1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

my pc needs a flue shot !! it has a virus...please help

Discussion in 'Virus & Other Malware Removal' started by skooterbum, Dec 1, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. skooterbum

    skooterbum Thread Starter

    Joined:
    May 25, 2011
    Messages:
    99
    here's my story....

    i recently installed a new hard drive, and added more memory. i did a clean install of my windows xp. i have copies of the 3 service packs for XP, and loaded them. then i had to go online to get my browser updates, antivirus, and other programs as needed.

    with a basicaly new system, i am now having problems with it's operation. both of my browsers are constantly reloading / refreshing. i get the notice that the tab has been recovered, there has been a problem with IE, or the page. IE has encountered a problem and needs to close. now my system is starting to stop functioning while online. it will be loading a page, get almost done loading it, and then just hang there. the PC is doing nothing, and i can't do anything. then after a long wait, it will load a completely new page, just like the first one it was initially loading.

    i was working with my EBAY TURBO LISTER program, i was not online, and it kept shutting down and reloading, with a message of, IE has encountered a problem, and needs to reload. i wasn't even using the IE browser.

    my system was constantly getting slower and slower, so i ran an antivirus scan at startup, and that's when i found the corrupted files.

    i ran a scan of my system during startup, or right before the startup, and got notices of numerous corrupt files.

    i got (CAB archive is corrupted) error 42127, (ZIP archive is corrupted) error 42139
    and possibly others that i missed. there were multiples of these corrupted files. most with the same error numbers

    here is a shot of some of the information that i got from the scan.....

    i will post the Hijack log in the next post......
     

    Attached Files:

  2. skooterbum

    skooterbum Thread Starter

    Joined:
    May 25, 2011
    Messages:
    99
    sorry for the lousy pic of the virus scan image in previouse post......

    here is the Hijack This log......

    i did not make any changes to my system......


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:18:29 PM, on 11/30/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Windstream_BCUC\McciTrayApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
    C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Windstream_BCUC_McciTrayApp] "C:\Program Files\Windstream_BCUC\McciTrayApp.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0AA78F30-C581-4420-BE5D-65EB65100DBB}: NameServer = 166.102.165.13,207.91.5.20
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0AA78F30-C581-4420-BE5D-65EB65100DBB}: NameServer = 166.102.165.13,207.91.5.20
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0AA78F30-C581-4420-BE5D-65EB65100DBB}: NameServer = 166.102.165.13,207.91.5.20
    O17 - HKLM\System\CS3\Services\Tcpip\..\{0AA78F30-C581-4420-BE5D-65EB65100DBB}: NameServer = 166.102.165.13,207.91.5.20
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
    O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    --
    End of file - 4996 bytes
     
  3. skooterbum

    skooterbum Thread Starter

    Joined:
    May 25, 2011
    Messages:
    99
    here is the DDS.txt file......

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by SKOOTERBUM at 0:17:34 on 2011-12-01
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1594 [GMT -6:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Windstream_BCUC\McciTrayApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
    C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.windstream.net/
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Windstream_BCUC_McciTrayApp] "c:\program files\windstream_bcuc\McciTrayApp.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    TCP: Interfaces\{0AA78F30-C581-4420-BE5D-65EB65100DBB} : NameServer = 166.102.165.13,207.91.5.20
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\skooterbum\application data\mozilla\firefox\profiles\uu0d8ksy.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.windstream.net/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-11-11 38920]
    R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-11-11 42376]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-11 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-11 314456]
    R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-11-11 16008]
    R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-11-11 184072]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-11 20568]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-11 44768]
    R2 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2011-11-11 60552]
    R2 Guard Agent;Guard Agent;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2011-11-11 23176]
    R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-14 267568]
    S0 sfytqmeh;sfytqmeh;c:\windows\system32\drivers\ikwagsq.sys --> c:\windows\system32\drivers\ikwagsq.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-8-29 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-11-27 01:04:27 -------- d-----w- c:\program files\Free Window Registry Repair
    2011-11-26 23:45:58 -------- d-----w- c:\documents and settings\skooterbum\application data\DriverCure
    2011-11-26 23:45:57 -------- d-----w- c:\documents and settings\skooterbum\application data\SpeedyPC Software
    2011-11-26 23:45:35 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
    2011-11-26 23:19:56 -------- d-----w- c:\program files\WOT
    2011-11-26 21:33:12 -------- d-----w- c:\documents and settings\skooterbum\local settings\application data\PCHealth
    2011-11-26 06:08:51 -------- d-----w- c:\documents and settings\skooterbum\local settings\application data\ApplicationHistory
    2011-11-26 05:52:15 -------- d-----w- c:\windows\system32\winrm
    2011-11-26 05:52:02 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2011-11-26 05:51:30 -------- d-----w- c:\documents and settings\skooterbum\local settings\application data\Identities
    2011-11-26 05:51:25 -------- d-----w- c:\documents and settings\skooterbum\application data\Windows Desktop Search
    2011-11-26 05:50:35 -------- d-----w- c:\program files\Windows Desktop Search
    2011-11-26 05:50:34 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-11-26 05:49:40 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
    2011-11-26 05:49:40 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
    2011-11-26 05:49:40 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
    2011-11-26 05:47:20 -------- d-----w- c:\windows\system32\URTTEMP
    2011-11-26 05:09:47 -------- d-----w- c:\windows\system32\NtmsData
    2011-11-26 04:32:52 19569 ----a-w- c:\windows\000001_.tmp
    2011-11-19 06:25:55 -------- d-----w- c:\documents and settings\skooterbum\local settings\application data\Mozilla
    2011-11-18 02:24:01 317440 -c----w- c:\windows\system32\dllcache\mp4sdecd.dll
    2011-11-17 04:55:55 -------- d-----w- c:\documents and settings\skooterbum\application data\ElevatedDiagnostics
    2011-11-17 02:26:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2011-11-17 02:26:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2011-11-17 02:26:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2011-11-17 02:26:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2011-11-17 02:26:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2011-11-17 02:26:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2011-11-17 02:26:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2011-11-17 02:23:13 -------- d-----w- c:\documents and settings\skooterbum\local settings\application data\Apple
    2011-11-17 02:08:06 221184 ----a-w- c:\windows\system32\wmpns.dll
    2011-11-17 02:07:48 -------- d-----w- c:\program files\Windows Media Connect 2
    2011-11-17 02:04:32 -------- d-----w- c:\windows\system32\LogFiles
    2011-11-17 01:52:01 -------- d-----w- c:\windows\system32\Adobe
    2011-11-15 09:01:51 -------- d-----w- c:\program files\Windstream_BCUC
    2011-11-15 08:57:54 -------- d-----w- c:\program files\common files\Motive
    2011-11-15 08:27:24 -------- d-----w- c:\documents and settings\skooterbum\application data\Windstream
    2011-11-15 08:26:18 -------- d-----w- c:\documents and settings\all users\application data\Radialpoint
    2011-11-15 08:25:57 -------- d-----w- c:\documents and settings\skooterbum\application data\Radialpoint
    2011-11-15 08:25:38 -------- d-----w- c:\documents and settings\all users\application data\Windstream
    2011-11-13 22:08:34 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-11-13 22:08:34 215920 ----a-w- c:\windows\system32\muweb.dll
    2011-11-13 22:08:34 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
    2011-11-13 12:01:00 -------- d-----w- c:\documents and settings\skooterbum\local settings\application data\Temp
    2011-11-13 12:00:53 -------- d-----w- c:\documents and settings\skooterbum\local settings\application data\Sun
    2011-11-13 11:46:37 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-13 11:46:37 128000 ----a-w- c:\windows\system32\javacpl.cpl
    2011-11-13 11:40:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-13 11:27:05 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
    2011-11-13 11:26:51 -------- d-----w- c:\program files\W3i
    2011-11-13 11:26:51 -------- d-----w- c:\documents and settings\all users\application data\W3i
    2011-11-13 11:26:11 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
    2011-11-13 11:23:29 -------- d-----w- c:\program files\Free Offers from Freeze.com
    2011-11-13 01:30:41 388096 ----a-r- c:\documents and settings\skooterbum\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-11-13 01:30:39 -------- d-----w- c:\program files\Trend Micro
    2011-11-12 23:26:49 306176 --sha-w- C:\EUMONBMP.SYS
    2011-11-12 21:36:02 -------- d-----w- c:\program files\eBay
    2011-11-12 03:50:05 -------- d-----w- c:\documents and settings\skooterbum\application data\ieSpell
    2011-11-12 00:34:19 -------- d-----w- c:\program files\ieSpell
    2011-11-11 23:14:29 -------- d-----w- c:\documents and settings\skooterbum\local settings\application data\Lime PRO
    2011-11-11 23:14:02 -------- d-----w- c:\program files\Lime PRO
    2011-11-11 23:01:07 -------- d-----w- c:\program files\common files\xing shared
    2011-11-11 22:59:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-11-11 22:59:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-11-11 22:51:36 184072 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
    2011-11-11 22:51:36 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys
    2011-11-11 22:51:35 38920 ----a-w- c:\windows\system32\drivers\eubakup.sys
    2011-11-11 22:51:34 42376 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
    2011-11-11 22:47:28 20616 ----a-w- c:\windows\system32\fbnative.exe
    2011-11-11 22:46:36 -------- d-----w- c:\program files\EaseUS
    2011-11-11 21:32:40 -------- d-----w- c:\documents and settings\skooterbum\application data\Malwarebytes
    2011-11-11 21:32:05 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-11-11 21:32:01 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-11 21:32:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-11 20:54:07 -------- d-----w- c:\windows\system32\XPSViewer
    2011-11-11 20:53:18 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-11-11 20:52:44 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-11-11 20:52:44 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-11-11 20:52:44 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-11-11 20:52:44 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-11-11 20:52:44 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-11-11 20:52:44 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-11-11 20:52:44 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-11-11 20:52:44 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-11-11 20:52:43 -------- d-----w- C:\64f9a61727d07056591c8c8ef3
    2011-11-11 20:22:17 -------- d-----w- c:\documents and settings\skooterbum\local settings\application data\FixItCenter
    2011-11-11 19:55:29 -------- d-----w- c:\windows\MATS
    2011-11-11 19:55:27 -------- d-----w- c:\program files\Microsoft Fix it Center
    2011-11-11 19:45:57 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-11 19:35:33 -------- d-----w- c:\documents and settings\skooterbum\application data\SUPERAntiSpyware.com
    2011-11-11 19:34:30 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-11-11 19:34:30 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2011-11-11 19:25:01 -------- d-----w- c:\documents and settings\skooterbum\local settings\application data\Ahead
    2011-11-11 19:19:05 -------- d-----w- c:\documents and settings\skooterbum\application data\KodakCredentialStore
    2011-11-11 19:16:05 -------- d-----w- c:\documents and settings\skooterbum\local settings\application data\KodakGallery
    2011-11-11 19:15:26 -------- d-----w- c:\documents and settings\skooterbum\application data\Skinux
    2011-11-11 19:10:56 -------- d-----w- c:\documents and settings\skooterbum\local settings\application data\Apple Computer
    2011-11-11 18:54:38 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
    2011-11-11 18:54:38 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
    2011-11-11 18:54:38 465920 ------w- c:\windows\system32\imapi2fs.dll
    2011-11-11 18:54:38 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
    2011-11-11 18:54:38 317952 ------w- c:\windows\system32\imapi2.dll
    2011-11-11 18:45:09 -------- d-----w- c:\program files\CCleaner
    2011-11-11 18:09:33 -------- d-----w- c:\program files\Speccy
    2011-11-11 18:03:45 -------- d-----w- c:\program files\Defraggler
    2011-11-11 17:53:33 -------- d-----w- c:\documents and settings\skooterbum\local settings\application data\Adobe
    2011-11-11 17:47:02 -------- d-----w- c:\documents and settings\all users\eBay
    2011-11-11 14:35:08 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2011-11-11 14:34:20 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-11-11 14:34:20 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-11-11 14:34:19 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-11-11 14:34:17 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-11-11 14:34:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-11-11 14:34:16 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-11-11 14:34:13 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2011-11-11 14:28:33 -------- d-sh--w- c:\documents and settings\skooterbum\UserData
    2011-11-11 14:13:20 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2011-11-11 14:11:28 -------- d-----w- c:\program files\MSXML 4.0
    2011-11-11 14:00:09 -------- d--h--w- c:\windows\PIF
    2011-11-11 13:47:02 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2011-11-11 13:47:02 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-11-11 13:46:11 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-11-11 13:46:08 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-11-11 13:46:07 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-11-11 13:46:04 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-11-11 13:45:18 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-11-11 13:42:26 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-11-11 13:41:29 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2011-11-11 13:41:26 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-11-11 13:40:43 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2011-11-11 13:40:07 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2011-11-11 13:39:28 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
    2011-11-11 13:38:15 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2011-11-11 13:38:14 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2011-11-11 13:38:14 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2011-11-11 13:38:14 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2011-11-11 13:38:14 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2011-11-11 13:38:14 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2011-11-11 13:38:13 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
    2011-11-11 13:38:13 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2011-11-11 13:38:13 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2011-11-11 13:38:12 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2011-11-11 13:38:11 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2011-11-11 13:38:09 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2011-11-11 13:36:48 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-11-11 13:36:42 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2011-11-11 13:35:55 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-11-11 13:34:22 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-11-11 13:33:56 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
    2011-11-11 13:32:13 -------- d-----w- c:\windows\pss
    2011-11-11 13:32:01 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-11-11 13:32:00 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2011-11-11 13:31:33 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2011-11-11 13:28:54 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-11-11 13:28:47 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
    2011-11-11 13:28:27 -------- d-----w- c:\windows\system32\PreInstall
    2011-11-11 13:11:14 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-11 13:10:54 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-11 13:10:33 -------- d-----w- c:\program files\AVAST Software
    2011-11-11 13:10:33 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2011-11-11 13:04:27 -------- d-----w- c:\windows\system32\wbem\AutoRecover
    2011-11-11 12:59:59 786432 -c----w- c:\windows\system32\dllcache\migrate.exe
    2011-11-11 12:58:32 -------- d-----w- c:\windows\ServicePackFiles
    2011-11-11 12:58:13 -------- d-sh--w- c:\documents and settings\skooterbum\PrivacIE
    2011-11-11 12:56:24 26144 ----a-w- c:\windows\system32\spupdsvc.exe
    2011-11-11 12:54:46 -------- d-----w- c:\windows\EHome
    2011-11-11 12:45:04 -------- d-sh--w- c:\documents and settings\skooterbum\IETldCache
    2011-11-11 12:42:47 -------- d-----w- c:\windows\ie8updates
    2011-11-11 12:42:46 -------- d--h--w- c:\windows\$hf_mig$
    2011-11-11 12:41:25 -------- dc-h--w- c:\windows\ie8
    2011-11-10 09:29:24 -------- d-----w- c:\program files\common files\Kodak
    2011-11-10 09:24:52 -------- d-----w- c:\documents and settings\skooterbum\local settings\application data\ArcSoft
    2011-11-10 09:24:39 -------- d-----w- c:\documents and settings\all users\application data\ArcSoft
    2011-11-10 09:02:39 -------- d-----w- c:\program files\Kodak
    2011-11-10 09:01:32 -------- d-----w- c:\documents and settings\all users\application data\Kodak
    2011-11-10 08:38:04 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2011-11-10 08:37:54 303104 ----a-w- c:\windows\system32\CNC250L.dll
    2011-11-10 08:37:54 15872 ----a-w- c:\windows\system32\CNHMCA.dll
    2011-11-10 08:37:54 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2011-11-10 08:37:54 1310720 ----a-w- c:\windows\system32\CNC250C.dll
    2011-11-10 08:37:54 110592 ----a-w- c:\windows\system32\CNC250I.dll
    2011-11-10 08:37:54 106496 ----a-w- c:\windows\system32\CNC250U.dll
    2011-11-10 08:37:17 -------- d-----w- c:\program files\common files\CANON
    2011-11-10 08:35:09 70656 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP9W.DLL
    2011-11-10 08:35:09 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD9W.DLL
    2011-11-10 08:35:09 272384 ----a-w- c:\windows\system32\CNMLM9W.DLL
    2011-11-10 08:35:03 90112 ----a-w- c:\windows\system32\CNC250O.dll
    2011-11-10 08:35:00 178176 ----a-w- c:\windows\system32\CNMIU9W.DLL
    2011-11-10 08:32:24 -------- d-----w- c:\program files\Canon
    2011-11-10 06:24:59 -------- d-----w- C:\BITWARE
    2011-11-10 06:19:53 -------- d-----w- c:\documents and settings\skooterbum\application data\Simple Star
    2011-11-10 06:19:52 421888 ----a-w- c:\windows\Nero PhotoShow.scr
    2011-11-10 06:19:52 -------- d-----w- C:\Demo Album
    2011-11-10 06:18:50 2670592 ------w- c:\windows\UNNMP.exe
    2011-11-10 06:17:28 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    2011-11-10 06:15:43 476320 ----a-w- c:\windows\system32\ImagXpr7.dll
    2011-11-10 06:15:43 471040 ----a-w- c:\windows\system32\ImagXRA7.dll
    2011-11-10 06:15:43 364544 ----a-w- c:\windows\system32\TwnLib4.dll
    2011-11-10 06:15:43 262144 ----a-w- c:\windows\system32\ImagXR7.dll
    2011-11-10 06:15:43 1568768 ----a-w- c:\windows\system32\ImagX7.dll
    2011-11-10 06:15:42 38912 ----a-w- c:\windows\system32\picn20.dll
    2011-11-10 06:15:42 106496 ----a-w- c:\windows\system32\TwnLib20.dll
    2011-11-10 06:15:38 -------- d-----w- c:\program files\NERO
    2011-11-10 06:13:59 82432 ----a-w- c:\windows\system32\dmscript.dll
    2011-11-10 06:09:45 38160 ----a-w- c:\windows\system32\LMRTREND.dll
    2011-11-10 06:05:20 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
    2011-11-10 06:05:20 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
    2011-11-10 06:05:20 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
    2011-11-10 06:05:20 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
    2011-11-10 06:05:19 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
    2011-11-10 06:02:39 402048 ----a-w- c:\windows\system32\s3gnb.dll
    2011-11-10 05:59:33 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
    2011-11-10 05:58:36 3279 ----a-w- c:\windows\system32\drivers\VIAPFD.SYS
    2011-11-10 05:57:58 -------- d-----w- c:\windows\system32\Tools
    2011-11-10 05:57:05 11182 ----a-w- c:\windows\system32\drivers\hmnt.sys
    2011-11-10 05:57:03 -------- d-----w- C:\VIAhm
    2011-11-10 05:38:43 -------- d-s---w- c:\windows\system32\Microsoft
    2011-11-10 05:35:56 69632 ----a-w- c:\windows\system32\vuins32.dll
    2011-11-10 05:35:56 48128 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
    2011-11-10 05:35:56 319456 ------w- c:\windows\system32\difxapi.dll
    2011-11-10 05:32:49 -------- d-----w- c:\program files\S3
    2011-11-10 05:32:24 306688 ----a-w- c:\windows\IsUninst.exe
    2011-11-10 05:32:20 -------- d-----w- c:\documents and settings\skooterbum\WINDOWS
    2011-11-10 05:32:17 -------- d-----w- C:\S3Graphics
    2011-11-10 05:31:05 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
    2011-11-10 05:31:05 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
    2011-11-10 05:31:04 -------- d-----w- c:\windows\system32\ReinstallBackups
    2011-11-10 05:29:13 -------- d-----w- c:\program files\VIA
    2011-11-10 05:23:40 13976 ----a-w- c:\windows\system32\drivers\videX32.sys
    2011-11-10 05:23:38 32128 ----a-r- c:\windows\system32\drivers\VIAAGP1.SYS
    2011-11-10 05:22:00 207488 ----a-w- c:\windows\system32\drivers\vinyl97.sys
    .
    ==================== Find3M ====================
    .
    2011-11-10 06:09:36 4608 ----a-w- c:\windows\system32\w95inf32.dll
    2011-11-10 06:09:36 2272 ----a-w- c:\windows\system32\w95inf16.dll
    2011-10-24 22:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 22:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-19 22:16:42 49152 ----a-r- c:\windows\system32\inetwh32.dll
    2011-10-19 22:16:42 1044480 ----a-r- c:\windows\system32\roboex32.dll
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 19:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 19:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 19:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 0:19:31.42 ===============
     
  4. skooterbum

    skooterbum Thread Starter

    Joined:
    May 25, 2011
    Messages:
    99
    here is the Attach.txt file.....
     

    Attached Files:

  5. skooterbum

    skooterbum Thread Starter

    Joined:
    May 25, 2011
    Messages:
    99
    here is the ark.txt file.....

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-01 02:53:49
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600AAJB-00J3A0 rev.01.03E01
    Running: owioubv2.exe; Driver: C:\DOCUME~1\SKOOTE~1\LOCALS~1\Temp\fxdcqfoc.sys

    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB7A87FC4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB7AEC510]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB7AAB6A9]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB7A8A456]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB7A8A4AE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB7A8A5C4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB7AAB05D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB7A8A3AC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB7A8A4FE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB7A8A400]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB7A8A572]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB7A87FE8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB7AABD6F]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB7AAC025]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB7A8A848]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB7AABBDA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB7AABA45]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB7AEC5C0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB7A87DB2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB7A8800C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB7A8A9BC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB7A88AA4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB7A8A486]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB7A8A4D6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB7A8A5EE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB7AAB3B9]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB7A8A3D8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB7A8A680]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB7A8A53E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB7A8A42E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB7A8A764]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB7A8A59C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB7AEC658]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB7AAB8C0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB7A8896A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB7AAB712]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB7AF49E6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB7AAA6D0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB7A88030]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB7A88054]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB7A87E0C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB7A87F48]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB7AABE76]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB7A87F24]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB7A87F6C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB7A88078]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB7B007A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntoskrnl.exe!_abnormal_termination + 140 804E27AC 4 Bytes CALL 9405D030
    .text ntoskrnl.exe!_abnormal_termination + 271 804E28DD 3 Bytes [C6, AE, B7]
    PAGE ntoskrnl.exe!ObInsertObject 805650BA 5 Bytes JMP B7AFF15C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB08 4 Bytes CALL B7A8900F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 8058124C 7 Bytes JMP B7B007A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A038B 5 Bytes JMP B7AFD69C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text win32k.sys!EngSetLastError + 79A8 BF824339 5 Bytes JMP B7A8AB9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF851A23 5 Bytes JMP B7A8AAD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E5B4 5 Bytes JMP B7A8ADE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E63F 5 Bytes JMP B7A8AFBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 88 BF85F8B2 5 Bytes JMP B7A8AABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 4128 BF873FD0 5 Bytes JMP B7A8AF76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 4DEC BF89DC40 5 Bytes JMP B7A8AC0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngEraseSurface + A9D8 BF8C21B0 5 Bytes JMP B7A8ACA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1517 BF8CA612 5 Bytes JMP B7A8AD14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1797 BF8CA892 5 Bytes JMP B7A8AD4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2F7 5 Bytes JMP B7A8A9F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 19DF BF913433 5 Bytes JMP B7A8AB56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 25B3 BF914007 5 Bytes JMP B7A8AC6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4F2C BF916980 5 Bytes JMP B7A8B0D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    ? C:\DOCUME~1\SKOOTE~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
    ---- User code sections - GMER 1.0.15 ----
    .text C:\WINDOWS\system32\spoolsv.exe[220] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\spoolsv.exe[220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[220] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\spoolsv.exe[220] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[220] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\spoolsv.exe[220] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\spoolsv.exe[220] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\spoolsv.exe[220] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\spoolsv.exe[220] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\spoolsv.exe[220] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\spoolsv.exe[220] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\spoolsv.exe[220] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\spoolsv.exe[220] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\spoolsv.exe[220] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\spoolsv.exe[220] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\spoolsv.exe[220] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\spoolsv.exe[220] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\smss.exe[604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[712] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
    .text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[736] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
    .text C:\WINDOWS\system32\winlogon.exe[736] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[736] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\winlogon.exe[736] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\winlogon.exe[736] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\winlogon.exe[736] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\winlogon.exe[736] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\winlogon.exe[736] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\winlogon.exe[736] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\winlogon.exe[736] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\winlogon.exe[736] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\winlogon.exe[736] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\winlogon.exe[736] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\winlogon.exe[736] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\winlogon.exe[736] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[780] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\services.exe[780] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\services.exe[780] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\services.exe[780] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\services.exe[780] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\services.exe[780] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\services.exe[780] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\services.exe[780] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[792] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\lsass.exe[792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\lsass.exe[792] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\lsass.exe[792] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\lsass.exe[792] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\lsass.exe[792] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\lsass.exe[792] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\lsass.exe[792] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[1120] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[1120] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[1120] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[1120] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[1120] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[1152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[1152] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[1152] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[1152] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[1152] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1212] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1212] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1212] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1212] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1212] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1212] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1212] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1212] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1212] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1212] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1212] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1212] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1212] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1212] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1244] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1244] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1244] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1244] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1244] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1244] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1244] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1244] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1244] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1244] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1244] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1244] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1244] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1244] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1244] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[1244] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[1256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[1256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[1256] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[1256] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[1256] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[1304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[1304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[1304] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[1304] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[1304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[1304] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[1304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[1304] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[1304] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[1304] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[1304] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[1304] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[1304] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[1304] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[1304] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[1304] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[1304] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Java\jre7\bin\jqs.exe[1324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Java\jre7\bin\jqs.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Java\jre7\bin\jqs.exe[1324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Java\jre7\bin\jqs.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Java\jre7\bin\jqs.exe[1324] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Java\jre7\bin\jqs.exe[1324] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Java\jre7\bin\jqs.exe[1324] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Java\jre7\bin\jqs.exe[1324] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Java\jre7\bin\jqs.exe[1324] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Java\jre7\bin\jqs.exe[1324] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Java\jre7\bin\jqs.exe[1324] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Java\jre7\bin\jqs.exe[1324] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Java\jre7\bin\jqs.exe[1324] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
    .text C:\Program Files\Java\jre7\bin\jqs.exe[1324] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
    .text C:\Program Files\Java\jre7\bin\jqs.exe[1324] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
    .text C:\Program Files\Java\jre7\bin\jqs.exe[1324] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
    .text C:\Program Files\Java\jre7\bin\jqs.exe[1324] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
    .text C:\WINDOWS\System32\svchost.exe[1348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[1348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1464] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1464] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1464] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\pctspk.exe[1476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\WINDOWS\system32\pctspk.exe[1476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\pctspk.exe[1476] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\WINDOWS\system32\pctspk.exe[1476] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\pctspk.exe[1476] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\pctspk.exe[1476] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\pctspk.exe[1476] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\pctspk.exe[1476] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\pctspk.exe[1476] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\pctspk.exe[1476] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\WINDOWS\system32\pctspk.exe[1476] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\pctspk.exe[1476] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\pctspk.exe[1476] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\WINDOWS\system32\pctspk.exe[1476] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\WINDOWS\system32\pctspk.exe[1476] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\pctspk.exe[1476] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\pctspk.exe[1476] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\WINDOWS\System32\svchost.exe[1592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[1592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1592] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[1592] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1592] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[1592] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[1592] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[1592] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[1592] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[1592] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[1592] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[1592] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[1592] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[1592] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[1592] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[1592] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[1592] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\Explorer.EXE[1752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\Explorer.EXE[1752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[1752] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\Explorer.EXE[1752] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[1752] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\Explorer.EXE[1752] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\Explorer.EXE[1752] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\Explorer.EXE[1752] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\Explorer.EXE[1752] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\Explorer.EXE[1752] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\Explorer.EXE[1752] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\Explorer.EXE[1752] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\Explorer.EXE[1752] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\Explorer.EXE[1752] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\Explorer.EXE[1752] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\Explorer.EXE[1752] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\Explorer.EXE[1752] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1824] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1824] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Windstream_BCUC\McciTrayApp.exe[1832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Windstream_BCUC\McciTrayApp.exe[1832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Windstream_BCUC\McciTrayApp.exe[1832] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Windstream_BCUC\McciTrayApp.exe[1832] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Windstream_BCUC\McciTrayApp.exe[1832] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Windstream_BCUC\McciTrayApp.exe[1832] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Windstream_BCUC\McciTrayApp.exe[1832] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Windstream_BCUC\McciTrayApp.exe[1832] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Windstream_BCUC\McciTrayApp.exe[1832] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Windstream_BCUC\McciTrayApp.exe[1832] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Windstream_BCUC\McciTrayApp.exe[1832] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Windstream_BCUC\McciTrayApp.exe[1832] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Windstream_BCUC\McciTrayApp.exe[1832] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Windstream_BCUC\McciTrayApp.exe[1832] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Windstream_BCUC\McciTrayApp.exe[1832] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Windstream_BCUC\McciTrayApp.exe[1832] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Windstream_BCUC\McciTrayApp.exe[1832] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
    .text C:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[1860] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
    .text C:\WINDOWS\system32\ctfmon.exe[1860] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[1860] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\ctfmon.exe[1860] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\ctfmon.exe[1860] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\ctfmon.exe[1860] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\ctfmon.exe[1860] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\ctfmon.exe[1860] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\ctfmon.exe[1860] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\ctfmon.exe[1860] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\ctfmon.exe[1860] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\system32\ctfmon.exe[1860] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\system32\ctfmon.exe[1860] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\system32\ctfmon.exe[1860] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\ctfmon.exe[1860] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\SearchIndexer.exe[1944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000D01F8
    .text C:\WINDOWS\system32\SearchIndexer.exe[1944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\SearchIndexer.exe[1944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000D03FC
    .text C:\WINDOWS\system32\SearchIndexer.exe[1944] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\WINDOWS\system32\SearchIndexer.exe[1944] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\SearchIndexer.exe[1944] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00311014
    .text C:\WINDOWS\system32\SearchIndexer.exe[1944] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00310804
    .text C:\WINDOWS\system32\SearchIndexer.exe[1944] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310A08
    .text C:\WINDOWS\system32\SearchIndexer.exe[1944] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00310C0C
    .text C:\WINDOWS\system32\SearchIndexer.exe[1944] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310E10
    .text C:\WINDOWS\system32\SearchIndexer.exe[1944] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003101F8
    .text C:\WINDOWS\system32\SearchIndexer.exe[1944] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003103FC
    .text C:\WINDOWS\system32\SearchIndexer.exe[1944] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00310600
    .text C:\WINDOWS\system32\SearchIndexer.exe[1944] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00320804
    .text C:\WINDOWS\system32\SearchIndexer.exe[1944] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320A08
    .text C:\WINDOWS\system32\SearchIndexer.exe[1944] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00320600
    .text C:\WINDOWS\system32\SearchIndexer.exe[1944] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003201F8
    .text C:\WINDOWS\system32\SearchIndexer.exe[1944] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003203FC
    .text C:\WINDOWS\System32\alg.exe[2152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\alg.exe[2152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[2152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\alg.exe[2152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[2152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\alg.exe[2152] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\alg.exe[2152] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\alg.exe[2152] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\alg.exe[2152] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\alg.exe[2152] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\System32\alg.exe[2152] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\alg.exe[2152] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\alg.exe[2152] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\System32\alg.exe[2152] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\System32\alg.exe[2152] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\alg.exe[2152] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[2152] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\Documents and Settings\SKOOTERBUM\Desktop\owioubv2.exe[3652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Documents and Settings\SKOOTERBUM\Desktop\owioubv2.exe[3652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\SKOOTERBUM\Desktop\owioubv2.exe[3652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Documents and Settings\SKOOTERBUM\Desktop\owioubv2.exe[3652] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Documents and Settings\SKOOTERBUM\Desktop\owioubv2.exe[3652] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
    .text C:\Documents and Settings\SKOOTERBUM\Desktop\owioubv2.exe[3652] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
    .text C:\Documents and Settings\SKOOTERBUM\Desktop\owioubv2.exe[3652] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
    .text C:\Documents and Settings\SKOOTERBUM\Desktop\owioubv2.exe[3652] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
    .text C:\Documents and Settings\SKOOTERBUM\Desktop\owioubv2.exe[3652] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
    .text C:\Documents and Settings\SKOOTERBUM\Desktop\owioubv2.exe[3652] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
    .text C:\Documents and Settings\SKOOTERBUM\Desktop\owioubv2.exe[3652] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
    .text C:\Documents and Settings\SKOOTERBUM\Desktop\owioubv2.exe[3652] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
    .text C:\Documents and Settings\SKOOTERBUM\Desktop\owioubv2.exe[3652] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
    .text C:\Documents and Settings\SKOOTERBUM\Desktop\owioubv2.exe[3652] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
    .text C:\Documents and Settings\SKOOTERBUM\Desktop\owioubv2.exe[3652] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
    .text C:\Documents and Settings\SKOOTERBUM\Desktop\owioubv2.exe[3652] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
    .text C:\Documents and Settings\SKOOTERBUM\Desktop\owioubv2.exe[3652] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 EUBKMON.sys
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    ---- EOF - GMER 1.0.15 ----
     
  6. skooterbum

    skooterbum Thread Starter

    Joined:
    May 25, 2011
    Messages:
    99
    my PC kept refreshing the page while i was trying to post all of this information this morning. so if any information is incomplete please let me know. it makes it pretty difficult to get anything done when it is acting like this.

    anyways, if someone could take a look at all of this information, and guide me along through the virus / bug removal process, that would be great.

    thank you in advance !!

    ron
     
  7. skooterbum

    skooterbum Thread Starter

    Joined:
    May 25, 2011
    Messages:
    99
  8. skooterbum

    skooterbum Thread Starter

    Joined:
    May 25, 2011
    Messages:
    99
  9. skooterbum

    skooterbum Thread Starter

    Joined:
    May 25, 2011
    Messages:
    99
    today, while i was surfing ebay, my computer went to the blue screen, and listed something about possible problems with my hard drive disk. or the amount of space on the disk is not enough. the disk is new, and it has plenty of free space.

    i was trying to read all the information that was displayed on the screen, but it just didn't give me the time !!

    i did see at the bottom of the screen, it said it was "dumping the physical memory to the disk"

    when it completed doing that, my system rebooted itself.

    this is the second time this has happened.

    if someone had the time to help me, it would be greatly appreciated.....

    thanks,
    ron
     
  10. skooterbum

    skooterbum Thread Starter

    Joined:
    May 25, 2011
    Messages:
    99
  11. skooterbum

    skooterbum Thread Starter

    Joined:
    May 25, 2011
    Messages:
    99
  12. skooterbum

    skooterbum Thread Starter

    Joined:
    May 25, 2011
    Messages:
    99
    sorry to have wasted this space. my PC got totally messed up, and became inoperable (sp)?. i had to do a clean install of my windows to bring it back.

    hopfully i did it without catching any malware.

    this is a closed thread......
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1029173