Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Browser hi-Jack! Please help!

2K views 8 replies 2 participants last post by  dvk01 
#1 ·
Hallo there..
I have what I think is a browser hi-jack, in that an internet explorer browser page comes and goes
advertising various dubious web tools and services.. Ive tried to blast it with spybot and Malwarebytes' Anti-Malware - with latest updates, but its still here. I hope someone can assist..

Thanks in advance

Im posting HijackThis, DDS and GMER and attaching attach file

HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:29:55, on 21/01/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Avast\avastUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast\AvastSvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 4636 bytes

DDS

DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 21:58:08.88 on 21/01/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.117 [GMT 0:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Avast\avastUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [c:\program files\netmeter\netmeter.exe] c:\program files\netmeter\NetMeter.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avast5] "c:\program files\avast\avastUI.exe" /nogui
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRunServices: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-28 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-28 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast\AvastSvc.exe [2010-11-28 40384]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
R3 EchoIndigoDJ;Echo Indigo dj Service;c:\windows\system32\drivers\echondgo.sys [2007-2-8 147840]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]

=============== Created Last 30 ================

2011-01-21 21:04:05 1612 ---ha-w- C:\aaw7boot.cmd
2011-01-20 19:39:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-20 19:39:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-20 19:39:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-20 19:35:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-20 19:35:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-01-20 19:29:44 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-20 19:16:11 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Sunbelt Software
2011-01-20 09:07:19 604672 ----a-w- c:\program files\windows media player\trillian.exe
2010-12-23 13:18:44 -------- d-----w- c:\program files\Ashampoo

==================== Find3M ====================

2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr

============= FINISH: 21:58:59.63 ===============

GMER - ark

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-21 23:15:04
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e FUJITSU_MHT2040AH rev.006C
Running: cw2hubq3.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdapod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xEFBD1728]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xEFBD87EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xEFBD86A2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xEFBD8CA8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xEFBD8BBE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xEFBD8276]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xEFBD17D8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xEFBD877E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xEFBD81B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xEFBD8218]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xEFBD1870]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xEFBD88C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEFBD8D76]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xEFBD8880]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xEFBD8A04]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEFBE582E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xEFBE5652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xEFBE578C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + B3 804E2D84 4 Bytes JMP A7EFBD87
PAGE ntoskrnl.exe!ObInsertObject 805648A3 5 Bytes JMP EFBE2C88 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!NtCreateSection 80564B1B 7 Bytes JMP EFBE5656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 805885D3 7 Bytes JMP EFBE5832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A2BF9 5 Bytes JMP EFBE11EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A6B26 7 Bytes JMP EFBE5790 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe[116] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Avast\AvastSvc.exe[348] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[356] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[356] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[356] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[356] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[356] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[528] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[956] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[956] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[956] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[956] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[956] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[956] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[956] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[956] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[956] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[956] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[956] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[956] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[956] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[956] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[956] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[1196] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[1196] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[1196] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[1196] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[1196] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[1196] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[1196] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[1196] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[1196] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[1196] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[1196] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[1196] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[1196] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[1196] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[1196] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[1256] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[1256] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[1256] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[1256] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[1256] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[1256] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[1256] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[1256] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[1256] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[1256] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[1256] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[1256] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[1256] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[1256] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[1256] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[1268] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[1268] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[1268] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[1268] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[1268] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[1268] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[1268] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[1268] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[1268] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[1268] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[1268] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[1268] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[1268] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[1268] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[1268] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1440] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Dell\QuickSet\quickset.exe[1448] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Dell\QuickSet\quickset.exe[1448] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Dell\QuickSet\quickset.exe[1448] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Dell\QuickSet\quickset.exe[1448] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Dell\QuickSet\quickset.exe[1448] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Dell\QuickSet\quickset.exe[1448] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\hkcmd.exe[1468] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\hkcmd.exe[1468] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\hkcmd.exe[1468] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\hkcmd.exe[1468] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\hkcmd.exe[1468] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\hkcmd.exe[1468] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\hkcmd.exe[1468] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\hkcmd.exe[1468] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\hkcmd.exe[1468] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\hkcmd.exe[1468] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\hkcmd.exe[1468] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\hkcmd.exe[1468] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\hkcmd.exe[1468] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\hkcmd.exe[1468] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\hkcmd.exe[1468] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1508] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1532] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1584] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1608] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1608] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1608] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1608] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1608] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1608] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1608] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1608] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1608] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1608] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1608] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1608] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1608] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1608] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1608] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NetMeter\NetMeter.exe[1616] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NetMeter\NetMeter.exe[1616] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NetMeter\NetMeter.exe[1616] advapi32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NetMeter\NetMeter.exe[1616] advapi32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NetMeter\NetMeter.exe[1616] advapi32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NetMeter\NetMeter.exe[1616] advapi32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NetMeter\NetMeter.exe[1616] advapi32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NetMeter\NetMeter.exe[1616] advapi32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NetMeter\NetMeter.exe[1616] advapi32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NetMeter\NetMeter.exe[1616] advapi32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NetMeter\NetMeter.exe[1616] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NetMeter\NetMeter.exe[1616] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NetMeter\NetMeter.exe[1616] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NetMeter\NetMeter.exe[1616] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NetMeter\NetMeter.exe[1616] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1632] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1632] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1632] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1632] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1632] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1632] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1632] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1632] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1696] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Executive Software\Diskeeper\DkService.exe[1784] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1880] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1880] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1880] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1880] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1880] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1880] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[1916] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[1916] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[1916] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[1916] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[1916] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[1916] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[1916] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[1916] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[1916] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[1916] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[1916] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[1916] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[1916] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[1916] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[1916] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe[2216] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\Owner\My Documents\Downloads\Hi-jack Helping Tools\cw2hubq3.exe[2328] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2460] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2460] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2460] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2460] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2460] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2460] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2460] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2460] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2460] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2460] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2460] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2460] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2460] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2460] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2460] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3312] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3400] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3400] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3400] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3400] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3400] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3400] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3400] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3400] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3400] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3400] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3400] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3400] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3400] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3400] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3400] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] USER32.dll!SetWinEventHook 77D6E3D3 4 Bytes JMP 64D0B720 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] USER32.dll!SetWindowsHookExW 77D6E621 4 Bytes JMP 64D0BB30 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3908] USER32.dll!SetWindowsHookExA 77D702B2 4 Bytes JMP 64D0B9B0 C:\Program Files\Avast\snxhk.dll (avast! snxhk/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

plus attach attached..
 

Attachments

See less See more
#3 ·
why are you still using SP2 when you should be on SP3 by now

Please run the MGA Diagnostic Tool and post back the report it creates:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.
 
#4 ·
thanks for getting back..heres the MGA report

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Validation Control not Installed
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 76477-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.2.0.hom
ID: {16523C3C-6C64-49FD-811B-D5FC00AE2B2E}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{16523C3C-6C64-49FD-811B-D5FC00AE2B2E}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>76477-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-527237240-436374069-1708537768</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Inspiron 1150 </Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A05</Version><SMBIOSVersion major="2" minor="3"/><Date>20040820000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>04263C07018400D2</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: A000:Dell Inc|A000:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A
 
#6 ·
ok DDS here:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 15:28:39.66 on 22/01/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.167 [GMT 0:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Avast\avastUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\MGADiag.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [c:\program files\netmeter\netmeter.exe] c:\program files\netmeter\NetMeter.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avast5] "c:\program files\avast\avastUI.exe" /nogui
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRunServices: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-28 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-28 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast\AvastSvc.exe [2010-11-28 40384]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
R3 EchoIndigoDJ;Echo Indigo dj Service;c:\windows\system32\drivers\echondgo.sys [2007-2-8 147840]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]

=============== Created Last 30 ================

2011-01-21 21:04:05 1612 ---ha-w- C:\aaw7boot.cmd
2011-01-20 19:39:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-20 19:39:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-20 19:39:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-20 19:35:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-20 19:35:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-01-20 19:29:44 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-20 19:16:11 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Sunbelt Software
2011-01-20 09:07:19 604672 ----a-w- c:\program files\windows media player\trillian.exe

==================== Find3M ====================

2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr

============= FINISH: 15:29:31.70 ===============

Attach here:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 18/11/2010 20:32:50
System Uptime: 22/01/2011 14:12:49 (1 hours ago)

Motherboard: Dell Computer Corporation | | 0K3227
Processor: Intel(R) Celeron(R) CPU 2.60GHz | Microprocessor | 2597/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 15.21 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP42: 02/12/2010 09:40:59 - System Checkpoint
RP43: 03/12/2010 17:37:36 - System Checkpoint
RP44: 04/12/2010 18:18:57 - System Checkpoint
RP45: 05/12/2010 19:32:09 - System Checkpoint
RP46: 06/12/2010 20:40:28 - System Checkpoint
RP47: 07/12/2010 21:15:49 - System Checkpoint
RP48: 08/12/2010 21:18:50 - System Checkpoint
RP49: 10/12/2010 12:40:21 - System Checkpoint
RP50: 11/12/2010 16:05:02 - System Checkpoint
RP51: 13/12/2010 15:31:57 - System Checkpoint
RP52: 14/12/2010 17:15:08 - System Checkpoint
RP53: 15/12/2010 17:38:02 - System Checkpoint
RP54: 16/12/2010 15:54:12 - Installed EPSON TWAIN 5
RP55: 16/12/2010 15:58:02 - Unsigned driver install
RP56: 17/12/2010 16:26:44 - System Checkpoint
RP57: 18/12/2010 17:22:44 - System Checkpoint
RP58: 19/12/2010 23:50:08 - System Checkpoint
RP59: 21/12/2010 13:05:03 - System Checkpoint
RP60: 23/12/2010 10:34:53 - System Checkpoint
RP61: 24/12/2010 10:49:33 - System Checkpoint
RP62: 28/12/2010 19:49:22 - System Checkpoint
RP63: 29/12/2010 22:02:06 - System Checkpoint
RP64: 31/12/2010 07:16:22 - System Checkpoint
RP65: 01/01/2011 09:08:16 - System Checkpoint
RP66: 02/01/2011 09:09:18 - System Checkpoint
RP67: 03/01/2011 11:08:56 - System Checkpoint
RP68: 04/01/2011 13:39:01 - System Checkpoint
RP69: 05/01/2011 14:43:45 - System Checkpoint
RP70: 06/01/2011 14:54:28 - System Checkpoint
RP71: 08/01/2011 10:54:10 - System Checkpoint
RP72: 11/01/2011 19:53:44 - System Checkpoint
RP73: 13/01/2011 17:12:43 - System Checkpoint
RP74: 14/01/2011 18:03:13 - System Checkpoint
RP75: 15/01/2011 19:19:47 - System Checkpoint
RP76: 16/01/2011 20:03:18 - System Checkpoint
RP77: 17/01/2011 21:28:03 - System Checkpoint
RP78: 18/01/2011 21:56:40 - System Checkpoint
RP79: 20/01/2011 00:15:10 - System Checkpoint
RP80: 21/01/2011 00:28:42 - System Checkpoint
RP81: 22/01/2011 15:08:13 - System Checkpoint

==== Installed Programs ======================

µTorrent
Adobe Reader X
Advanced Directory Printer
Ashampoo WinOptimizer 4.35
avast! Free Antivirus
Broadcom 440x 10/100 Integrated Controller
Conexant D480 MDC V.9x Modem
Dell ResourceCD
Diskeeper 2009 Pro Premier
Diskeeper Professional Edition
DivX Setup
Echo Indigo
EPSON SMART PANEL for Scanner
EPSON TWAIN 5
Free Download Manager 3.0
Google Chrome
Intel(R) Extreme Graphics 2 Driver
LightScribe 1.4.39.1
Malwarebytes' Anti-Malware
MediaMonkey 3.2
Microsoft Office 97, Professional Edition
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Nero Mega Plugin Pack
Nero Suite
NetMeter 1.1.3
OE Tweaker
PeerBlock 1.1 (r518)
QuickSet
QuickTime Alternative 2.4.0
RealPlayer
Samsung ML-1520 Series
SigmaTel AC97 Audio Drivers
Spybot - Search & Destroy
Stay Connected!
TextBridge Pro 8.0
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Installer 3.1 (KB893803)
WinRAR archiver
Xiph.Org Open Codecs 0.84.17359

==== Event Viewer Messages From Past Week ========

21/01/2011 22:35:07, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
21/01/2011 22:03:37, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
21/01/2011 17:49:17, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
20/01/2011 01:26:15, error: Service Control Manager [7034] - The TuneUp Drive Defrag Service service terminated unexpectedly. It has done this 1 time(s).
18/01/2011 17:45:48, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 000F1F2AA369 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================
 
#7 ·
step 1

Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

let it cure anything it fnds & then reboot

post back with its log

then

Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Here or Hereto your Desktop.
As you download it rename it to username123.exe

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on combofix.exe & follow the prompts.​
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues
 
#8 ·
Thanks for getting back..well I think its gone!.. ive waited 24 hours to be sure.and it seems gone..here's the logs of the TDSS killer ,which didn't find anything and the combofix which i guess did the trick...i will wait a day more then change post to solved.
Please check the logs below in case there's still something lurking..
thanks very much for your assistance.

TDSSKiller

2011/01/22 15:50:08.0095 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2011/01/22 15:50:08.0095 ================================================================================
2011/01/22 15:50:08.0095 SystemInfo:
2011/01/22 15:50:08.0095
2011/01/22 15:50:08.0095 OS Version: 5.1.2600 ServicePack: 2.0
2011/01/22 15:50:08.0095 Product type: Workstation
2011/01/22 15:50:08.0095 ComputerName: DAVID
2011/01/22 15:50:08.0125 UserName: Owner
2011/01/22 15:50:08.0125 Windows directory: C:\WINDOWS
2011/01/22 15:50:08.0125 System windows directory: C:\WINDOWS
2011/01/22 15:50:08.0125 Processor architecture: Intel x86
2011/01/22 15:50:08.0125 Number of processors: 1
2011/01/22 15:50:08.0125 Page size: 0x1000
2011/01/22 15:50:08.0125 Boot type: Normal boot
2011/01/22 15:50:08.0125 ================================================================================
2011/01/22 15:50:08.0546 Initialize success
2011/01/22 15:50:13.0002 ================================================================================
2011/01/22 15:50:13.0002 Scan started
2011/01/22 15:50:13.0002 Mode: Manual;
2011/01/22 15:50:13.0002 ================================================================================
2011/01/22 15:50:14.0885 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/01/22 15:50:15.0145 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/22 15:50:15.0245 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/22 15:50:15.0365 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/01/22 15:50:15.0466 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/01/22 15:50:15.0996 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/01/22 15:50:16.0076 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/01/22 15:50:16.0117 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/01/22 15:50:16.0207 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/01/22 15:50:16.0297 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/01/22 15:50:16.0367 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/22 15:50:16.0447 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/22 15:50:16.0577 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/22 15:50:16.0647 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/22 15:50:16.0757 bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/01/22 15:50:16.0888 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/22 15:50:16.0998 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/22 15:50:17.0118 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/22 15:50:17.0198 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/22 15:50:17.0278 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/22 15:50:17.0368 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/22 15:50:17.0428 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/22 15:50:17.0679 DgiVecp (1ec27a51a2f9df052bc2b4c8376c8fea) C:\WINDOWS\system32\Drivers\DgiVecp.sys
2011/01/22 15:50:17.0749 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/22 15:50:17.0879 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/22 15:50:17.0979 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/22 15:50:18.0069 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/22 15:50:18.0149 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/22 15:50:18.0270 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/22 15:50:18.0330 EchoIndigoDJ (def9c66faecc4e6d50ae1cc3db2e2ea6) C:\WINDOWS\system32\drivers\echondgo.sys
2011/01/22 15:50:18.0450 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/22 15:50:18.0510 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/22 15:50:18.0570 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/22 15:50:18.0630 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/22 15:50:18.0740 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/22 15:50:18.0810 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/22 15:50:18.0911 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/22 15:50:18.0981 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/22 15:50:19.0101 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/22 15:50:19.0221 HSFHWICH (c2a7d9109b7f10a455d13b2432837b16) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/01/22 15:50:19.0331 HSF_DP (9a0d0c461ef2b3d80cb7875b4b995e47) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/01/22 15:50:19.0491 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/22 15:50:19.0702 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/22 15:50:19.0822 ialm (43d989987efa0056ad04e1d8996c5567) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/01/22 15:50:19.0952 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/22 15:50:20.0092 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/22 15:50:20.0142 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/22 15:50:20.0192 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/22 15:50:20.0293 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/22 15:50:20.0373 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/22 15:50:20.0453 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/22 15:50:20.0513 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/22 15:50:20.0603 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/22 15:50:20.0653 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/22 15:50:20.0703 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/22 15:50:20.0773 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/22 15:50:20.0883 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/22 15:50:21.0044 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/01/22 15:50:21.0124 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/22 15:50:21.0204 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/22 15:50:21.0274 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/22 15:50:21.0354 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/22 15:50:21.0404 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/22 15:50:21.0514 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/22 15:50:21.0614 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/22 15:50:21.0765 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/22 15:50:21.0845 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/22 15:50:21.0885 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/22 15:50:21.0945 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/22 15:50:22.0015 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/22 15:50:22.0065 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/22 15:50:22.0135 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/22 15:50:22.0225 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/22 15:50:22.0275 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/22 15:50:22.0325 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/22 15:50:22.0376 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/22 15:50:22.0416 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/22 15:50:22.0486 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/22 15:50:22.0586 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/22 15:50:22.0686 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/22 15:50:22.0846 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/22 15:50:22.0946 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/22 15:50:22.0986 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/22 15:50:23.0057 OMCI (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/01/22 15:50:23.0127 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/01/22 15:50:23.0187 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/22 15:50:23.0277 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/22 15:50:23.0387 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/22 15:50:23.0477 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/22 15:50:23.0557 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/01/22 15:50:23.0878 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/22 15:50:23.0938 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/22 15:50:24.0028 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/22 15:50:24.0318 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/22 15:50:24.0418 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/22 15:50:24.0489 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/22 15:50:24.0539 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/22 15:50:24.0609 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/22 15:50:24.0669 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/22 15:50:24.0759 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/22 15:50:24.0819 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/22 15:50:24.0939 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/22 15:50:25.0029 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/01/22 15:50:25.0069 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/22 15:50:25.0210 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/22 15:50:25.0330 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/22 15:50:25.0510 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/22 15:50:25.0610 STAC97 (b3034de9020cde2c46f653d972446bf2) C:\WINDOWS\system32\drivers\stac97.sys
2011/01/22 15:50:25.0720 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/22 15:50:25.0770 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/22 15:50:25.0961 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/22 15:50:26.0051 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/22 15:50:26.0141 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/22 15:50:26.0191 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/22 15:50:26.0271 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/22 15:50:26.0491 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
2011/01/22 15:50:26.0602 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/22 15:50:26.0712 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/22 15:50:26.0802 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/22 15:50:26.0862 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/22 15:50:26.0922 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/22 15:50:26.0992 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/22 15:50:27.0052 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/22 15:50:27.0132 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/22 15:50:27.0273 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/01/22 15:50:27.0423 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/22 15:50:27.0543 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/22 15:50:27.0663 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/22 15:50:27.0773 winachsf (ce545a84bf3411e7516fa8da51ad9d93) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/01/22 15:50:28.0264 ================================================================================
2011/01/22 15:50:28.0264 Scan finished
2011/01/22 15:50:28.0264 ================================================================================

Combofix

ComboFix 11-01-21.03 - Owner 22/01/2011 16:07:42.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.313 [GMT 0:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Windows Media Player\1.txt
c:\program files\Windows Media Player\2.txt

.
((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 )))))))))))))))))))))))))))))))
.

2011-01-22 14:20 . 2011-01-22 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-01-21 21:04 . 2011-01-21 21:04 1612 ---ha-w- C:\aaw7boot.cmd
2011-01-20 19:39 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-20 19:39 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-20 19:39 . 2011-01-20 19:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-20 19:35 . 2011-01-21 17:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-20 19:35 . 2011-01-21 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-01-20 19:29 . 2011-01-20 19:29 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-20 19:23 . 2011-01-20 19:23 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
2011-01-20 19:16 . 2011-01-20 19:16 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sunbelt Software
2011-01-20 19:13 . 2011-01-21 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-01-20 09:07 . 2009-03-13 13:13 604672 ----a-w- c:\program files\Windows Media Player\trillian.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-11-28 13:51 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-11-28 13:51 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-11-28 13:52 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-11-28 13:52 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-11-28 13:52 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-11-28 13:52 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-11-28 13:52 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-11-28 13:52 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-11-28 13:52 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-11-19 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-25 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-25 118784]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-03-04 487424]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"avast5"="c:\program files\Avast\avastUI.exe" [2011-01-13 3396624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-11-30 180269]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON SMART PANEL for Scanner.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON SMART PANEL for Scanner.lnk
backup=c:\windows\pss\EPSON SMART PANEL for Scanner.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 12:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2005-07-26 17:52 184408 ----a-w- c:\program files\Executive Software\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-11-19 20:20 133104 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 01:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SigmaTel StacMon"=c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/11/2010 13:52 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/11/2010 13:52 17744]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30/10/2009 15:05 1021256]
R3 EchoIndigoDJ;Echo Indigo dj Service;c:\windows\system32\drivers\echondgo.sys [08/02/2007 17:52 147840]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25
*Deregistered* - klmd25

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2011-01-22 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 15:12]

2011-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-436374069-1708537768-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-19 20:20]

2011-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-436374069-1708537768-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-19 20:20]
.
.
------- Supplementary Scan -------
.
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-22 16:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2011-01-22 16:18:31
ComboFix-quarantined-files.txt 2011-01-22 16:18

Pre-Run: 16,905,404,416 bytes free
Post-Run: 16,919,961,600 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 92B5C76C96E800557C9723401CC17B18

thanks again.
 
#9 ·
*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top