1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

internet slowed down and comp freezing up...

Discussion in 'Virus & Other Malware Removal' started by ilaila, Jan 11, 2013.

Thread Status:
Not open for further replies.
  1. ilaila

    ilaila Thread Starter

    Joined:
    Oct 29, 2012
    Messages:
    7
    Hi there, I just lost the post that i wrote so hopefully there's no repeats. doesn't look like it so far.

    I'm on a lousy laptop but it runs fast enough for me usually - pretty fast. i use firefox. Just a couple of weeks ago it suddenly started not loading the page for ages, so stays on original screen for ages. A few times it freezes up too. I'm trying to make sure it's not malware/viruses - and will also be trying to check that no one else is stealing the internet from a different flat.

    Here's the info
    hijack
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:23:28, on 11/01/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\system32\dldtcoms.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\WTClient.exe
    C:\WINDOWS\tsnpstd3.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\Drivers\WTSRV.EXE
    C:\WINDOWS\vsnpstd3.exe
    C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\All Users\Documents\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [WTClient] WTClient.exe
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [KORG USB-MIDI Driver] C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\RunOnce: [SymInstallStub] C:\Documents and Settings\All Users\Application Data\DivX\Symantec\SymInstallStub.exe /partnerid=divx /productlist=nss /staging=false /delay=5 /lang=English /desktopshortcut=1 /startmenushortcut=1 /tasktries=1
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
    O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
    O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: completed.lnk = H:\desktop\completed.txt
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Plug-in 1.6.0_24) -
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: dldt_device - - C:\WINDOWS\system32\dldtcoms.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: ServiceLayer - Unknown owner - D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

    --
    End of file - 7429 bytes


    dds
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.10.2
    Run by Owner at 19:19:30 on 2013-01-11
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.289 [GMT 0:00]
    .
    .
    ============== Running Processes ================
    .
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\system32\dldtcoms.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\WTClient.exe
    C:\WINDOWS\tsnpstd3.exe
    C:\WINDOWS\System32\Drivers\WTSRV.EXE
    C:\WINDOWS\vsnpstd3.exe
    C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    mStart Page = about:blank
    mWinlogon: SFCDisable = dword:-99
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
    uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
    uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
    uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [WTClient] WTClient.exe
    mRun: [tsnpstd3] c:\windows\tsnpstd3.exe
    mRun: [snpstd3] c:\windows\vsnpstd3.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [KORG USB-MIDI Driver] c:\program files\korg\korg usb-midi driver\EsHelper2.exe /s
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRunOnce: [SymInstallStub] c:\documents and settings\all users\application data\divx\symantec\SymInstallStub.exe /partnerid=divx /productlist=nss /staging=false /delay=5 /lang=English /desktopshortcut=1 /startmenushortcut=1 /tasktries=1
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\comple~1.lnk - h:\desktop\completed.txt
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: ForceClassicControlPanel = dword:1
    mPolicies-Explorer: MaxRecentDocs = dword:18
    mPolicies-Explorer: NoSMConfigurePrograms = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-Explorer: NoRecentDocsNetHood = dword:1
    mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{3174C620-E8B5-421C-931F-E8631E8A4551} : DHCPNameServer = 192.168.1.254
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\psoexwhp.default\
    FF - prefs.js: browser.search.selectedEngine - Linkury Smartbar Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\psoexwhp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\psoexwhp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
    FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
    FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
    FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
    FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
    FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll
    FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
    FF - ExtSQL: !HIDDEN! 2010-08-07 22:28; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [2009-4-20 308248]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-12 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-7 361032]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-7 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-7 44808]
    R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-11-6 83168]
    S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
    S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys --> c:\windows\system32\drivers\ewusbfake.sys [?]
    S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-2-4 9216]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-1-24 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-1-24 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-1-24 136808]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-11-6 181344]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2013-01-05 17:17:06 -------- d-----w- c:\documents and settings\owner\local settings\application data\Apple Computer
    2013-01-02 22:50:12 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
    2013-01-02 22:45:54 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-01-02 22:45:38 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-12-13 00:26:34 991744 ------w- c:\windows\system32\dllcache\kernel32.dll
    2012-12-13 00:26:25 375296 ------w- c:\windows\system32\dllcache\dpnet.dll
    .
    ==================== Find3M ====================
    .
    2013-01-09 20:59:43 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-09 20:59:43 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-02 22:45:09 779704 ----a-w- c:\windows\system32\deployJava1.dll
    2012-12-16 12:31:02 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-13 11:20:36 1875456 ------w- c:\windows\system32\win32k.sys
    2012-11-02 02:02:42 375296 ------w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
    2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr
    2012-10-26 08:11:10 421200 ----a-w- c:\windows\system32\msvcp100.dll
    2012-10-26 08:11:06 773968 ----a-w- c:\windows\system32\msvcr100.dll
    2012-10-25 03:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2012-10-25 03:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .
    ============= FINISH: 19:20:12.98 ===============


    attach
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 07/08/2010 19:29:03
    System Uptime: 11/01/2013 18:34:39 (1 hours ago)
    .
    Motherboard: Acer | | Acadia
    Processor: Intel(R) Celeron(R) CPU 550 @ 2.00GHz | uPGA-478 | 1995/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 32 GiB total, 4.521 GiB free.
    D: is FIXED (NTFS) - 31 GiB total, 12.891 GiB free.
    E: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Modem Device on High Definition Audio Bus
    Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_10250136&REV_1000\4&2E584385&0&0102
    Manufacturer:
    Name: Modem Device on High Definition Audio Bus
    PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2C06&SUBSYS_10250136&REV_1000\4&2E584385&0&0102
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Acer Empowering Technology
    Adobe After Effects CS4 Third Party Content
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe Creative Suite 4 Master Collection
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe Encore CS4 Codecs
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Illustrator CS4
    Adobe Linguistics CS4
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Premiere Pro CS4 Third Party Content
    Adobe Reader 9.5.0
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Soundbooth CS4 Codecs
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Alt-Tab Task Switcher Powertoy for Windows XP
    Amazing Slow Downer (remove only)
    Any Video Converter 3.1.7
    Apple Application Support
    Apple Software Update
    avast! Free Antivirus
    CCleaner
    Connect
    DivX Setup
    Dorgem 2.1.0
    FormatFactory 3.0.1
    Google Chrome
    Google Update Helper
    HijackThis 1.99.1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    iSpy
    Java 7 Update 10
    Java Auto Updater
    KORG USB-MIDI Driver Tools for Windows
    kuler
    MediaLooks QuickTime Source 1.7.0.6 (DirectShow Filter)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 1.1 Service Pack 1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Windows Application Compatibility Database
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSI Star Cam 370i
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    Open Command Prompt Shell Extension (x86-32)
    OpenOffice.org 3.3
    PC Connectivity Solution
    PDF Settings CS4
    Photoshop Camera Raw
    QuickTime
    Realtek High Definition Audio Driver
    SAMSUNG USB Driver for Mobile Phones
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skype™ 5.10
    Spybot - Search & Destroy
    Suite Shared Configuration CS4
    SUPERAntiSpyware
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    User Profile Hive Cleanup Service
    VC80CRTRedist - 8.0.50727.6195
    Vegas Pro 9.0
    VLC media player 2.0.4
    WebFldrs XP
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    WinRAR archiver
    Xvid Video Codec
    ZTE_1.2059.0.8
    .
    ==== Event Viewer Messages From Past Week ========
    .
    04/01/2013 14:50:29, error: Service Control Manager [7000] - The StarOpen service failed to start due to the following error: The system cannot find the file specified.
    04/01/2013 04:59:12, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109).
    .
    ==== End Of File ===========================


    and ark

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-11 19:31:20
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.SB2O 74.53GB
    Running: 0olcmtg3.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgryypog.sys


    ---- System - GMER 2.0 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA97314BA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA97DEC22]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA9731ED6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA9773811]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA973CFA8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA973CFF4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA973D176]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA97731C5]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA973CF16]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA973D038]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA973CF5E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA973211C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA973D130]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA973293E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA9731508]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA9773ED7]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA977418D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA97361C2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA9773D42]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9773BAD]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA97DECEA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA9731170]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA9731556]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA9736534]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA97333A6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA973CFD2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA973D016]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA973D19A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA9773521]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA973CF3C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA9735C3E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA973D0BA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA973CF86]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA9735F14]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA973D154]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA97DEE4A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA9773A28]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA9733272]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA977387A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA9732DD4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA97EB7D2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA9772838]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA97315A4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA97315F2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA97327BE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA97311FA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA97313AA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA9773FDE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA9731350]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA9732AF8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA9732C54]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA973141A]
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA98CD640]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA9732636]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA97DD41C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA9731640]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA9731F1A]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA97F7E56]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 2.0 ----

    .text ntoskrnl.exe!_abnormal_termination + 198 804E2804 4 Bytes [EA, EC, 7D, A9]
    .text ntoskrnl.exe!_abnormal_termination + 398 804E2A04 12 Bytes [A4, 15, 73, A9, F2, 15, 73, ...]
    .text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [F8, 2A, 73, A9, 54, 2C, 73, ...] {CLC ; SUB DH, [EBX-0x57]; PUSH ESP; SUB AL, 0x73; TEST EAX, 0xa973141a}
    PAGE ntoskrnl.exe!ObInsertObject 8056513A 5 Bytes JMP A97F6810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB88 4 Bytes CALL A9733A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 8058304C 7 Bytes JMP A97F7E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059EA42 5 Bytes JMP A97F4CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP A9737B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFreeUserMem + 35D0 BF80C84E 5 Bytes JMP A9737A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP A97379F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E59B 5 Bytes JMP A9736688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMulDiv + 197D BF820CA8 5 Bytes JMP A97370A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPaint + 11A6 BF82D4A6 5 Bytes JMP A97367C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLockSurface + C09 BF82E624 5 Bytes JMP A9737CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 654A BF83D89B 5 Bytes JMP A9737EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + BEF8 BF843249 5 Bytes JMP A97378FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + DB5F BF844EB0 5 Bytes JMP A9736834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!FONTOBJ_pxoGetXform + B0E8 BF864F60 5 Bytes JMP A9737090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 350F BF8700AD 5 Bytes JMP A973716A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 5807 BF8723A5 5 Bytes JMP A9736C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 5892 BF872430 5 Bytes JMP A9736EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 6468 BF873006 5 Bytes JMP A9736670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + B846 BF8783E4 5 Bytes JMP A9737A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnicodeToMultiByteN + 67E7 BF87F607 5 Bytes JMP A9737BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 3651 BF898924 5 Bytes JMP A9736CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 418E BF899461 5 Bytes JMP A9736E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetLastError + 1606 BF8B6552 5 Bytes JMP A9737182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 2862 BF8B9C70 5 Bytes JMP A9737E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngAlphaBlend + 1A3D BF8C1C1C 5 Bytes JMP A9736944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1517 BF8CA0AD 5 Bytes JMP A9736A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1797 BF8CA32D 5 Bytes JMP A9736B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EBCE7 5 Bytes JMP A973656A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + CB45 BF8F4CEE 5 Bytes JMP A97370C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 1A40 BF914536 5 Bytes JMP A9736760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 2614 BF91510A 5 Bytes JMP A97368F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4F8D BF917A83 5 Bytes JMP A9736FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 192A BF947D12 5 Bytes JMP A9737D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    ? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.0 ----

    .text C:\WINDOWS\System32\smss.exe[520] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\Program Files\Java\jre7\bin\jqs.exe[620] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
    .text C:\Program Files\Java\jre7\bin\jqs.exe[620] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\Program Files\Java\jre7\bin\jqs.exe[620] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
    .text C:\Program Files\Java\jre7\bin\jqs.exe[620] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\Program Files\Java\jre7\bin\jqs.exe[620] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
    .text C:\Program Files\Java\jre7\bin\jqs.exe[620] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
    .text C:\Program Files\Java\jre7\bin\jqs.exe[620] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
    .text C:\Program Files\Java\jre7\bin\jqs.exe[620] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
    .text C:\Program Files\Java\jre7\bin\jqs.exe[620] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
    .text C:\Program Files\Java\jre7\bin\jqs.exe[620] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
    .text C:\Program Files\Java\jre7\bin\jqs.exe[620] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
    .text C:\Program Files\Java\jre7\bin\jqs.exe[620] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
    .text C:\Program Files\Java\jre7\bin\jqs.exe[620] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
    .text C:\Program Files\Java\jre7\bin\jqs.exe[620] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
    .text C:\Program Files\Java\jre7\bin\jqs.exe[620] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
    .text C:\Program Files\Java\jre7\bin\jqs.exe[620] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
    .text C:\Program Files\Java\jre7\bin\jqs.exe[620] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
    .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[676] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[676] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\WTClient.exe[692] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003701F8
    .text C:\WINDOWS\system32\WTClient.exe[692] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\WTClient.exe[692] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003703FC
    .text C:\WINDOWS\system32\WTClient.exe[692] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\tsnpstd3.exe[720] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
    .text C:\WINDOWS\tsnpstd3.exe[720] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\tsnpstd3.exe[720] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
    .text C:\WINDOWS\tsnpstd3.exe[720] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[828] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[828] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[852] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[896] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[896] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[908] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[908] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1188] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[1304] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\Explorer.EXE[1304] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[1304] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\Explorer.EXE[1304] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 02F80804
    .text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 02F80A08
    .text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 02F80600
    .text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 02F801F8
    .text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 02F803FC
    .text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
    .text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
    .text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 008C1014
    .text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 008C0804
    .text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 008C0A08
    .text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 008C0C0C
    .text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 008C0E10
    .text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 008C01F8
    .text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 008C03FC
    .text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1412] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 008C0600
    .text C:\WINDOWS\vsnpstd3.exe[1424] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003701F8
    .text C:\WINDOWS\vsnpstd3.exe[1424] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\vsnpstd3.exe[1424] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003703FC
    .text C:\WINDOWS\vsnpstd3.exe[1424] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1476] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B41014
    .text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B40804
    .text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B40A08
    .text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B40C0C
    .text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B40E10
    .text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B401F8
    .text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B403FC
    .text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B40600
    .text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\wuauclt.exe[1596] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\wuauclt.exe[1596] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\wuauclt.exe[1596] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\wuauclt.exe[1596] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\wuauclt.exe[1596] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00911014
    .text C:\WINDOWS\system32\wuauclt.exe[1596] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00910804
    .text C:\WINDOWS\system32\wuauclt.exe[1596] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00910A08
    .text C:\WINDOWS\system32\wuauclt.exe[1596] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00910C0C
    .text C:\WINDOWS\system32\wuauclt.exe[1596] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00910E10
    .text C:\WINDOWS\system32\wuauclt.exe[1596] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009101F8
    .text C:\WINDOWS\system32\wuauclt.exe[1596] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009103FC
    .text C:\WINDOWS\system32\wuauclt.exe[1596] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00910600
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1616] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1616] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1616] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1616] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1692] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1692] kernel32.dll!SetUnhandledExceptionFilter 7C8449B5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1692] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1744] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1744] kernel32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\dldtcoms.exe[1856] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\dldtcoms.exe[1856] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\dldtcoms.exe[1856] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\dldtcoms.exe[1856] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\dldtcoms.exe[1856] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00F61014
    .text C:\WINDOWS\system32\dldtcoms.exe[1856] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00F60804
    .text C:\WINDOWS\system32\dldtcoms.exe[1856] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00F60A08
    .text C:\WINDOWS\system32\dldtcoms.exe[1856] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00F60C0C
    .text C:\WINDOWS\system32\dldtcoms.exe[1856] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00F60E10
    .text C:\WINDOWS\system32\dldtcoms.exe[1856] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00F601F8
    .text C:\WINDOWS\system32\dldtcoms.exe[1856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00F603FC
    .text C:\WINDOWS\system32\dldtcoms.exe[1856] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00F60600
    .text C:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1968] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1968] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00A71014
    .text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00A70804
    .text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00A70A08
    .text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00A70C0C
    .text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00A70E10
    .text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00A701F8
    .text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A703FC
    .text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00A70600
    .text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
    .text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
    .text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00A71014
    .text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00A70804
    .text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00A70A08
    .text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00A70C0C
    .text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00A70E10
    .text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00A701F8
    .text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A703FC
    .text C:\Program Files\KORG\KORG USB-MIDI Driver\EsHelper2.exe[2064] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00A70600
    .text C:\WINDOWS\system32\igfxtray.exe[2220] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\igfxtray.exe[2220] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\igfxtray.exe[2220] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\igfxtray.exe[2220] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\hkcmd.exe[2284] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\hkcmd.exe[2284] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\hkcmd.exe[2284] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\hkcmd.exe[2284] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\igfxpers.exe[2372] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\igfxpers.exe[2372] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\igfxpers.exe[2372] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\igfxpers.exe[2372] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\igfxsrvc.exe[2452] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\igfxsrvc.exe[2452] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\system32\igfxsrvc.exe[2452] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\igfxsrvc.exe[2452] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\system32\igfxsrvc.exe[2452] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01210804
    .text C:\WINDOWS\system32\igfxsrvc.exe[2452] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01210A08
    .text C:\WINDOWS\system32\igfxsrvc.exe[2452] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01210600
    .text C:\WINDOWS\system32\igfxsrvc.exe[2452] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 012101F8
    .text C:\WINDOWS\system32\igfxsrvc.exe[2452] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 012103FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00BB1014
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00BB0804
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00BB0A08
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00BB0C0C
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00BB0E10
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00BB01F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00BB03FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2456] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00BB0600
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00D31014
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00D30804
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00D30A08
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00D30C0C
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00D30E10
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00D301F8
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00D303FC
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00D30600
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D40804
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00D40A08
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00D40600
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00D401F8
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2544] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00D403FC
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 002801F8
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 002803FC
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 09D71014
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 09D70804
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 09D70A08
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 09D70C0C
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 09D70E10
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 09D701F8
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 09D703FC
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2708] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 09D70600
    .text C:\WINDOWS\System32\alg.exe[3304] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\alg.exe[3304] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3304] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[3304] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[3548] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[3548] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[3548] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\svchost.exe[3548] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[3548] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006F1014
    .text C:\WINDOWS\System32\svchost.exe[3548] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006F0804
    .text C:\WINDOWS\System32\svchost.exe[3548] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006F0A08
    .text C:\WINDOWS\System32\svchost.exe[3548] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006F0C0C
    .text C:\WINDOWS\System32\svchost.exe[3548] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006F0E10
    .text C:\WINDOWS\System32\svchost.exe[3548] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006F01F8
    .text C:\WINDOWS\System32\svchost.exe[3548] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006F03FC
    .text C:\WINDOWS\System32\svchost.exe[3548] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006F0600
    .text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 003801F8
    .text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 003803FC
    .text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
    .text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
    .text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
    .text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
    .text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
    .text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
    .text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
    .text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
    .text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AC0804
    .text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AC0A08
    .text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AC0600
    .text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AC01F8
    .text C:\Documents and Settings\All Users\Documents\Downloads\0olcmtg3.exe[3728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AC03FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 01644470 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 002C03FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] KERNEL32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0189047C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01890459 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] KERNEL32.dll!ValidateLocale + B1D0 7C8449B0 7 Bytes JMP 0164F972 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] KERNEL32.dll!GetBinaryTypeW + 80 7C8693DC 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 02260804
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 02260A08
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 02260600
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 022601F8
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 022603FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 018903DA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 02A21014
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 02A20804
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 02A20A08
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 02A20C0C
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 02A20E10
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 02A201F8
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 02A203FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3944] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 02A20600

    ---- User IAT/EAT - GMER 2.0 ----

    IAT C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[676] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\PROGRA~1\ALWILS~1\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
    IAT C:\WINDOWS\system32\services.exe[896] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
    IAT C:\WINDOWS\system32\services.exe[896] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
    IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1692] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)

    ---- EOF - GMER 2.0 ----


    so i hope that's ok for now - i use avast, superantispyware, spybotsd resident, i use a tablet which has a couple of funny entries in hijack this, and i use a program called ispy. (just thought that might come up and look dodgy) it's a webcam program for recording motion on web cams. Can't think of anything else useful, its an acer aspire 5315 laptop. I use firefox.
    I'm happy to repay for your time by doing you photoshop illustrator favours as i'm quite good at that stuff. X thankyou so much for your time, isla.
     
  2. ilaila

    ilaila Thread Starter

    Joined:
    Oct 29, 2012
    Messages:
    7
    Hello, just putting another note in as recommended by the read this first pages -
    my problem still remains, thankyou for any help,
    isla
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,756
    First Name:
    Karen
    Please be careful of your language even if the word is starred out by the filters (or yourself) as this is a family friendly site.

    Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

    Post the log from ComboFix when you've accomplished that.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1084742

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice