Page 1 of 2 12 LastLast
Results 1 to 10 of 18
  1. #1
    Member
    Join Date
    Jun 2005
    Posts
    93
    Points
    0

    Default spyware hiding my documents and all programs

    My husband was looking at a website for a local resturant and Avast warned him that there was a possible problem. It told him that a suspicious program was running in the sandbox and gave a file name like C;\Documents and Settings\All users\... IyaPhX6NfuZYQX.exe (something different every time). There were lots of cascading boxes warning about something wrong with the C: drive.

    I have run SuperAntispyware, MalwareBytes, the Avast and Hijack this. Since the Malwarebyte found 1 item to delete, the cascading boxes do not show up when he logs in, but he still can only see 6 icons on his screen and only one or two programs under all programs.

    When I login with my userid, I can see everything just fine. All my icons and all the programs installed.

    Avast did not find anything when it scanned.

    Please advise. Thanks,SUPERAntiSpyware Scan Log - 09-02-2012 - 16-42-44.logmbam-log-2012-09-02 (17-18-17).txthijackthis.log

  2. #2
    Member
    Join Date
    Jun 2005
    Posts
    93
    Points
    0

    Default

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 09/02/2012 at 04:42 PM

    Application Version : 5.5.1012

    Core Rules Database Version : 9166
    Trace Rules Database Version: 6978

    Scan type : Quick Scan
    Total Scan Time : 00:24:37

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 555
    Memory threats detected : 0
    Registry items scanned : 29757
    Registry threats detected : 0
    File items scanned : 11922
    File threats detected : 40

    Adware.Tracking Cookie
    C:\Documents and Settings\kathy\Cookies\K0XQD2CP.txt [ /doubleclick.net ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\DEG9W8VH.txt [ Cookie:dan@imrworldwide.com/cgi-bin ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\X18CR5NV.txt [ Cookie:dan@questionmarket.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\LLH5QEJB.txt [ Cookie:dan@invitemedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\EIFTB338.txt [ Cookie:dan@ad.yieldmanager.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\KSTSIJCD.txt [ Cookie:dan@collective-media.net/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\S8INBCJ4.txt [ Cookie:dan@bs.serving-sys.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\IU8LXLVF.txt [ Cookie:dan@legolas-media.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\UEYVTNF4.txt [ Cookie:dan@serving-sys.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\WMICY2I9.txt [ Cookie:dan@t.pointroll.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\WBQDW80C.txt [ Cookie:dan@media6degrees.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\2KEXX08D.txt [ Cookie:dan@www.googleadservices.com/pagead/conversion/1032910924/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\UJU3DXSK.txt [ Cookie:dan@pointroll.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\U1K1HLBE.txt [ Cookie:dan@adbrite.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\1WWUAFED.txt [ Cookie:dan@milesmedia.122.2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\XF8QQZ1C.txt [ Cookie:dan@everyscreenmedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\LXQKWIIZ.txt [ Cookie:dan@msnportal.112.2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\AU6AFBSF.txt [ Cookie:dan@at.atwola.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\QLY2FV50.txt [ Cookie:dan@adserver.adtechus.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\CS1D5BQJ.txt [ Cookie:dan@liveperson.net/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\IAQ19EX3.txt [ Cookie:dan@realmedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\PJR3S8EH.txt [ Cookie:dan@www.googleadservices.com/pagead/conversion/1065759433/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\XO501H2A.txt [ Cookie:dan@warnerbros.112.2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\5BWGR3YZ.txt [ Cookie:dan@citygridmedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\TBK270EC.txt [ Cookie:dan@ru4.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\Q9A3462S.txt [ Cookie:dan@revsci.net/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\6SXZ0TPL.txt [ Cookie:dan@warnerbroads.112.2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\UELI46AM.txt [ Cookie:dan@tribalfusion.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\2VXM2LCU.txt [ Cookie:dan@www.googleadservices.com/pagead/conversion/1070988817/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\K9HBH9KH.txt [ Cookie:dan@pro-market.net/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\CJDWBAE5.txt [ Cookie:dan@www.googleadservices.com/pagead/conversion/1030287939/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\9UFBG2IV.txt [ Cookie:dan@amazon-adsystem.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\IGOQU4LD.txt [ Cookie:dan@www.googleadservices.com/pagead/conversion/1002866651/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\F4AH0UHQ.txt [ Cookie:dan@headcountry.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\RXN8V7KL.txt [ Cookie:dan@lucidmedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\J3L3JAA3.txt [ Cookie:dan@homestore.122.2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\GFDKM6R6.txt [ Cookie:dan@yieldmanager.net/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\QL6YU2N7.txt [ Cookie:dan@www.headcountry.com/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\U53WY431.txt [ Cookie:dan@2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\DAN\Cookies\B17GC16Q.txt [ Cookie:dan@ar.atwola.com/ ]


    Malwarebytes Anti-Malware 1.62.0.1300
    Malwarebytes : Free anti-malware download

    Database version: v2012.09.02.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    kathy :: DB90FXC1 [administrator]

    9/2/2012 5:18:17 PM
    mbam-log-2012-09-02 (17-18-17).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 253774
    Time elapsed: 22 minute(s), 29 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\RECYCLER\S-1-5-21-899168822-2618310791-4039456915-1006\Dc2.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

    (end)


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:37:30 PM, on 9/2/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\kathy\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Dell Start Page
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://vpn.esc.gov/vdesk/terminal/u...,2010,125,2117
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://amcmailcls2.faa.gov/iNotes6W.cab
    O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://vpn.esc.gov/vdesk/terminal/f...2009,1204,1610
    O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://vpn.esc.gov/vdesk/terminal/I...2009,1204,1613
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://amcmailcls2.faa.gov/dwa8W.cab
    O16 - DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} (CoxSelfInstallAx10 Control) - https://install.cox.net/CoxSelfInsta...nstallAx10.ocx
    O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://vpn.esc.gov/vdesk/terminal/u...2009,1204,1608
    O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://vpn.esc.gov/vdesk/terminal/u...2009,1204,1604
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/J...etupClient.cab
    O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

    --
    End of file - 9363 bytes

  3. #3
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi beadedquilter,

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply and add the new log to this thread.

    We need to see some information about what is happening in your machine. Please perform the following scans:

    DDS:
    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.

    * When done, DDS will open two (2) logs:

    1. DDS.txt
    2. Attach.txt

    Save both reports to your desktop post the contents of the DDS.txt log. Save the other report in case I need to look at it later.


    Next:

    GMER:

    Please download GMER from one of the following locations and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zipped Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable all active protection when done.

    -- If you encounter any problems, try running GMER in Safe Mode
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  4. #4
    Member
    Join Date
    Jun 2005
    Posts
    93
    Points
    0

    Default

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by dan at 20:32:11 on 2012-09-06
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1243 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\System32\wscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
    mWindow Title =
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
    uPolicies-explorer: RestrictRun = 0 (0x0)
    mPolicies-explorer: RestrictRun = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://vpn.esc.gov/vdesk/terminal/urxvpn.cab#version=6031,2010,125,2117
    DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
    DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
    DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://amcmailcls2.faa.gov/iNotes6W.cab
    DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://vpn.esc.gov/vdesk/terminal/f5tunsrv.cab#version=6031,2009,1204,1610
    DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://vpn.esc.gov/vdesk/terminal/InstallerControl.cab#version=6031,2009,1204,1613
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://amcmailcls2.faa.gov/dwa8W.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} - hxxps://install.cox.net/CoxSelfInstall//CoxSelfInstallAx10.ocx
    DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://vpn.esc.gov/vdesk/terminal/urxshost.cab#version=6031,2009,1204,1608
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://vpn.esc.gov/vdesk/terminal/urxhost.cab#version=6031,2009,1204,1604
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{DDBE0598-7009-43A3-B94F-D05829583C8D} : DhcpNameServer = 192.168.1.1
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-7-29 28544]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-5 729752]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-8-7 355632]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-7 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-11 44808]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2011-8-24 430136]
    R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2008-10-31 33920]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-8 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-17 250056]
    S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2009-11-12 10752]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-8 136176]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-5-5 79816]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-5-5 35272]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-5-5 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-5-5 40552]
    .
    =============== Created Last 30 ================
    .
    2012-09-02 22:15:34 -------- d-----w- c:\program files\Malwarebytes 2012
    2012-09-02 21:16:09 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-09-02 21:16:09 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2012-08-31 23:35:24 526888 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    .
    ==================== Find3M ====================
    .
    2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
    2012-08-15 02:56:24 70344 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-15 02:56:24 426184 ---ha-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-06 13:58:51 78336 ---ha-w- c:\windows\system32\browser.dll
    2012-07-04 14:05:18 139784 ---ha-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-03 13:40:15 1866112 ---ha-w- c:\windows\system32\win32k.sys
    2012-07-02 17:49:33 916992 ---ha-w- c:\windows\system32\wininet.dll
    2012-07-02 17:49:32 43520 ---ha-w- c:\windows\system32\licmgr10.dll
    2012-07-02 17:49:32 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05:43 385024 ---ha-w- c:\windows\system32\html.iec
    2012-06-25 21:04:24 1394248 ---ha-w- c:\windows\system32\msxml4.dll
    .
    ============= FINISH: 20:32:58.81 ===============



    GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
    Rootkit scan 2012-09-07 18:45:53
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000069 ST3160812AS rev.3.ADJ
    Running: 8xitzxp5.exe; Driver: C:\DOCUME~1\dan\LOCALS~1\Temp\kxtyapog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB6905708]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB69B07C8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB690611C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB6947401]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB6910F28]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB6910F74]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB69110F6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB6946DB5]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB6910E96]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB6910FB8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB6910EDE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB6906310]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB69110B0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB6906A9C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB6905756]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB6947AC7]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB6947D7D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB690A0E4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB6947932]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB694779D]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB69B08AC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB69053BE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB69057A4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB690A456]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB6907464]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB6910F52]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB6910F96]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB691111A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB6947111]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB6910EBC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB6909C5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB691103A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB6910F06]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB6909E8C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB69110D4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB69B0A2C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB6947618]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB6907330]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB694746A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB6906EDA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB69BC30E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB6946428]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB69057F2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB6905840]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB690691C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB6905448]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB69055F8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB6947BCE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB690559E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB6906BFE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB6906D5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB6905668]
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB6AC6640]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB6906794]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB690588E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB6906160]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB69C8966]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2F10 805047AC 12 Bytes [F2, 57, 90, B6, 40, 58, 90, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 12 Bytes [FE, 6B, 90, B6, 5A, 6D, 90, ...]
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A648C 4 Bytes CALL B6907AF1 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC520 5 Bytes JMP B69C5806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C2FA4 5 Bytes JMP B69C7320 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1144 7 Bytes JMP B69C896A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB94D7360, 0x2456AE, 0xE8000020]
    .text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP B690BA6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP B690B95E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B690B918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C57B 5 Bytes JMP B690AFCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngSetLastError + 79A8 BF8240EB 5 Bytes JMP B690A6E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateBitmap + F9C BF828A55 5 Bytes JMP B690BBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8314A0 5 Bytes JMP B690BDE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + B687 BF839ED7 5 Bytes JMP B690B81E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851765 5 Bytes JMP B690A5AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC8A 5 Bytes JMP B690B08C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2F4 5 Bytes JMP B690AB40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E37F 5 Bytes JMP B690AE06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 88 BF85F5F0 5 Bytes JMP B690A592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 5457 BF8649BF 5 Bytes JMP B690B9A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 35FB BF8731B9 5 Bytes JMP B690AC00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 4138 BF873CF6 5 Bytes JMP B690ADC0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetLastError + 1606 BF890DF1 5 Bytes JMP B690B0A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 26EE BF89439B 5 Bytes JMP B690BB20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBltROP + 583 BF894E73 5 Bytes JMP B690BD3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 3862 BF89C226 5 Bytes JMP B690AFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 4DF7 BF89D7BB 5 Bytes JMP B690A756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngEraseSurface + A9E8 BF8C1D00 5 Bytes JMP B690A866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1517 BF8CA191 5 Bytes JMP B690A93E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1797 BF8CA411 5 Bytes JMP B690AA6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + 3B33 BF8EBDCC 5 Bytes JMP B690A48C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + CB47 BF8F4DE0 5 Bytes JMP B690AFE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 1A2F BF9142F4 5 Bytes JMP B690A682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 2603 BF914EC8 5 Bytes JMP B690A812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4F7C BF917841 5 Bytes JMP B690AF20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 1947 BF947973 5 Bytes JMP B690BC96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    ? C:\DOCUME~1\dan\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\iPod\bin\iPodService.exe[364] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\iPod\bin\iPodService.exe[364] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[364] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\iPod\bin\iPodService.exe[364] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[364] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\iPod\bin\iPodService.exe[364] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\iPod\bin\iPodService.exe[364] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\iPod\bin\iPodService.exe[364] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\iPod\bin\iPodService.exe[364] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\iPod\bin\iPodService.exe[364] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\iPod\bin\iPodService.exe[364] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\iPod\bin\iPodService.exe[364] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\iPod\bin\iPodService.exe[364] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\iPod\bin\iPodService.exe[364] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\iPod\bin\iPodService.exe[364] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\iPod\bin\iPodService.exe[364] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\iPod\bin\iPodService.exe[364] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[380] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[380] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[380] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[380] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[380] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[432] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002A0804
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[432] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002A0A08
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[432] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002A0600
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[432] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002A01F8
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[432] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002A03FC
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[432] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[432] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[432] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[432] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[432] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[432] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[432] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[432] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[712] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[712] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[712] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[712] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[712] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[712] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[712] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[712] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[712] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[712] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[712] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\system32\nvsvc32.exe[724] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\WINDOWS\system32\nvsvc32.exe[724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\nvsvc32.exe[724] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\WINDOWS\system32\nvsvc32.exe[724] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\nvsvc32.exe[724] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\nvsvc32.exe[724] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\nvsvc32.exe[724] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\nvsvc32.exe[724] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\nvsvc32.exe[724] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\nvsvc32.exe[724] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\WINDOWS\system32\nvsvc32.exe[724] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\nvsvc32.exe[724] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\nvsvc32.exe[724] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\WINDOWS\system32\nvsvc32.exe[724] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\WINDOWS\system32\nvsvc32.exe[724] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\nvsvc32.exe[724] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\nvsvc32.exe[724] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[732] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[732] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[732] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[732] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
    .text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[732] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
    .text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[732] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
    .text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[732] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
    .text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[732] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
    .text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[732] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
    .text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[732] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
    .text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[732] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
    .text C:\WINDOWS\System32\smss.exe[816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[848] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[848] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[848] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[848] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\csrss.exe[864] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[864] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[932] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1300] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1300] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1300] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1300] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1300] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1300] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1300] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1300] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
    .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1300] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
    .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1300] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
    .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1300] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
    .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1300] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1352] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1352] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1352] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1352] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1352] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1352] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1352] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1352] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1352] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1352] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1352] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1352] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[1352] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\System32\svchost.exe[1384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1400] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1400] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1400] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1400] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1400] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1400] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1400] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1400] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1400] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1400] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1400] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1400] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1400] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1400] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1400] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1400] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1584] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1584] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1584] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1584] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1584] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1584] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1652] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1744] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1788] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[2288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\Explorer.EXE[2288] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[2288] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\Explorer.EXE[2288] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[2288] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\Explorer.EXE[2288] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\Explorer.EXE[2288] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\Explorer.EXE[2288] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\Explorer.EXE[2288] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\Explorer.EXE[2288] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\Explorer.EXE[2288] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\Explorer.EXE[2288] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\Explorer.EXE[2288] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\Explorer.EXE[2288] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\Explorer.EXE[2288] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\Explorer.EXE[2288] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\Explorer.EXE[2288] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2456] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2456] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2456] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2456] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2456] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2456] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2456] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2456] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2456] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2456] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2456] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2456] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2456] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Canon\CAL\CALMAIN.exe[2456] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\System32\alg.exe[2604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\alg.exe[2604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[2604] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\alg.exe[2604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[2604] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\alg.exe[2604] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\alg.exe[2604] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\alg.exe[2604] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\alg.exe[2604] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\alg.exe[2604] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\System32\alg.exe[2604] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\alg.exe[2604] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\alg.exe[2604] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\System32\alg.exe[2604] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\System32\alg.exe[2604] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\alg.exe[2604] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[2604] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2640] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2640] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2640] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2640] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2640] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
    .text C:\Documents and Settings\dan\Desktop\8xitzxp5.exe[2872] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\dan\Desktop\8xitzxp5.exe[2872] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
    .text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
    .text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[3040] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\ctfmon.exe[3040] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\ctfmon.exe[3040] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\ctfmon.exe[3040] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\ctfmon.exe[3040] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\ctfmon.exe[3040] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\ctfmon.exe[3040] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\ctfmon.exe[3040] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\ctfmon.exe[3040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\system32\ctfmon.exe[3040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\system32\ctfmon.exe[3040] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\system32\ctfmon.exe[3040] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\ctfmon.exe[3040] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\stsystra.exe[3236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\WINDOWS\stsystra.exe[3236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\stsystra.exe[3236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\WINDOWS\stsystra.exe[3236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\stsystra.exe[3236] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\WINDOWS\stsystra.exe[3236] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\WINDOWS\stsystra.exe[3236] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\WINDOWS\stsystra.exe[3236] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\WINDOWS\stsystra.exe[3236] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\WINDOWS\stsystra.exe[3236] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\WINDOWS\stsystra.exe[3236] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\WINDOWS\stsystra.exe[3236] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\WINDOWS\stsystra.exe[3236] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\WINDOWS\stsystra.exe[3236] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\WINDOWS\stsystra.exe[3236] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\WINDOWS\stsystra.exe[3236] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\WINDOWS\stsystra.exe[3236] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3476] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3476] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3476] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
    .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3476] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
    .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3476] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
    .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3476] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
    .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3476] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
    .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3476] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3476] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3476] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3476] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3476] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3476] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3476] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3476] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\iTunes\iTunesHelper.exe[3688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[3688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[3688] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[3688] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[3688] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\iTunes\iTunesHelper.exe[3688] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\iTunes\iTunesHelper.exe[3688] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[3688] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\iTunes\iTunesHelper.exe[3688] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\iTunes\iTunesHelper.exe[3688] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[3688] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[3688] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\iTunes\iTunesHelper.exe[3688] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
    .text C:\Program Files\iTunes\iTunesHelper.exe[3688] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[3688] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
    .text C:\Program Files\iTunes\iTunesHelper.exe[3688] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[3688] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
    .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3752] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3752] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3752] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3752] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3752] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3752] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3752] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3752] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3752] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3752] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3752] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3752] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3752] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3752] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3752] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
    .text C:\WINDOWS\System32\svchost.exe[3964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[3964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[3964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[3964] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[3964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[3964] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[3964] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[3964] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[3964] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[3964] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[3964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[3964] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[3964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[3964] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[3964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[3964] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[3964] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
    IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
    IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1744] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
    IAT C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\PROGRA~1\ALWILS~1\Avast5\aswCmnBS.dll (Common functions/AVAST Software)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \FileSystem\Fastfat \Fat AFE04D20
    Device \FileSystem\Fastfat \Fat AFDFD60A

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@ Wireless
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@ProcessGroupPolicy ProcessWIRELESSPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@DllName gptext.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@ Folder Redirection
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@ProcessGroupPolicyEx ProcessGroupPolicyEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@DllName fdeploy.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoMachinePolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoSlowLink 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@PerUserLocalSettings 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoGPOListChanges 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoBackgroundPolicy 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@GenerateGroupPolicy GenerateGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@EventSources (Folder Redirection,Application)?
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ Microsoft Disk Quota
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoMachinePolicy 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoSlowLink 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoBackgroundPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PerUserLocalSettings 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@RequiresSuccessfulRegistry 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@EnableAsynchronousProcessing 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@DllName dskquota.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ProcessGroupPolicy ProcessGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@ QoS Packet Scheduler
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@ProcessGroupPolicy ProcessPSCHEDPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@DllName gptext.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ Scripts
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ProcessGroupPolicy ProcessScriptsGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ProcessGroupPolicyEx ProcessScriptsGroupPolicyEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@GenerateGroupPolicy GenerateScriptsGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@DllName gptext.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NoSlowLink 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NotifyLinkTransition 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ Internet Explorer Zonemapping
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DllName C:\WINDOWS\system32\iedkcs32.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ProcessGroupPolicy ProcessGroupPolicyForZoneMap
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSucessfulRegistry 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSuccessfulRegistry 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ Internet Explorer User Accelerators
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@DllName C:\WINDOWS\system32\iedkcs32.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ProcessGroupPolicy ProcessGroupPolicyForActivities
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ProcessGroupPolicyEx ProcessGroupPolicyForActivitiesEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@RequiresSuccessfulRegistry 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessSecurityPolicyGPO
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@GenerateGroupPolicy SceGenerateGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionRsopPlanningDebugLevel 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicyEx SceProcessSecurityPolicyGPOEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionDebugLevel 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ Security
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@EnableAsynchronousProcessing 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@MaxNoGPOListChangesInterval 960
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicyEx ProcessGroupPolicyEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@GenerateGroupPolicy GenerateGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicy ProcessGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DllName C:\WINDOWS\system32\iedkcs32.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ Internet Explorer Branding
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoSlowLink 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoBackgroundPolicy 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoMachinePolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3014
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessEFSRecoveryGPO
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ EFS recovery
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@RequiresSuccessfulRegistry 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ 802.3 Group Policy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DisplayName @dot3gpclnt.dll,-100
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ProcessGroupPolicyEx ProcessLANPolicyEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@GenerateGroupPolicy GenerateLANPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DllName dot3gpclnt.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ Microsoft Offline Files
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@DllName %SystemRoot%\System32\cscui.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@EnableAsynchronousProcessing 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoBackgroundPolicy 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoGPOListChanges 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoMachinePolicy 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoSlowLink 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@PerUserLocalSettings 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ProcessGroupPolicy ProcessGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@RequiresSuccessfulRegistry 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ Software Installation
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@DllName appmgmts.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ProcessGroupPolicyEx ProcessGroupPolicyObjectsEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@GenerateGroupPolicy GenerateGroupPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoBackgroundPolicy 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@RequiresSucessfulRegistry 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoSlowLink 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@PerUserLocalSettings 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@EventSources (Application Management,Application)?(MsiInstaller,Application)?
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ Internet Explorer Machine Accelerators
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@DllName C:\WINDOWS\system32\iedkcs32.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@NoGPOListChanges 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ProcessGroupPolicy ProcessGroupPolicyForActivities
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ProcessGroupPolicyEx ProcessGroupPolicyForActivitiesEx
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@RequiresSuccessfulRegistry 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@ IP Security
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@ProcessGroupPolicy ProcessIPSECPolicy
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@DllName gptext.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@NoUserPolicy 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@NoGPOListChanges 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@DllName C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logon SABWINLOLogon
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logoff SABWINLOLogoff
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Startup SABWINLOStartup
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Shutdown SABWINLOShutdown
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Asynchronous 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Impersonate 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Asynchronous 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@DllName %SystemRoot%\System32\dimsntfy.dll
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Startup WlDimsStartup
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Shutdown WlDimsShutdown
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logon WlDimsLogon
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logoff WlDimsLogoff
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@StartShell WlDimsStartShell
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Lock WlDimsLock
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Unlock WlDimsUnlock
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@HelpAssistant 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@TsInternetUser 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@SQLAgentCmdExec 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@NetShowServices 0
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IWAM_ 65536
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IUSR_ 65536
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@VUSR_ 65536
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@ASPNET 0

    ---- EOF - GMER 1.0.15 ----

  5. #5
    Member
    Join Date
    Jun 2005
    Posts
    93
    Points
    0

    Default

    We do not have the original Windows CD/DVD.
    Windows XP SP 3 32 bit

    My husbands userid can only see the programs or the file in his My documents that have been installed or created since the virus/malware infected his account.
    My account on the same computer seems okay.

    Please help. THanks.

  6. #6
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Please run the following tools and post there logs.

    1.
    Please download the latest version of TDSSKiller from here and save it to your Desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    • Put a checkmark beside loaded modules.
    • A reboot will be needed to apply the changes. Do it.
    • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
    • Then click on Change parameters in TDSSKiller.
    • Check all boxes then click OK.
    • Click the Start Scan button.
    • The scan should take no longer than 2 minutes.
    • If a suspicious object is detected, the default action will be Skip, click on Continue.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
      Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

      Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
    • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



    2.
    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
    • Close any open windows, including this one.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • If you did not have it installed, you will see the prompt below. Choose YES.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running.
    ComboFix will restart your computer if malware is found; allow it to do so.


    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


    3.
    Please download and run unhide.exe.

    Things to include in your next reply::
    TdssKiller log
    Combofix.txt
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  7. #7
    Member
    Join Date
    Jun 2005
    Posts
    93
    Points
    0

    Default

    I have spent 2 hours last night and 1 hour today trying to post the TDsSkiller and ComboFix logs. When I start a reply and try to paste the log into the reply window, it hangs up your web page. If I try to click on the title of the reply or to page down to post (when I did finally get TDSSkiller log to paste in the window) all I get is an hourglass and it says (not responding) in the IE title bar.

    After running TDSSkiller and Combofix and unhide my husbands computer it seems to be back to normal. He can see all the programs and icons again.

    I will continue to try to post the logs your requested.

  8. #8
    Member
    Join Date
    Jun 2005
    Posts
    93
    Points
    0

    Default TDSSkiller log and combofix log


  9. #9
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Lets look for any leftovers.

    1.
    I'd like us to scan your machine with ESET OnlineScan
    1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the
        icon on your desktop.
    4. Check "YES, I accept the Terms of Use."
    5. Click the Start button.
    6. Accept any security warnings from your browser.
    7. Under scan settings, check "Scan Archives" and "Remove found threats"
    8. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    10. When the scan completes, click List Threats
    11. Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    12. Click the Back button.
    13. Click the Finish button.


    2.
    Download AdwCleaner
    • Double click on AdwCleaner.exe to run the tool.
      ***Note: Windows Vista and Windows 7 users:
      Right click in the adwCleaner.exe and select
    • Click the Search button.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your next reply.
    • Or you can find the logfile at C:\AdwCleaner[R1].txt.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  10. #10
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello.

    Are you still there?

    If you are please follow the instructions in my previous post.

    If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

    Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

    Thanks for understanding

    With Regards,
    fireman4it
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




Page 1 of 2 12 LastLast