1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browser hi-Jack! Please help!

Discussion in 'Virus & Other Malware Removal' started by altec100, Jan 21, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. altec100

    altec100 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    6
    Hallo there..
    I have what I think is a browser hi-jack, in that an internet explorer browser page comes and goes
    advertising various dubious web tools and services.. Ive tried to blast it with spybot and Malwarebytes' Anti-Malware - with latest updates, but its still here. I hope someone can assist..

    Thanks in advance

    Im posting HijackThis, DDS and GMER and attaching attach file

    HijackThis

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 23:29:55, on 21/01/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avast\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Avast\avastUI.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NetMeter\NetMeter.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\HijackThis.exe

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast\AvastSvc.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

    --
    End of file - 4636 bytes



    DDS


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Owner at 21:58:08.88 on 21/01/2011
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.117 [GMT 0:00]

    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Avast\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Avast\avastUI.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NetMeter\NetMeter.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\My Documents\Downloads\dds.com

    ============== Pseudo HJT Report ===============

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [c:\program files\netmeter\netmeter.exe] c:\program files\netmeter\NetMeter.exe
    uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [avast5] "c:\program files\avast\avastUI.exe" /nogui
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRunServices: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE
    IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Notify: igfxcui - igfxsrvc.dll

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-28 294608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-28 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast\AvastSvc.exe [2010-11-28 40384]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
    R3 EchoIndigoDJ;Echo Indigo dj Service;c:\windows\system32\drivers\echondgo.sys [2007-2-8 147840]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]

    =============== Created Last 30 ================

    2011-01-21 21:04:05 1612 ---ha-w- C:\aaw7boot.cmd
    2011-01-20 19:39:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-20 19:39:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-20 19:39:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-20 19:35:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-01-20 19:35:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2011-01-20 19:29:44 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-01-20 19:16:11 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Sunbelt Software
    2011-01-20 09:07:19 604672 ----a-w- c:\program files\windows media player\trillian.exe
    2010-12-23 13:18:44 -------- d-----w- c:\program files\Ashampoo

    ==================== Find3M ====================

    2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr

    ============= FINISH: 21:58:59.63 ===============


    GMER - ark


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-21 23:15:04
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e FUJITSU_MHT2040AH rev.006C
    Running: cw2hubq3.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdapod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xEFBD1728]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xEFBD87EA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xEFBD86A2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xEFBD8CA8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xEFBD8BBE]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xEFBD8276]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xEFBD17D8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xEFBD877E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xEFBD81B2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xEFBD8218]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xEFBD1870]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xEFBD88C2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEFBD8D76]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xEFBD8880]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xEFBD8A04]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEFBE582E]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xEFBE5652]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xEFBE578C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_abnormal_termination + B3 804E2D84 4 Bytes JMP A7EFBD87
    PAGE ntoskrnl.exe!ObInsertObject 805648A3 5 Bytes JMP EFBE2C88 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!NtCreateSection 80564B1B 7 Bytes JMP EFBE5656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 805885D3 7 Bytes JMP EFBE5832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A2BF9 5 Bytes JMP EFBE11EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ZwLoadDriver 805A6B26 7 Bytes JMP EFBE5790 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Avast\AvastSvc.exe[348] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[356] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[356] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[356] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[356] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[356] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[956] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[956] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[956] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[956] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[956] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[956] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[956] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[956] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[956] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[956] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[956] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[956] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[956] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[956] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[956] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[1196] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[1196] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[1196] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[1196] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[1196] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[1196] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[1196] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[1196] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[1196] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[1196] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[1196] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[1196] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[1196] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[1196] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[1196] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[1256] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[1256] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[1256] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[1256] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[1256] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[1256] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[1256] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[1256] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[1256] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[1256] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[1256] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[1256] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[1256] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[1256] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[1256] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[1268] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[1268] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[1268] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[1268] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[1268] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[1268] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[1268] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[1268] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[1268] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[1268] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[1268] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[1268] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[1268] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[1268] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[1268] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Dell\QuickSet\quickset.exe[1448] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Dell\QuickSet\quickset.exe[1448] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Dell\QuickSet\quickset.exe[1448] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Dell\QuickSet\quickset.exe[1448] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Dell\QuickSet\quickset.exe[1448] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\hkcmd.exe[1468] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\hkcmd.exe[1468] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\hkcmd.exe[1468] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\hkcmd.exe[1468] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\hkcmd.exe[1468] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\hkcmd.exe[1468] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\hkcmd.exe[1468] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\hkcmd.exe[1468] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\hkcmd.exe[1468] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\hkcmd.exe[1468] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\hkcmd.exe[1468] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\hkcmd.exe[1468] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\hkcmd.exe[1468] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\hkcmd.exe[1468] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\hkcmd.exe[1468] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[1608] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[1608] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[1608] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[1608] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[1608] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[1608] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[1608] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[1608] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[1608] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[1608] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[1608] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[1608] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[1608] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[1608] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[1608] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\NetMeter\NetMeter.exe[1616] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\NetMeter\NetMeter.exe[1616] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\NetMeter\NetMeter.exe[1616] advapi32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\NetMeter\NetMeter.exe[1616] advapi32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\NetMeter\NetMeter.exe[1616] advapi32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\NetMeter\NetMeter.exe[1616] advapi32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\NetMeter\NetMeter.exe[1616] advapi32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\NetMeter\NetMeter.exe[1616] advapi32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\NetMeter\NetMeter.exe[1616] advapi32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\NetMeter\NetMeter.exe[1616] advapi32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\NetMeter\NetMeter.exe[1616] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\NetMeter\NetMeter.exe[1616] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\NetMeter\NetMeter.exe[1616] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\NetMeter\NetMeter.exe[1616] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\NetMeter\NetMeter.exe[1616] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1632] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1632] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1632] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1632] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1632] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1632] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1632] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1880] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1880] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1880] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1880] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1880] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[1916] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[1916] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[1916] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[1916] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[1916] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[1916] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[1916] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[1916] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[1916] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[1916] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[1916] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[1916] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[1916] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[1916] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[1916] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[2460] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[2460] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[2460] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[2460] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[2460] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[2460] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[2460] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[2460] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[2460] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[2460] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[2460] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[2460] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[2460] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[2460] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[2460] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[3400] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[3400] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[3400] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[3400] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[3400] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[3400] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[3400] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[3400] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[3400] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[3400] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[3400] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[3400] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[3400] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[3400] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[3400] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----


    plus attach attached..
     

    Attached Files:

  2. altec100

    altec100 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    6
    sorry for double post.
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    why are you still using SP2 when you should be on SP3 by now

    Please run the MGA Diagnostic Tool and post back the report it creates:
    • Download MGADiag to your desktop.
    • Double-click on MGADiag.exe to launch the program
    • Click "Continue"
    • Ensure that the "Windows" tab is selected (it should be by default).
    • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    • Paste the MGA Diagnostic Report back here in your next reply.
     
  4. altec100

    altec100 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    6
    thanks for getting back..heres the MGA report


    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Validation Control not Installed
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
    Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
    Windows Product ID: 76477-OEM-2111907-00102
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 5.1.2600.2.00010300.2.0.hom
    ID: {16523C3C-6C64-49FD-811B-D5FC00AE2B2E}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
    Default Browser: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{16523C3C-6C64-49FD-811B-D5FC00AE2B2E}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>76477-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-527237240-436374069-1708537768</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Inspiron 1150 </Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A05</Version><SMBIOSVersion major="2" minor="3"/><Date>20040820000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>04263C07018400D2</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: A000:Dell Inc|A000:Microsoft Corporation
    Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

    OEM Activation 2.0 Data-->
    N/A
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
  6. altec100

    altec100 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    6
    ok DDS here:



    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Owner at 15:28:39.66 on 22/01/2011
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.167 [GMT 0:00]

    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Avast\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Avast\avastUI.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NetMeter\NetMeter.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Owner\Desktop\MGADiag.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\My Documents\Downloads\dds.com

    ============== Pseudo HJT Report ===============

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [c:\program files\netmeter\netmeter.exe] c:\program files\netmeter\NetMeter.exe
    uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [avast5] "c:\program files\avast\avastUI.exe" /nogui
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRunServices: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE
    IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Notify: igfxcui - igfxsrvc.dll

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-28 294608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-28 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast\AvastSvc.exe [2010-11-28 40384]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
    R3 EchoIndigoDJ;Echo Indigo dj Service;c:\windows\system32\drivers\echondgo.sys [2007-2-8 147840]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]

    =============== Created Last 30 ================

    2011-01-21 21:04:05 1612 ---ha-w- C:\aaw7boot.cmd
    2011-01-20 19:39:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-20 19:39:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-20 19:39:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-20 19:35:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-01-20 19:35:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2011-01-20 19:29:44 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-01-20 19:16:11 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Sunbelt Software
    2011-01-20 09:07:19 604672 ----a-w- c:\program files\windows media player\trillian.exe

    ==================== Find3M ====================

    2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr

    ============= FINISH: 15:29:31.70 ===============



    Attach here:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 18/11/2010 20:32:50
    System Uptime: 22/01/2011 14:12:49 (1 hours ago)

    Motherboard: Dell Computer Corporation | | 0K3227
    Processor: Intel(R) Celeron(R) CPU 2.60GHz | Microprocessor | 2597/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 37 GiB total, 15.21 GiB free.
    G: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP42: 02/12/2010 09:40:59 - System Checkpoint
    RP43: 03/12/2010 17:37:36 - System Checkpoint
    RP44: 04/12/2010 18:18:57 - System Checkpoint
    RP45: 05/12/2010 19:32:09 - System Checkpoint
    RP46: 06/12/2010 20:40:28 - System Checkpoint
    RP47: 07/12/2010 21:15:49 - System Checkpoint
    RP48: 08/12/2010 21:18:50 - System Checkpoint
    RP49: 10/12/2010 12:40:21 - System Checkpoint
    RP50: 11/12/2010 16:05:02 - System Checkpoint
    RP51: 13/12/2010 15:31:57 - System Checkpoint
    RP52: 14/12/2010 17:15:08 - System Checkpoint
    RP53: 15/12/2010 17:38:02 - System Checkpoint
    RP54: 16/12/2010 15:54:12 - Installed EPSON TWAIN 5
    RP55: 16/12/2010 15:58:02 - Unsigned driver install
    RP56: 17/12/2010 16:26:44 - System Checkpoint
    RP57: 18/12/2010 17:22:44 - System Checkpoint
    RP58: 19/12/2010 23:50:08 - System Checkpoint
    RP59: 21/12/2010 13:05:03 - System Checkpoint
    RP60: 23/12/2010 10:34:53 - System Checkpoint
    RP61: 24/12/2010 10:49:33 - System Checkpoint
    RP62: 28/12/2010 19:49:22 - System Checkpoint
    RP63: 29/12/2010 22:02:06 - System Checkpoint
    RP64: 31/12/2010 07:16:22 - System Checkpoint
    RP65: 01/01/2011 09:08:16 - System Checkpoint
    RP66: 02/01/2011 09:09:18 - System Checkpoint
    RP67: 03/01/2011 11:08:56 - System Checkpoint
    RP68: 04/01/2011 13:39:01 - System Checkpoint
    RP69: 05/01/2011 14:43:45 - System Checkpoint
    RP70: 06/01/2011 14:54:28 - System Checkpoint
    RP71: 08/01/2011 10:54:10 - System Checkpoint
    RP72: 11/01/2011 19:53:44 - System Checkpoint
    RP73: 13/01/2011 17:12:43 - System Checkpoint
    RP74: 14/01/2011 18:03:13 - System Checkpoint
    RP75: 15/01/2011 19:19:47 - System Checkpoint
    RP76: 16/01/2011 20:03:18 - System Checkpoint
    RP77: 17/01/2011 21:28:03 - System Checkpoint
    RP78: 18/01/2011 21:56:40 - System Checkpoint
    RP79: 20/01/2011 00:15:10 - System Checkpoint
    RP80: 21/01/2011 00:28:42 - System Checkpoint
    RP81: 22/01/2011 15:08:13 - System Checkpoint

    ==== Installed Programs ======================

    ĀµTorrent
    Adobe Reader X
    Advanced Directory Printer
    Ashampoo WinOptimizer 4.35
    avast! Free Antivirus
    Broadcom 440x 10/100 Integrated Controller
    Conexant D480 MDC V.9x Modem
    Dell ResourceCD
    Diskeeper 2009 Pro Premier
    Diskeeper Professional Edition
    DivX Setup
    Echo Indigo
    EPSON SMART PANEL for Scanner
    EPSON TWAIN 5
    Free Download Manager 3.0
    Google Chrome
    Intel(R) Extreme Graphics 2 Driver
    LightScribe 1.4.39.1
    Malwarebytes' Anti-Malware
    MediaMonkey 3.2
    Microsoft Office 97, Professional Edition
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Nero Mega Plugin Pack
    Nero Suite
    NetMeter 1.1.3
    OE Tweaker
    PeerBlock 1.1 (r518)
    QuickSet
    QuickTime Alternative 2.4.0
    RealPlayer
    Samsung ML-1520 Series
    SigmaTel AC97 Audio Drivers
    Spybot - Search & Destroy
    Stay Connected!
    TextBridge Pro 8.0
    TuneUp Utilities
    TuneUp Utilities Language Pack (en-US)
    VC80CRTRedist - 8.0.50727.4053
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    Windows Installer 3.1 (KB893803)
    WinRAR archiver
    Xiph.Org Open Codecs 0.84.17359

    ==== Event Viewer Messages From Past Week ========

    21/01/2011 22:35:07, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
    21/01/2011 22:03:37, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
    21/01/2011 17:49:17, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    20/01/2011 01:26:15, error: Service Control Manager [7034] - The TuneUp Drive Defrag Service service terminated unexpectedly. It has done this 1 time(s).
    18/01/2011 17:45:48, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 000F1F2AA369 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

    ==== End Of File ===========================
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    step 1

    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds & then reboot

    post back with its log


    then

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  8. altec100

    altec100 Thread Starter

    Joined:
    Sep 3, 2007
    Messages:
    6
    Thanks for getting back..well I think its gone!.. ive waited 24 hours to be sure.and it seems gone..here's the logs of the TDSS killer ,which didn't find anything and the combofix which i guess did the trick...i will wait a day more then change post to solved.
    Please check the logs below in case there's still something lurking..
    thanks very much for your assistance.


    TDSSKiller

    2011/01/22 15:50:08.0095 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
    2011/01/22 15:50:08.0095 ================================================================================
    2011/01/22 15:50:08.0095 SystemInfo:
    2011/01/22 15:50:08.0095
    2011/01/22 15:50:08.0095 OS Version: 5.1.2600 ServicePack: 2.0
    2011/01/22 15:50:08.0095 Product type: Workstation
    2011/01/22 15:50:08.0095 ComputerName: DAVID
    2011/01/22 15:50:08.0125 UserName: Owner
    2011/01/22 15:50:08.0125 Windows directory: C:\WINDOWS
    2011/01/22 15:50:08.0125 System windows directory: C:\WINDOWS
    2011/01/22 15:50:08.0125 Processor architecture: Intel x86
    2011/01/22 15:50:08.0125 Number of processors: 1
    2011/01/22 15:50:08.0125 Page size: 0x1000
    2011/01/22 15:50:08.0125 Boot type: Normal boot
    2011/01/22 15:50:08.0125 ================================================================================
    2011/01/22 15:50:08.0546 Initialize success
    2011/01/22 15:50:13.0002 ================================================================================
    2011/01/22 15:50:13.0002 Scan started
    2011/01/22 15:50:13.0002 Mode: Manual;
    2011/01/22 15:50:13.0002 ================================================================================
    2011/01/22 15:50:14.0885 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
    2011/01/22 15:50:15.0145 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/01/22 15:50:15.0245 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/01/22 15:50:15.0365 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
    2011/01/22 15:50:15.0466 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
    2011/01/22 15:50:15.0996 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2011/01/22 15:50:16.0076 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
    2011/01/22 15:50:16.0117 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
    2011/01/22 15:50:16.0207 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
    2011/01/22 15:50:16.0297 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
    2011/01/22 15:50:16.0367 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/01/22 15:50:16.0447 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/01/22 15:50:16.0577 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/01/22 15:50:16.0647 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/01/22 15:50:16.0757 bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
    2011/01/22 15:50:16.0888 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/01/22 15:50:16.0998 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/01/22 15:50:17.0118 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/01/22 15:50:17.0198 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/01/22 15:50:17.0278 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/01/22 15:50:17.0368 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2011/01/22 15:50:17.0428 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2011/01/22 15:50:17.0679 DgiVecp (1ec27a51a2f9df052bc2b4c8376c8fea) C:\WINDOWS\system32\Drivers\DgiVecp.sys
    2011/01/22 15:50:17.0749 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/01/22 15:50:17.0879 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/01/22 15:50:17.0979 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
    2011/01/22 15:50:18.0069 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/01/22 15:50:18.0149 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/01/22 15:50:18.0270 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/01/22 15:50:18.0330 EchoIndigoDJ (def9c66faecc4e6d50ae1cc3db2e2ea6) C:\WINDOWS\system32\drivers\echondgo.sys
    2011/01/22 15:50:18.0450 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/01/22 15:50:18.0510 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/01/22 15:50:18.0570 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    2011/01/22 15:50:18.0630 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/01/22 15:50:18.0740 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2011/01/22 15:50:18.0810 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/01/22 15:50:18.0911 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/01/22 15:50:18.0981 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/01/22 15:50:19.0101 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/01/22 15:50:19.0221 HSFHWICH (c2a7d9109b7f10a455d13b2432837b16) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
    2011/01/22 15:50:19.0331 HSF_DP (9a0d0c461ef2b3d80cb7875b4b995e47) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
    2011/01/22 15:50:19.0491 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/01/22 15:50:19.0702 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/01/22 15:50:19.0822 ialm (43d989987efa0056ad04e1d8996c5567) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    2011/01/22 15:50:19.0952 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/01/22 15:50:20.0092 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/01/22 15:50:20.0142 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/01/22 15:50:20.0192 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2011/01/22 15:50:20.0293 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/01/22 15:50:20.0373 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/01/22 15:50:20.0453 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/01/22 15:50:20.0513 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/01/22 15:50:20.0603 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/01/22 15:50:20.0653 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/01/22 15:50:20.0703 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/01/22 15:50:20.0773 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/01/22 15:50:20.0883 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/01/22 15:50:21.0044 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2011/01/22 15:50:21.0124 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/01/22 15:50:21.0204 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    2011/01/22 15:50:21.0274 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/01/22 15:50:21.0354 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/01/22 15:50:21.0404 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/01/22 15:50:21.0514 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/01/22 15:50:21.0614 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/01/22 15:50:21.0765 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/01/22 15:50:21.0845 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/01/22 15:50:21.0885 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/01/22 15:50:21.0945 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/01/22 15:50:22.0015 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/01/22 15:50:22.0065 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/01/22 15:50:22.0135 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/01/22 15:50:22.0225 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/01/22 15:50:22.0275 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/01/22 15:50:22.0325 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/01/22 15:50:22.0376 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/01/22 15:50:22.0416 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/01/22 15:50:22.0486 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/01/22 15:50:22.0586 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/01/22 15:50:22.0686 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/01/22 15:50:22.0846 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/01/22 15:50:22.0946 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/01/22 15:50:22.0986 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/01/22 15:50:23.0057 OMCI (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
    2011/01/22 15:50:23.0127 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
    2011/01/22 15:50:23.0187 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/01/22 15:50:23.0277 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/01/22 15:50:23.0387 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/01/22 15:50:23.0477 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/01/22 15:50:23.0557 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2011/01/22 15:50:23.0878 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/01/22 15:50:23.0938 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/01/22 15:50:24.0028 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/01/22 15:50:24.0318 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/01/22 15:50:24.0418 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/01/22 15:50:24.0489 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/01/22 15:50:24.0539 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/01/22 15:50:24.0609 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/01/22 15:50:24.0669 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/01/22 15:50:24.0759 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/01/22 15:50:24.0819 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/01/22 15:50:24.0939 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/01/22 15:50:25.0029 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
    2011/01/22 15:50:25.0069 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/01/22 15:50:25.0210 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
    2011/01/22 15:50:25.0330 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/01/22 15:50:25.0510 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/01/22 15:50:25.0610 STAC97 (b3034de9020cde2c46f653d972446bf2) C:\WINDOWS\system32\drivers\stac97.sys
    2011/01/22 15:50:25.0720 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/01/22 15:50:25.0770 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/01/22 15:50:25.0961 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/01/22 15:50:26.0051 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/01/22 15:50:26.0141 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/01/22 15:50:26.0191 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/01/22 15:50:26.0271 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/01/22 15:50:26.0491 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
    2011/01/22 15:50:26.0602 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/01/22 15:50:26.0712 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/01/22 15:50:26.0802 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/01/22 15:50:26.0862 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/01/22 15:50:26.0922 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/01/22 15:50:26.0992 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/01/22 15:50:27.0052 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/01/22 15:50:27.0132 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/01/22 15:50:27.0273 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    2011/01/22 15:50:27.0423 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/01/22 15:50:27.0543 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/01/22 15:50:27.0663 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/01/22 15:50:27.0773 winachsf (ce545a84bf3411e7516fa8da51ad9d93) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    2011/01/22 15:50:28.0264 ================================================================================
    2011/01/22 15:50:28.0264 Scan finished
    2011/01/22 15:50:28.0264 ================================================================================

    Combofix

    ComboFix 11-01-21.03 - Owner 22/01/2011 16:07:42.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.313 [GMT 0:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Windows Media Player\1.txt
    c:\program files\Windows Media Player\2.txt

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 )))))))))))))))))))))))))))))))
    .

    2011-01-22 14:20 . 2011-01-22 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2011-01-21 21:04 . 2011-01-21 21:04 1612 ---ha-w- C:\aaw7boot.cmd
    2011-01-20 19:39 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-20 19:39 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-20 19:39 . 2011-01-20 19:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-20 19:35 . 2011-01-21 17:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-01-20 19:35 . 2011-01-21 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-01-20 19:29 . 2011-01-20 19:29 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-01-20 19:23 . 2011-01-20 19:23 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
    2011-01-20 19:16 . 2011-01-20 19:16 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sunbelt Software
    2011-01-20 19:13 . 2011-01-21 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2011-01-20 09:07 . 2009-03-13 13:13 604672 ----a-w- c:\program files\Windows Media Player\trillian.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-13 08:47 . 2010-11-28 13:51 38848 ----a-w- c:\windows\avastSS.scr
    2011-01-13 08:47 . 2010-11-28 13:51 188216 ----a-w- c:\windows\system32\aswBoot.exe
    2011-01-13 08:41 . 2010-11-28 13:52 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-01-13 08:40 . 2010-11-28 13:52 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-01-13 08:40 . 2010-11-28 13:52 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-01-13 08:39 . 2010-11-28 13:52 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-01-13 08:37 . 2010-11-28 13:52 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-01-13 08:37 . 2010-11-28 13:52 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-01-13 08:37 . 2010-11-28 13:52 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
    "Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-11-19 133104]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-25 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-25 118784]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-03-04 487424]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
    "avast5"="c:\program files\Avast\avastUI.exe" [2011-01-13 3396624]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-11-30 180269]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON SMART PANEL for Scanner.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON SMART PANEL for Scanner.lnk
    backup=c:\windows\pss\EPSON SMART PANEL for Scanner.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-10 12:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
    2005-07-26 17:52 184408 ----a-w- c:\program files\Executive Software\Diskeeper\DkIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-11-19 20:20 133104 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2004-08-04 01:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 11:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SigmaTel StacMon"=c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/11/2010 13:52 294608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/11/2010 13:52 17744]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 15:05 1021256]
    R3 EchoIndigoDJ;Echo Indigo dj Service;c:\windows\system32\drivers\echondgo.sys [08/02/2007 17:52 147840]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - KLMD25
    *Deregistered* - klmd25

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-22 c:\windows\Tasks\Automatic troubleshooting.job
    - c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 15:12]

    2011-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-436374069-1708537768-1003Core.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-19 20:20]

    2011-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-436374069-1708537768-1003UA.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-19 20:20]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-22 16:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2011-01-22 16:18:31
    ComboFix-quarantined-files.txt 2011-01-22 16:18

    Pre-Run: 16,905,404,416 bytes free
    Post-Run: 16,919,961,600 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - 92B5C76C96E800557C9723401CC17B18

    thanks again.
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/976113

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice