows\system32\nvvsvc.exe[1568] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 001F03FC
    .text C:\Windows\system32\nvvsvc.exe[1568] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 001F0804
    .text C:\Windows\system32\nvvsvc.exe[1568] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 001F01F8
    .text C:\Windows\system32\nvvsvc.exe[1568] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 001F0600
    .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1812] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 001603FC
    .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1812] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 001601F8
    .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1812] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1812] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 001F0A08
    .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1812] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 001F03FC
    .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1812] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 001F0804
    .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1812] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 001F01F8
    .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[1812] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 001F0600
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1816] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1816] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1816] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1816] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00180A08
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1816] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 001803FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1816] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00180804
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1816] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 001801F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1816] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00180600
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1988] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1988] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1988] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1988] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00110A08
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1988] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 001103FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1988] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00110804
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1988] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 001101F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[1988] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00110600
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 004903FC
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 004901F8
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] kernel32.dll!LockResource 76D43478 5 Bytes JMP 280A75A0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] kernel32.dll!FindResourceW 76D4924F 5 Bytes JMP 280A7260 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] kernel32.dll!SizeofResource 76D4926D 5 Bytes JMP 280A7530 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] kernel32.dll!FindResourceExW 76D4A80F 5 Bytes JMP 280A72E0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] kernel32.dll!LoadResource 76D4D338 5 Bytes JMP 280A7480 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] kernel32.dll!FindResourceExA 76D4D435 7 Bytes JMP 280A73F0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] kernel32.dll!FindResourceA 76D4D4FD 5 Bytes JMP 280A7360 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] kernel32.dll!CreateEventW 76D505B3 5 Bytes JMP 280A6E40 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] ADVAPI32.dll!CryptDecrypt 75E92140 5 Bytes JMP 280A6600 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] ADVAPI32.dll!CryptDeriveKey 75E92150 5 Bytes JMP 280A65A0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] USER32.dll!SetWindowPlacement 76DE8169 5 Bytes JMP 280ACFF0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] USER32.dll!CreateDialogParamW 76DE9BFF 5 Bytes JMP 280AD140 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] USER32.dll!SetWindowRgn 76DEB29A 7 Bytes JMP 280AD090 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 005F0A08
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 005F03FC
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] USER32.dll!CreateWindowExW 76DF0E51 5 Bytes JMP 280A8EA0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] USER32.dll!LoadIconW 76DF1431 5 Bytes JMP 280AD910 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 005F0804
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] USER32.dll!LoadImageW 76DF2323 5 Bytes JMP 280AD790 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 005F01F8
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] USER32.dll!GetWindowLongW 76DF83A9 7 Bytes JMP 280ADA40 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] USER32.dll!PeekMessageW 76DF91B5 5 Bytes JMP 280A9C20 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] USER32.dll!TrackPopupMenuEx 76E15F72 5 Bytes JMP 280AA340 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 005F0600
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] USER32.dll!MessageBoxIndirectW 76E3E9C3 5 Bytes JMP 280AD370 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] SHELL32.dll!Shell_NotifyIconW 760CFBE1 5 Bytes JMP 280A8290 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] ole32.dll!CoRegisterClassObject 76EC121D 5 Bytes JMP 280A7900 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] ole32.dll!CoInitializeEx 76EF08CC 5 Bytes JMP 280A7800 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] ole32.dll!CoCreateInstance 76F0590C 5 Bytes JMP 280A7B80 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] WININET.dll!InternetCloseHandle 75EFB7C4 5 Bytes JMP 280B4110 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] WININET.dll!InternetReadFile 75EFEA3A 2 Bytes JMP 280B3FD0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] WININET.dll!InternetReadFile + 3 75EFEA3D 2 Bytes [1B, B2]
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] WININET.dll!HttpOpenRequestA 75F25539 5 Bytes JMP 280B3E70 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2008] WININET.dll!HttpSendRequestA 75F55768 5 Bytes JMP 280B4070 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2052] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 001603FC
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2052] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 001601F8
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2052] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2052] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00580A08
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2052] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 005803FC
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2052] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00580804
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2052] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 005801F8
    .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2052] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00580600
    .text C:\Program Files\DAP\DAP.exe[2120] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 001603FC
    .text C:\Program Files\DAP\DAP.exe[2120] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 001601F8
    .text C:\Program Files\DAP\DAP.exe[2120] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\DAP\DAP.exe[2120] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 001F0A08
    .text C:\Program Files\DAP\DAP.exe[2120] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 001F03FC
    .text C:\Program Files\DAP\DAP.exe[2120] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 001F0804
    .text C:\Program Files\DAP\DAP.exe[2120] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 001F01F8
    .text C:\Program Files\DAP\DAP.exe[2120] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 001F0600
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2128] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2128] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2128] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2128] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 000F0A08
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2128] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 000F03FC
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2128] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 000F0804
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2128] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 000F01F8
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2128] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 000F0600
    .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2288] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 001603FC
    .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2288] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 001601F8
    .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2288] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2288] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 001F0A08
    .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2288] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 001F03FC
    .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2288] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 001F0804
    .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2288] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 001F01F8
    .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2288] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 001F0600
    .text C:\Users\Charlie\Desktop\Scanners\GMER\qmkcbubr.exe[2456] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000503FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000501F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00080A08
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 000803FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00080804
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 000801F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00080600
    .text C:\Windows\System32\RunDll32.exe[2556] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000803FC
    .text C:\Windows\System32\RunDll32.exe[2556] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000801F8
    .text C:\Windows\System32\RunDll32.exe[2556] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\System32\RunDll32.exe[2556] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00110A08
    .text C:\Windows\System32\RunDll32.exe[2556] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 001103FC
    .text C:\Windows\System32\RunDll32.exe[2556] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00110804
    .text C:\Windows\System32\RunDll32.exe[2556] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 001101F8
    .text C:\Windows\System32\RunDll32.exe[2556] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00110600
    .text C:\Windows\system32\svchost.exe[2576] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[2576] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[2576] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2576] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00150A08
    .text C:\Windows\system32\svchost.exe[2576] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 001503FC
    .text C:\Windows\system32\svchost.exe[2576] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00150804
    .text C:\Windows\system32\svchost.exe[2576] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 001501F8
    .text C:\Windows\system32\svchost.exe[2576] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00150600
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2640] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2640] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2640] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2640] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 001F0A08
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2640] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 001F03FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2640] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 001F0804
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2640] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 001F01F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[2640] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 001F0600
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2680] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 001603FC
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2680] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 001601F8
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2680] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2680] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00200A08
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2680] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 002003FC
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2680] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00200804
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2680] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 002001F8
    .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2680] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00200600
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2704] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000703FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2704] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000701F8
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2704] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2704] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00090A08
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2704] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 000903FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2704] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00090804
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2704] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 000901F8
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2704] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00090600
    .text C:\Windows\System32\svchost.exe[2776] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Windows\System32\svchost.exe[2776] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Windows\System32\svchost.exe[2776] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\system32\nlssrv32.exe[2808] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 001603FC
    .text C:\Windows\system32\nlssrv32.exe[2808] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 001601F8
    .text C:\Windows\system32\nlssrv32.exe[2808] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[2840] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Windows\System32\svchost.exe[2840] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Windows\System32\svchost.exe[2840] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2896] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[2896] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[2896] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000A03FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000A01F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00140A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 001403FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00140804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 001401F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2980] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00140600
    .text C:\Windows\system32\AUDIODG.EXE[3084] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\system32\SearchIndexer.exe[3088] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Windows\system32\SearchIndexer.exe[3088] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Windows\system32\SearchIndexer.exe[3088] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Windows\system32\SearchIndexer.exe[3088] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00100A08
    .text C:\Windows\system32\SearchIndexer.exe[3088] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 001003FC
    .text C:\Windows\system32\SearchIndexer.exe[3088] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00100804
    .text C:\Windows\system32\SearchIndexer.exe[3088] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 001001F8
    .text C:\Windows\system32\SearchIndexer.exe[3088] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00100600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00090A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 000903FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00090804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 000901F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3096] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00090600
    .text C:\Windows\system32\svchost.exe[3140] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[3140] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[3140] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3492] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 001703FC
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3492] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 001701F8
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3492] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3492] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00210A08
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3492] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 002103FC
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3492] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00210804
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3492] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 002101F8
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3492] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00210600
    .text C:\Program Files\Nero\Update\NASvc.exe[3848] ntdll.dll!LdrUnloadDll 7711BEAF 5 Bytes JMP 000703FC
    .text C:\Program Files\Nero\Update\NASvc.exe[3848] ntdll.dll!LdrLoadDll 7711F5B5 5 Bytes JMP 000701F8
    .text C:\Program Files\Nero\Update\NASvc.exe[3848] kernel32.dll!GetBinaryTypeW + 70 76D678FC 1 Byte [62]
    .text C:\Program Files\Nero\Update\NASvc.exe[3848] USER32.dll!UnhookWindowsHookEx 76DECC7B 5 Bytes JMP 00090A08
    .text C:\Program Files\Nero\Update\NASvc.exe[3848] USER32.dll!UnhookWinEvent 76DED924 5 Bytes JMP 000903FC
    .text C:\Program Files\Nero\Update\NASvc.exe[3848] USER32.dll!SetWindowsHookExW 76DF210A 5 Bytes JMP 00090804
    .text C:\Program Files\Nero\Update\NASvc.exe[3848] USER32.dll!SetWinEventHook 76DF507E 5 Bytes JMP 000901F8
    .text C:\Program Files\Nero\Update\NASvc.exe[3848] USER32.dll!SetWindowsHookExA 76E16DFA 5 Bytes JMP 00090600
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\Ntfs \Ntfs 85CFF1F8
    Device \FileSystem\fastfat \FatCdrom 8863B1F8
    Device \Driver\volmgr \Device\VolMgrControl 85CFB1F8
    Device \Driver\usbuhci \Device\USBPDO-0 877C61F8
    Device \Driver\usbuhci \Device\USBPDO-1 877C61F8
    Device \Driver\usbuhci \Device\USBPDO-2 877C61F8
    Device \Driver\usbehci \Device\USBPDO-3 8768B500
    Device \Driver\usbuhci \Device\USBPDO-4 877C61F8
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    Device \Driver\usbuhci \Device\USBPDO-5 877C61F8
    Device \Driver\usbuhci \Device\USBPDO-6 877C61F8
    Device \Driver\volmgr \Device\HarddiskVolume1 85CFB1F8
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    Device \Driver\usbuhci \Device\USBPDO-7 877C61F8
    Device \Driver\volmgr \Device\HarddiskVolume2 85CFB1F8
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    Device \Driver\cdrom \Device\CdRom0 874F11F8
    Device \Driver\usbehci \Device\USBPDO-8 8768B500
    Device \Driver\volmgr \Device\HarddiskVolume3 85CFB1F8
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 85CFD1F8
    Device \Driver\atapi \Device\Ide\IdePort0 85CFD1F8
    Device \Driver\atapi \Device\Ide\IdePort1 85CFD1F8
    Device \Driver\atapi \Device\Ide\IdePort2 85CFD1F8
    Device \Driver\atapi \Device\Ide\IdePort3 85CFD1F8
    Device \Driver\atapi \Device\Ide\IdePort4 85CFD1F8
    Device \Driver\atapi \Device\Ide\IdePort5 85CFD1F8
    Device \Driver\atapi \Device\Ide\IdePort6 85CFD1F8
    Device \Driver\atapi \Device\Ide\IdePort7 85CFD1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP4T1L0-b 85CFD1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-5 85CFD1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-6 85CFD1F8
    Device \Driver\volmgr \Device\HarddiskVolume4 85CFB1F8
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    Device \Driver\NetBT \Device\NetBT_Tcpip_{B760247C-3CDA-41B8-9A17-C17AA40707CD} 875AB1F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 875AB1F8
    Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    Device \Driver\usbuhci \Device\USBFDO-0 877C61F8
    Device \Driver\usbuhci \Device\USBFDO-1 877C61F8
    Device \Driver\usbuhci \Device\USBFDO-2 877C61F8
    Device \Driver\usbehci \Device\USBFDO-3 8768B500
    Device \Driver\usbuhci \Device\USBFDO-4 877C61F8
    Device \Driver\usbuhci \Device\USBFDO-5 877C61F8
    Device \Driver\usbuhci \Device\USBFDO-6 877C61F8
    Device \Driver\usbuhci \Device\USBFDO-7 877C61F8
    Device \Driver\usbehci \Device\USBFDO-8 8768B500
    Device \FileSystem\fastfat \Fat 8863B1F8
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Administrador de filtros del sistema de archivos de Microsoft/Microsoft Corporation)
    Device \FileSystem\cdfs \Cdfs 8864C500
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272016581
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x38 0x92 0x0F 0xCC ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x6D 0x42 0x18 0x89 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272016581 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x38 0x92 0x0F 0xCC ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x6D 0x42 0x18 0x89 ...
    ---- Files - GMER 1.0.15 ----
    File C:\Windows\$NtUninstallKB24519$\3566177096 0 bytes
    File C:\Windows\$NtUninstallKB24519$\3566177096\@ 2048 bytes
    File C:\Windows\$NtUninstallKB24519$\3566177096\bckfg.tmp 850 bytes
    File C:\Windows\$NtUninstallKB24519$\3566177096\cfg.ini 226 bytes
    File C:\Windows\$NtUninstallKB24519$\3566177096\Desktop.ini 4608 bytes
    File C:\Windows\$NtUninstallKB24519$\3566177096\kwrd.dll 223744 bytes
    File C:\Windows\$NtUninstallKB24519$\3566177096\L 0 bytes
    File C:\Windows\$NtUninstallKB24519$\3566177096\L\xadqgnnk 338944 bytes
    File C:\Windows\$NtUninstallKB24519$\3566177096\U 0 bytes
    File C:\Windows\$NtUninstallKB24519$\3566177096\U\[email protected] 2048 bytes
    File C:\Windows\$NtUninstallKB24519$\3566177096\U\[email protected] 224768 bytes
    File C:\Windows\$NtUninstallKB24519$\3566177096\U\[email protected] 1024 bytes
    File C:\Windows\$NtUninstallKB24519$\3566177096\U\[email protected] 1024 bytes
    File C:\Windows\$NtUninstallKB24519$\3566177096\U\[email protected] 12800 bytes
    File C:\Windows\$NtUninstallKB24519$\3566177096\U\[email protected] 98304 bytes
    File C:\Windows\$NtUninstallKB24519$\3648774272 0 bytes
    ---- EOF - GMER 1.0.15 ----


    ----------------------------------------------------------------------------------------------

    Had to RAR the Attach since it wouldnt upload as a .txt
     

    Attached Files:

  3. Charlie2688

    Charlie2688 Thread Starter

    Joined:
    Dec 16, 2011
    Messages:
    3
    I just discovered that the Malware also seems to have targeted the Printer drivers
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1031459

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice