1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

nothing responds when clicked

Discussion in 'Virus & Other Malware Removal' started by pokey2, Feb 25, 2013.

Thread Status:
Not open for further replies.
  1. pokey2

    pokey2 Thread Starter

    Joined:
    Jan 24, 2008
    Messages:
    90
    Hello I recieved an automatic update from windows today. After it installed itself i noticed that what ever I click on (icons) or files nothing happens. I managed to get her from a link in ccleaner program. No sys. tools function nothing. I have been downloading a lot of video making software and maybe a bug was in one of those downloads. I have included 4 log files you asked for see below. Thank you for your help Larry.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:45:56 PM, on 2/25/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Larry\My Documents\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    O4 - HKCU\..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1360267042484
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs:
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

    --
    End of file - 6027 bytes

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.13.2
    Run by Larry at 18:47:28 on 2013-02-25
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1329 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ================
    .
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.charter.net/
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1360267042484
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
    DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
    DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{2090FB9A-AF35-496D-84AE-18812705D7FC} : DHCPNameServer = 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs=
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-11 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-11 361032]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-11 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-11 44808]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632]
    R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-12-4 2074480]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-4-12 245760]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
    S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [2010-12-6 16512]
    S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2010-12-10 966912]
    .
    =============== Created Last 30 ================
    .
    2013-02-25 20:44:15 -------- d-----w- c:\program files\Photodex
    2013-02-25 15:17:08 -------- d-----w- c:\program files\Wondershare
    2013-02-25 14:53:27 -------- d-----w- C:\Temp
    2013-02-25 14:53:25 -------- d-----w- c:\documents and settings\larry\application data\Digiarty
    2013-02-25 14:53:14 -------- d-----w- c:\program files\Digiarty
    2013-02-24 20:25:44 -------- d-----w- c:\program files\DVDVideoSoft
    2013-02-24 20:12:15 -------- d-----w- c:\documents and settings\larry\.gimp-2.6
    2013-02-24 15:19:36 -------- d-----w- c:\documents and settings\larry\application data\ConverterLite
    2013-02-24 15:19:31 -------- d-----w- c:\program files\ConverterLite
    2013-02-24 15:17:52 -------- d-----w- c:\documents and settings\all users\application data\APN
    2013-02-24 00:59:09 79360 ----a-w- c:\windows\system32\ff_vfw.dll
    2013-02-23 23:39:37 -------- d-----w- c:\program files\common files\Wondershare
    2013-02-23 18:28:03 -------- d-----w- c:\program files\AviSynth 2.5
    2013-02-23 17:03:47 -------- d-----w- c:\documents and settings\larry\local settings\application data\Conduit
    2013-02-23 17:03:46 -------- d-----w- c:\documents and settings\larry\application data\Free AVI MPEG WMV MP4 FLV Video Joiner
    2013-02-23 17:03:34 344064 ----a-w- c:\windows\system32\msvcr70.dll
    2013-02-23 17:03:30 -------- d-----w- c:\program files\Free AVI MPEG WMV MP4 FLV Video Joiner
    2013-02-23 16:44:03 -------- d-----w- c:\program files\Pure Motion
    2013-02-23 16:44:01 -------- d-----w- c:\program files\Sonic Foundry
    2013-02-22 19:43:40 -------- d-----w- c:\documents and settings\larry\application data\AnvSoft
    2013-02-22 14:59:43 -------- d-----w- c:\documents and settings\larry\.thumb
    2013-02-21 23:34:35 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
    2013-02-19 14:31:03 -------- d-----w- c:\program files\IncrediMail
    2013-02-18 19:28:51 -------- d--h--w- c:\windows\msdownld.tmp
    2013-02-18 15:19:36 -------- d-----w- c:\documents and settings\larry\local settings\application data\Thunderbird
    2013-02-17 15:15:28 -------- d-----w- c:\documents and settings\larry\local settings\application data\Identities
    2013-02-16 17:07:32 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-02-16 17:07:24 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-02-16 16:38:50 -------- d-----w- c:\documents and settings\all users\application data\IncrediMail
    2013-02-15 22:04:52 208448 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2013-02-15 22:04:52 208448 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2013-02-13 21:47:36 -------- d-----w- c:\program files\ffdshow
    2013-02-13 00:38:03 -------- d-----w- c:\documents and settings\larry\application data\tiger-k
    2013-02-13 00:38:02 -------- d-----w- c:\documents and settings\larry\application data\Leawo
    2013-02-13 00:38:02 -------- d-----w- c:\documents and settings\all users\application data\Leawo
    2013-02-13 00:37:43 175616 ----a-w- c:\windows\system32\unrar.dll
    2013-02-13 00:27:16 -------- d-----w- c:\documents and settings\larry\application data\Video DVD Maker FREE
    2013-02-13 00:23:43 -------- d-sh--w- C:\AI_RecycleBin
    2013-02-13 00:23:29 -------- d-----w- c:\documents and settings\larry\local settings\application data\Updater21804
    2013-02-11 14:57:24 -------- d-----w- c:\documents and settings\all users\application data\18213
    2013-02-06 00:01:18 -------- d-----w- c:\documents and settings\larry\application data\TechSmith
    2013-02-06 00:01:10 -------- d-----w- c:\documents and settings\larry\local settings\application data\TechSmith
    2013-02-05 23:45:15 -------- d-----w- c:\documents and settings\all users\application data\Wondershare
    2013-02-05 23:44:28 -------- d-----w- c:\documents and settings\larry\local settings\application data\Wondershare
    .
    ==================== Find3M ====================
    .
    2013-02-25 20:49:42 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-25 20:49:42 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-16 17:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-02-16 17:07:07 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
    2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2012-12-26 20:16:28 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-12-26 20:16:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-12-24 06:40:59 385024 ------w- c:\windows\system32\html.iec
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 18:47:58.62 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/2/2010 9:23:11 PM
    System Uptime: 2/25/2013 4:55:29 PM (2 hours ago)
    .
    Motherboard: Hewlett-Packard | | 0A60h
    Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | XU1 PROCESSOR | 3192/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 39.747 GiB free.
    D: is CDROM ()
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 802.11n Wireless LAN Card
    Device ID: PCI\VEN_1814&DEV_0601&SUBSYS_28601814&REV_00\4&3721BFB3&0&20F0
    Manufacturer: Ralink Technology, Corp.
    Name: 802.11n Wireless LAN Card
    PNP Device ID: PCI\VEN_1814&DEV_0601&SUBSYS_28601814&REV_00\4&3721BFB3&0&20F0
    Service: RT80x86
    .
    ==== System Restore Points ===================
    .
    RP760: 2/16/2013 8:02:31 PM - System Checkpoint
    RP761: 2/16/2013 8:02:40 PM - OTL Restore Point - 2/16/2013 8:02:37 PM
    RP762: 2/17/2013 12:36:01 PM - Installed Microsoft Fix it 50267
    RP763: 2/18/2013 2:31:56 PM - Installed DirectX
    RP764: 2/18/2013 3:06:17 PM - Removed Photo Notifier and Animation Creator.
    RP765: 2/19/2013 9:35:27 AM - Removed Photo Notifier and Animation Creator.
    RP766: 2/20/2013 8:42:03 PM - System Checkpoint
    RP767: 2/21/2013 10:00:27 PM - System Checkpoint
    RP768: 2/22/2013 11:27:55 AM - Removed OpenOffice.org 3.3
    RP769: 2/23/2013 2:13:39 PM - Printer Driver PDFCreator Installed
    RP770: 2/23/2013 6:40:33 PM - Installed Windows XP -- Software Updates KB952011.
    RP771: 2/24/2013 8:21:19 PM - System Checkpoint
    RP772: 2/25/2013 10:18:29 AM - Installed Windows XP -- Software Updates KB952011.
    RP773: 2/25/2013 3:50:29 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.02)
    Adobe Shockwave Player 11.5
    AnswerWorks 5.0 English Runtime
    Apple Software Update
    avast! Free Antivirus
    Bonjour
    Brother MFL-Pro Suite MFC-J265W
    CCleaner
    ConverterLite 1.6.3
    ffdshow v1.2.4422 [2012-04-09]
    Free Fast Mpeg Cut version 2.4
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format 11 SDK (KB973442)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    IncrediMail
    IncrediMail 2.0
    Intel(R) Graphics Media Accelerator Driver
    Java 7 Update 13
    Java Auto Updater
    Lphant
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft LifeCam
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WinUsb 1.0
    MovieTracer
    Mozilla Firefox 19.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    PaperPort Image Printer
    Personal Ancestral File 5
    PMB
    Quicken 2009
    Ralink RT2860 Wireless LAN Card
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Skype™ 5.10
    System Requirements Lab for Intel
    The Weather Channel App
    TomTom HOME
    TomTom HOME Visual Studio Merge Modules
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Installer Clean Up
    Windows Internet Explorer 8
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Wondershare DVD Creator(Build 2.6.5)
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/25/2013 6:47:30 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
    2/25/2013 4:50:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    2/25/2013 4:48:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm
    2/25/2013 4:46:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    .
    ==== End Of File ===========================

    GMER 2.1.19081 - http://www.gmer.net
    Rootkit scan 2013-02-25 19:00:24
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDS721680PLA380 rev.P21OAB6A 74.53GB
    Running: tku1zhje.exe; Driver: C:\DOCUME~1\Larry\LOCALS~1\Temp\fxlcypob.sys


    ---- System - GMER 2.1 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA81614BA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA820EC22]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA8161ED6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA81A3811]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA816CFA8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA816CFF4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA816D176]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA81A31C5]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA816CF16]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA816D038]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA816CF5E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA816211C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA816D130]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA816293E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA8161508]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA81A3ED7]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA81A418D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA81661C2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA81A3D42]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA81A3BAD]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA820ECEA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA8161170]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA8161556]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA8166534]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA81633A6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA816CFD2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA816D016]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA816D19A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA81A3521]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA816CF3C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA8165C3E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA816D0BA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA816CF86]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA8165F14]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA816D154]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA820EE4A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA81A3A28]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA8163272]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA81A387A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA8162DD4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA821B7D2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA81A2838]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA81615A4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA81615F2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA81627BE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA81611FA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA81613AA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA81A3FDE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA8161350]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA8162AF8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA8162C54]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA816141A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA81624D4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA8162636]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA820D41C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA8161640]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA8161F1A]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8227E56]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 2.1 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2D28 80504620 4 Bytes JMP 9CA820EC
    .text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80504820 12 Bytes [A4, 15, 16, A8, F2, 15, 16, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes [F8, 2A, 16, A8, 54, 2C, 16, ...]
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL A8163A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP A8224CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP A8226810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP A8227E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text win32k.sys!EngFreeUserMem + 674 BF809952 5 Bytes JMP A8167B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFreeUserMem + 35D0 BF80C8AE 5 Bytes JMP A8167A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSurface + 45 BF813946 5 Bytes JMP A81679F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C598 5 Bytes JMP A81670A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngSetLastError + 79C4 BF824124 5 Bytes JMP A81667C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateBitmap + F9C BF828A8E 5 Bytes JMP A8167CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831496 5 Bytes JMP A8167EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + B6BA BF839F00 5 Bytes JMP A81678FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF8517AB 5 Bytes JMP A8166688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BCDA 5 Bytes JMP A816716A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 3567 BF85E32A 5 Bytes JMP A8166C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 35F2 BF85E3B5 5 Bytes JMP A8166EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 88 BF85F626 5 Bytes JMP A8166670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 5466 BF864A04 5 Bytes JMP A8167A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 3665 BF873264 5 Bytes JMP A8166CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 41A2 BF873DA1 5 Bytes JMP A8166E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetLastError + 1606 BF890E91 5 Bytes JMP A8167182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 26EE BF89443B 5 Bytes JMP A8167BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBltROP + 583 BF894F13 5 Bytes JMP A8167E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 3862 BF89C2CE 5 Bytes JMP A8167090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 4DF7 BF89D863 5 Bytes JMP A8166834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngEraseSurface + A996 BF8C1D0C 5 Bytes JMP A8166944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + A5A4 BF8EB49B 5 Bytes JMP A81670C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8EFF5C 5 Bytes JMP A816656A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + 3BBE BF8F212B 5 Bytes JMP A8166A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bCloseFigure + 3E3E BF8F23AB 5 Bytes JMP A8166B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 1A40 BF914636 5 Bytes JMP A8166760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 2614 BF91520A 5 Bytes JMP A81668F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4F95 BF917B8B 5 Bytes JMP A8166FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 1934 BF947E24 5 Bytes JMP A8167D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    ? C:\DOCUME~1\Larry\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !

    ---- User code sections - GMER 2.1 ----

    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[380] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[380] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00811014
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[380] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00810804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[380] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00810A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[380] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00810C0C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[380] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00810E10
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[380] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 008101F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[380] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 008103FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[380] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00810600
    .text C:\WINDOWS\Explorer.EXE[384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\Explorer.EXE[384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\Explorer.EXE[384] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00371014
    .text C:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00370804
    .text C:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370A08
    .text C:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00370C0C
    .text C:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370E10
    .text C:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003701F8
    .text C:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003703FC
    .text C:\WINDOWS\Explorer.EXE[384] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00370600
    .text C:\WINDOWS\Explorer.EXE[384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01EB0804
    .text C:\WINDOWS\Explorer.EXE[384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01EB0A08
    .text C:\WINDOWS\Explorer.EXE[384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01EB0600
    .text C:\WINDOWS\Explorer.EXE[384] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 01EB01F8
    .text C:\WINDOWS\Explorer.EXE[384] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 01EB03FC
    .text C:\WINDOWS\System32\smss.exe[472] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[524] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[548] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[776] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[892] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[892] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[932] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Java\jre7\bin\jqs.exe[984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\Java\jre7\bin\jqs.exe[984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Java\jre7\bin\jqs.exe[984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\Java\jre7\bin\jqs.exe[984] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Java\jre7\bin\jqs.exe[984] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006A1014
    .text C:\Program Files\Java\jre7\bin\jqs.exe[984] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006A0804
    .text C:\Program Files\Java\jre7\bin\jqs.exe[984] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006A0A08
    .text C:\Program Files\Java\jre7\bin\jqs.exe[984] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006A0C0C
    .text C:\Program Files\Java\jre7\bin\jqs.exe[984] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006A0E10
    .text C:\Program Files\Java\jre7\bin\jqs.exe[984] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006A01F8
    .text C:\Program Files\Java\jre7\bin\jqs.exe[984] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006A03FC
    .text C:\Program Files\Java\jre7\bin\jqs.exe[984] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006A0600
    .text C:\Program Files\Java\jre7\bin\jqs.exe[984] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006B0804
    .text C:\Program Files\Java\jre7\bin\jqs.exe[984] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 006B0A08
    .text C:\Program Files\Java\jre7\bin\jqs.exe[984] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006B0600
    .text C:\Program Files\Java\jre7\bin\jqs.exe[984] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006B01F8
    .text C:\Program Files\Java\jre7\bin\jqs.exe[984] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006B03FC
    .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1144] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\brss01a.exe[1332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\brss01a.exe[1332] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1340] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1568] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00811014
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00810804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00810A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00810C0C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00810E10
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 008101F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 008103FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00810600
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003701F8
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003703FC
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1764] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1788] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1788] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\Microsoft LifeCam\MSCamS32.exe[1788] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1820] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\wuauclt.exe[1908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\wuauclt.exe[1908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\wuauclt.exe[1908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\wuauclt.exe[1908] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\wuauclt.exe[1908] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00C31014
    .text C:\WINDOWS\system32\wuauclt.exe[1908] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00C30804
    .text C:\WINDOWS\system32\wuauclt.exe[1908] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00C30A08
    .text C:\WINDOWS\system32\wuauclt.exe[1908] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00C30C0C
    .text C:\WINDOWS\system32\wuauclt.exe[1908] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00C30E10
    .text C:\WINDOWS\system32\wuauclt.exe[1908] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00C301F8
    .text C:\WINDOWS\system32\wuauclt.exe[1908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C303FC
    .text C:\WINDOWS\system32\wuauclt.exe[1908] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00C30600
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002D01F8
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1924] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002D03FC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1924] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1924] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 01701014
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1924] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 01700804
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1924] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 01700A08
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1924] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 01700C0C
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1924] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 01700E10
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1924] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 017001F8
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1924] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 017003FC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1924] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 01700600
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1924] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01940804
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1924] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1045FBF7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1924] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01940A08
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1924] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01940600
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1924] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 019401F8
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1924] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 019403FC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1924] USER32.dll!GetMenuContextHelpId + 1A 7E465319 7 Bytes JMP 10460118 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\WINDOWS\system32\svchost.exe[2228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[2228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[2228] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00A61014
    .text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00A60804
    .text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00A60A08
    .text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00A60C0C
    .text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00A60E10
    .text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00A601F8
    .text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A603FC
    .text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00A60600
    .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002701F8
    .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2264] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2264] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002703FC
    .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[2264] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2528] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2576] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2576] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2576] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 02211014
    .text C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2576] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 02210804
    .text C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2576] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 02210A08
    .text C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2576] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 02210C0C
    .text C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2576] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 02210E10
    .text C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2576] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 022101F8
    .text C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2576] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 022103FC
    .text C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2576] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 02210600
    .text C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2576] USER32.dll!SetScrollInfo 7E419056 5 Bytes JMP 004BBC00 C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare Studio/Wondershare)
    .text C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2576] USER32.dll!GetScrollInfo 7E42DFE2 5 Bytes JMP 004BBD8C C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare Studio/Wondershare)
    .text C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2576] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 004BBC88 C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare Studio/Wondershare)
    .text C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[2576] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 004BBD08 C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare Studio/Wondershare)
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[2588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[2588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[2588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[2588] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[2588] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00031014
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[2588] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00030804
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[2588] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00030A08
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[2588] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00030C0C
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[2588] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00030E10
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[2588] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 000301F8
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[2588] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 000303FC
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[2588] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00030600
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[2588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 03F30804
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[2588] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 03F30A08
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[2588] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 03F30600
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[2588] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 03F301F8
    .text C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe[2588] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 03F303FC
    .text C:\WINDOWS\system32\ctfmon.exe[2596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\ctfmon.exe[2596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[2596] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\ctfmon.exe[2596] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[2596] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00991014
    .text C:\WINDOWS\system32\ctfmon.exe[2596] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00990804
    .text C:\WINDOWS\system32\ctfmon.exe[2596] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00990A08
    .text C:\WINDOWS\system32\ctfmon.exe[2596] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00990C0C
    .text C:\WINDOWS\system32\ctfmon.exe[2596] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00990E10
    .text C:\WINDOWS\system32\ctfmon.exe[2596] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009901F8
    .text C:\WINDOWS\system32\ctfmon.exe[2596] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009903FC
    .text C:\WINDOWS\system32\ctfmon.exe[2596] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00990600
    .text C:\Documents and Settings\Larry\My Documents\Downloads\tku1zhje.exe[2840] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003901F8
    .text C:\Documents and Settings\Larry\My Documents\Downloads\tku1zhje.exe[2840] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\Larry\My Documents\Downloads\tku1zhje.exe[2840] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003903FC
    .text C:\Documents and Settings\Larry\My Documents\Downloads\tku1zhje.exe[2840] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Documents and Settings\Larry\My Documents\Downloads\tku1zhje.exe[2840] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
    .text C:\Documents and Settings\Larry\My Documents\Downloads\tku1zhje.exe[2840] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
    .text C:\Documents and Settings\Larry\My Documents\Downloads\tku1zhje.exe[2840] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
    .text C:\Documents and Settings\Larry\My Documents\Downloads\tku1zhje.exe[2840] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
    .text C:\Documents and Settings\Larry\My Documents\Downloads\tku1zhje.exe[2840] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
    .text C:\Documents and Settings\Larry\My Documents\Downloads\tku1zhje.exe[2840] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
    .text C:\Documents and Settings\Larry\My Documents\Downloads\tku1zhje.exe[2840] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
    .text C:\Documents and Settings\Larry\My Documents\Downloads\tku1zhje.exe[2840] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
    .text C:\Documents and Settings\Larry\My Documents\Downloads\tku1zhje.exe[2840] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
    .text C:\Documents and Settings\Larry\My Documents\Downloads\tku1zhje.exe[2840] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
    .text C:\Documents and Settings\Larry\My Documents\Downloads\tku1zhje.exe[2840] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
    .text C:\Documents and Settings\Larry\My Documents\Downloads\tku1zhje.exe[2840] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
    .text C:\Documents and Settings\Larry\My Documents\Downloads\tku1zhje.exe[2840] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
    .text C:\WINDOWS\System32\alg.exe[2912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\alg.exe[2912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[2912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[2912] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01598BF0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002D03FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] KERNEL32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 018E7FF0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 018E7FCD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] KERNEL32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 015AF1AD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 025A0804
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 025A0A08
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 025A0600
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 025A01F8
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 025A03FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 018E7F4E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 048B1014
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 048B0804
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 048B0A08
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 048B0C0C
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 048B0E10
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 048B01F8
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 048B03FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3528] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 048B0600
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3812] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3812] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006F1014
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3812] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006F0804
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3812] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006F0A08
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3812] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006F0C0C
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3812] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006F0E10
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3812] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006F01F8
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3812] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006F03FC
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3812] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006F0600
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3812] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3812] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[4008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003801F8
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[4008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[4008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003803FC
    .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[4008] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]

    ---- Devices - GMER 2.1 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    ---- EOF - GMER 2.1 ----
     
  2. pokey2

    pokey2 Thread Starter

    Joined:
    Jan 24, 2008
    Messages:
    90
    I have managed to get to my system restore and was able to restore before the last windows update. Things seem to be normal again!! Larry
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090968

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice