1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

firefox being hijacked/redirects

Discussion in 'Virus & Other Malware Removal' started by cordelia0704, Jan 29, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. cordelia0704

    cordelia0704 Thread Starter

    Joined:
    Jan 28, 2011
    Messages:
    17
    I noticed earleir today that my computer was popping up new tabs with ads that shouldn't be there, and redirecting me to strange ad/search pages all over the internet.
    I ran the following programs:
    ccleaner
    malware bytes
    spybot search and destroy
    avast antivirus
    all of those programs are up to date and they all came up clean

    so i went through your forums and these are my logs, I'm hoping someone can help me fix this problem.
    I honestly hate not being able to fix these things myself
    Thanks for any help you can provide


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:49:12 PM, on 1/28/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18999)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\VERIZONDM\bin\sprtcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Users\Cordelia\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Cordelia\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0810&m=aspire_7730z
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0810&m=aspire_7730z
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0810&m=aspire_7730z
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0810&m=aspire_7730z
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
    O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: vzTCPConfig - http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
    O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - http://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
    O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} -
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: acaptuser32.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\sprtsvc.exe
    O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\tgsrvc.exe

    --
    End of file - 9361 bytes


    DS (Ver_10-12-12.02) - NTFSx86
    Run by Cordelia at 23:59:09.48 on Fri 01/28/2011
    Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_22
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1976.794 [GMT -5:00]

    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\VERIZONDM\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\VERIZONDM\bin\tgsrvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\Explorer.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Users\Cordelia\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Cordelia\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0810&m=aspire_7730z
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0810&m=aspire_7730z
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0810&m=aspire_7730z
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0810&m=aspire_7730z
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
    TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
    mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: acaptuser32.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\cordelia\appdata\roaming\mozilla\firefox\profiles\ictbtojd.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
    FF - plugin: c:\users\cordelia\appdata\roaming\mozilla\plugins\npatgpc.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-3 294608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-3 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-3 51280]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]
    R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 98304]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-16 1153368]
    R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2010-9-29 206120]
    R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2010-9-29 185640]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-11-25 81296]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    S3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [2010-9-20 15896]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2011-01-29 04:00:39 388096 ----a-r- c:\users\cordelia\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-29 04:00:39 -------- d-----w- c:\program files\Trend Micro
    2011-01-29 03:39:36 98816 ----a-w- c:\windows\sed.exe
    2011-01-29 03:39:36 89088 ----a-w- c:\windows\MBR.exe
    2011-01-29 03:39:36 256512 ----a-w- c:\windows\PEV.exe
    2011-01-29 03:39:36 161792 ----a-w- c:\windows\SWREG.exe
    2011-01-29 03:39:33 -------- d-s---w- C:\ComboFix
    2011-01-28 19:30:31 -------- d-----w- c:\users\cordelia\appdata\roaming\Malwarebytes
    2011-01-28 19:30:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-28 19:30:20 -------- d-----w- c:\progra~2\Malwarebytes
    2011-01-28 19:30:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-28 19:30:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-28 06:38:40 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{5d37978b-6743-4dde-b862-5d6f5523ccff}\mpengine.dll
    2011-01-23 23:08:31 306688 ----a-w- c:\windows\IsUninst.exe
    2011-01-21 06:44:22 -------- d-----w- c:\progra~2\.cookn
    2011-01-21 06:38:12 -------- d-----w- c:\program files\Cook'n9
    2011-01-18 13:47:44 413696 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-18 13:47:43 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2011-01-18 13:47:43 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
    2011-01-18 13:47:43 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
    2011-01-18 13:47:43 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
    2011-01-18 13:47:43 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
    2011-01-18 13:47:41 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2010-12-30 05:44:50 -------- d-----w- c:\users\cordelia\appdata\local\Emerald Editor Community
    2010-12-30 05:44:17 -------- d-----w- c:\program files\Emerald Editor Community

    ==================== Find3M ====================

    2010-12-31 20:06:36 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-25 06:06:15 0 ----a-w- c:\windows\BETTY.REG
    2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: WDC_WD16 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x870C5735]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x870cb990]; MOV EAX, [0x870cba0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x82A4C962] -> \Device\Harddisk0\DR0[0x86B30AC8]
    3 CLASSPNP[0x889AB8B3] -> ntkrnlpa!IofCallDriver[0x82A4C962] -> [0x8500C358]
    5 acpi[0x806996BC] -> ntkrnlpa!IofCallDriver[0x82A4C962] -> [0x859AA028]
    \Driver\iaStor[0x870AE9C8] -> IRP_MJ_CREATE -> 0x870C5735
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD1600BEVT-22ZCT0___________________11.01A11#4&dc9b4ff&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    ============= FINISH: 0:00:21.11 ===============

    This is the quick scan from gmer, I wasn't sure from the directions if you wanted to quick scan
    or the full scan, if you need the full scan let me know I have that as well its just very very long.
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-01-29 00:02:31
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD16 rev.11.0
    Running: ij57hl1o.exe; Driver: C:\Users\Cordelia\AppData\Local\Temp\kxtdikob.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8DE8582E]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8DE85652]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8DE8578C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD1600BEVT-22ZCT0___________________11.01A11#4&dc9b4ff&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. cordelia0704

    cordelia0704 Thread Starter

    Joined:
    Jan 28, 2011
    Messages:
    17
    I should probably also mention that I attempted to run combofix 3 times (I have used this program before and never had a problem with it, on this very computer) and it crashed my system all 3 times. I got a blue screen that I wasn't able to read fast enough before it shut down my system and restarted it. I'm assuming this has something to do with whatever virus I'm managed to get on my computer.

    ----
    Longer ark scan file just in case:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-29 00:24:11
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD16 rev.11.0
    Running: ij57hl1o.exe; Driver: C:\Users\Cordelia\AppData\Local\Temp\kxtdikob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8DE8582E]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8DE85652]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8DE8578C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntkrnlpa.exe!ZwLoadDriver 82B73DF0 7 Bytes JMP 8DE85790 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82BDF28F 5 Bytes JMP 8DE811EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 82C38063 5 Bytes JMP 8DE82C88 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!NtCreateSection 82C39905 7 Bytes JMP 8DE85656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 82C9990A 7 Bytes JMP 8DE85832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    ? C:\Users\Cordelia\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\System32\spoolsv.exe[300] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[300] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[300] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[300] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[300] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[300] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[300] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[300] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[300] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[300] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[300] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[300] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[300] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[300] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\spoolsv.exe[300] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[360] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[360] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[360] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[360] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[360] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[360] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[360] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[360] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[564] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[564] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[564] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[564] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[564] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[564] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[564] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[564] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[564] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[564] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[564] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[564] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[564] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[564] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[564] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[732] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[732] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[732] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[732] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[732] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[732] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[732] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[732] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[732] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[732] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[732] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[732] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[732] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[732] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\wininit.exe[732] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[776] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[776] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[776] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[776] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[776] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[776] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[776] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[776] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[776] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[776] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[776] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[776] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[776] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[776] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\services.exe[776] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[804] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[804] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[804] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[804] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[804] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[804] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[804] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsass.exe[804] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[812] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[812] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[812] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[812] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[812] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[812] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[812] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\lsm.exe[812] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[840] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[840] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[840] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[840] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[840] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[840] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[840] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[840] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[840] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[840] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[840] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\winlogon.exe[840] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1000] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1000] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1000] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1076] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1076] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1076] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1076] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1076] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1076] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1116] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1116] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1116] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1116] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1116] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1116] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1116] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1116] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1164] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1164] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1164] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1164] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1164] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1164] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1164] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1164] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1164] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1164] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1164] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1164] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1164] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1164] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1164] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1208] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1208] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1208] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1280] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1280] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1280] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1280] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1280] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1280] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1280] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1280] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1280] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1280] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[1280] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!NtProtectVirtualMemory 77074D34 5 Bytes JMP 00B2000A
    .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!NtWriteVirtualMemory 77075674 5 Bytes JMP 00B3000A
    .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!KiUserExceptionDispatcher 77075DC8 5 Bytes JMP 00B1000A
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1300] ole32.dll!CoCreateInstance 75DE9F3E 5 Bytes JMP 00D0000A
    .text C:\Windows\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1300] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1300] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1300] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1300] USER32.dll!GetCursorPos 75C50B88 5 Bytes JMP 0147000A
    .text C:\Windows\system32\agrsmsvc.exe[1344] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\agrsmsvc.exe[1344] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\agrsmsvc.exe[1344] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\agrsmsvc.exe[1344] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\agrsmsvc.exe[1344] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\agrsmsvc.exe[1344] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\agrsmsvc.exe[1344] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\agrsmsvc.exe[1344] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\agrsmsvc.exe[1344] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\agrsmsvc.exe[1344] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\agrsmsvc.exe[1344] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\agrsmsvc.exe[1344] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\agrsmsvc.exe[1344] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\agrsmsvc.exe[1344] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\agrsmsvc.exe[1344] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1448] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1448] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1448] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1448] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1448] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1448] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1448] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1528] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1528] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1528] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1528] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1528] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1528] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1528] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1528] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1604] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1604] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1604] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1604] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1604] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1604] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1604] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1604] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1604] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1604] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1604] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1604] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1604] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1604] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1604] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1680] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1680] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1680] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1680] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1680] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1680] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1680] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1680] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1680] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1680] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1680] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1680] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1680] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1680] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1680] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1724] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1724] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1724] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1724] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1724] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1724] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[1724] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1804] kernel32.dll!SetUnhandledExceptionFilter 7585A84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2216] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[2236] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[2236] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[2236] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[2236] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[2236] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[2236] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[2236] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[2236] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[2236] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[2236] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[2236] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[2236] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[2236] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[2236] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Motive\McciCMService.exe[2236] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2252] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2252] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2252] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2252] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2252] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2252] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2252] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2252] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2252] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2252] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2252] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2252] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2252] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2252] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2252] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2292] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2292] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2292] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2292] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2292] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2292] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2292] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2292] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2292] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2292] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2292] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2292] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2292] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2292] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2292] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2328] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[2360] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[2360] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[2360] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[2360] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[2360] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[2360] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[2360] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[2360] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[2360] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[2360] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[2360] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[2360] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[2360] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[2360] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtsvc.exe[2360] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2372] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2372] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2372] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2372] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2372] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2372] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2372] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2372] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2372] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2372] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2372] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2372] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2372] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2372] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\svchost.exe[2372] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[2408] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[2408] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[2408] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[2408] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[2408] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[2408] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[2408] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[2408] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[2408] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[2408] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[2408] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[2408] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[2408] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\tgsrvc.exe[2408] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2756] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2756] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2756] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2756] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2756] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2756] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2756] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2756] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2756] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2756] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2756] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2756] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2756] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2756] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2756] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchFilterHost.exe[2784] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchFilterHost.exe[2784] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchFilterHost.exe[2784] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchFilterHost.exe[2784] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchFilterHost.exe[2784] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchFilterHost.exe[2784] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchFilterHost.exe[2784] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchFilterHost.exe[2784] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchFilterHost.exe[2784] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchFilterHost.exe[2784] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchFilterHost.exe[2784] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchFilterHost.exe[2784] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchFilterHost.exe[2784] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchFilterHost.exe[2784] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchFilterHost.exe[2784] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[2804] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[2804] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[2804] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[2804] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[2804] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[2804] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[2804] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[2804] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[2804] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[2804] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[2804] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[2804] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[2804] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[2804] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\Dwm.exe[2804] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2828] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2828] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2828] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2828] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2828] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2828] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\taskeng.exe[2828] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2864] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2864] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2864] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2864] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2864] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2864] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2864] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2864] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2864] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2864] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2864] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2864] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2864] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2864] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnscfg.exe[2864] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2876] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2876] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2876] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2876] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2876] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2876] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2876] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2876] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2876] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2876] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2876] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2876] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2876] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2876] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[2876] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\Explorer.EXE[2904] ntdll.dll!NtProtectVirtualMemory 77074D34 5 Bytes JMP 00E0000A
    .text C:\Windows\Explorer.EXE[2904] ntdll.dll!NtWriteVirtualMemory 77075674 5 Bytes JMP 022D000A
    .text C:\Windows\Explorer.EXE[2904] ntdll.dll!KiUserExceptionDispatcher 77075DC8 5 Bytes JMP 00BF000A
    .text C:\Windows\Explorer.EXE[2904] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\Explorer.EXE[2904] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\Explorer.EXE[2904] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\Explorer.EXE[2904] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\Explorer.EXE[2904] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\Explorer.EXE[2904] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\Explorer.EXE[2904] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\Explorer.EXE[2904] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\Explorer.EXE[2904] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\Explorer.EXE[2904] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\Explorer.EXE[2904] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\Explorer.EXE[2904] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\Explorer.EXE[2904] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[2948] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[2948] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[2948] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[2948] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[2948] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[2948] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[2948] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[2948] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[2948] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[2948] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[2948] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[2948] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[2948] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[2948] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\SearchIndexer.exe[2948] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2992] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3056] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3056] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3056] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3056] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3056] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3056] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3056] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3056] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3056] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3056] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3056] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3056] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3056] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3056] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3056] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\RtHDVCpl.exe[3672] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\RtHDVCpl.exe[3672] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\RtHDVCpl.exe[3672] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\RtHDVCpl.exe[3672] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\RtHDVCpl.exe[3672] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\RtHDVCpl.exe[3672] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\RtHDVCpl.exe[3672] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\RtHDVCpl.exe[3672] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\RtHDVCpl.exe[3672] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\RtHDVCpl.exe[3672] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\RtHDVCpl.exe[3672] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\RtHDVCpl.exe[3672] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\RtHDVCpl.exe[3672] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\RtHDVCpl.exe[3672] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\RtHDVCpl.exe[3672] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[3688] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\igfxpers.exe[3696] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\igfxpers.exe[3696] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\igfxpers.exe[3696] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\igfxpers.exe[3696] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\igfxpers.exe[3696] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\igfxpers.exe[3696] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\igfxpers.exe[3696] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\igfxpers.exe[3696] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\igfxpers.exe[3696] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\igfxpers.exe[3696] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\igfxpers.exe[3696] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\igfxpers.exe[3696] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\igfxpers.exe[3696] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\igfxpers.exe[3696] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\igfxpers.exe[3696] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Verizon\McciTrayApp.exe[3720] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Verizon\McciTrayApp.exe[3720] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Verizon\McciTrayApp.exe[3720] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Verizon\McciTrayApp.exe[3720] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Verizon\McciTrayApp.exe[3720] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Verizon\McciTrayApp.exe[3720] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Verizon\McciTrayApp.exe[3720] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Verizon\McciTrayApp.exe[3720] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Verizon\McciTrayApp.exe[3720] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Verizon\McciTrayApp.exe[3720] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Verizon\McciTrayApp.exe[3720] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Verizon\McciTrayApp.exe[3720] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Verizon\McciTrayApp.exe[3720] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Verizon\McciTrayApp.exe[3720] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Verizon\McciTrayApp.exe[3720] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[3728] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[3728] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[3728] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[3728] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[3728] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[3728] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[3728] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[3728] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[3728] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[3728] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[3728] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[3728] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[3728] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[3728] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\VERIZONDM\bin\sprtcmd.exe[3728] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\igfxsrvc.exe[3820] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\igfxsrvc.exe[3820] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\igfxsrvc.exe[3820] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\igfxsrvc.exe[3820] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\igfxsrvc.exe[3820] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\igfxsrvc.exe[3820] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\igfxsrvc.exe[3820] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\igfxsrvc.exe[3820] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\igfxsrvc.exe[3820] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\igfxsrvc.exe[3820] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\igfxsrvc.exe[3820] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\igfxsrvc.exe[3820] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\igfxsrvc.exe[3820] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\igfxsrvc.exe[3820] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\igfxsrvc.exe[3820] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[3884] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[3884] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[3884] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[3884] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[3884] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[3884] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[3884] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[3884] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[3884] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[3884] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[3884] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[3884] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[3884] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[3884] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[3884] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\AppData\Local\Temp\RtkBtMnt.exe[4080] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\AppData\Local\Temp\RtkBtMnt.exe[4080] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\AppData\Local\Temp\RtkBtMnt.exe[4080] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\AppData\Local\Temp\RtkBtMnt.exe[4080] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\AppData\Local\Temp\RtkBtMnt.exe[4080] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\AppData\Local\Temp\RtkBtMnt.exe[4080] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\AppData\Local\Temp\RtkBtMnt.exe[4080] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\AppData\Local\Temp\RtkBtMnt.exe[4080] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\AppData\Local\Temp\RtkBtMnt.exe[4080] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\AppData\Local\Temp\RtkBtMnt.exe[4080] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\AppData\Local\Temp\RtkBtMnt.exe[4080] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\AppData\Local\Temp\RtkBtMnt.exe[4080] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\AppData\Local\Temp\RtkBtMnt.exe[4080] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\AppData\Local\Temp\RtkBtMnt.exe[4080] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\AppData\Local\Temp\RtkBtMnt.exe[4080] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4124] ntdll.dll!NtProtectVirtualMemory 77074D34 5 Bytes JMP 00B3000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4124] ntdll.dll!NtWriteVirtualMemory 77075674 5 Bytes JMP 00B4000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4124] ntdll.dll!KiUserExceptionDispatcher 77075DC8 5 Bytes JMP 00B2000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4124] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4124] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4124] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4124] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4124] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4124] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4124] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4124] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4124] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4124] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4124] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4124] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4124] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4360] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4360] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4360] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4360] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4360] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4360] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4360] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4360] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4360] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4360] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4360] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4360] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4360] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4360] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4360] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\Desktop\ij57hl1o.exe[4876] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\Desktop\ij57hl1o.exe[4876] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\Desktop\ij57hl1o.exe[4876] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\Desktop\ij57hl1o.exe[4876] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\Desktop\ij57hl1o.exe[4876] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\Desktop\ij57hl1o.exe[4876] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\Desktop\ij57hl1o.exe[4876] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\Desktop\ij57hl1o.exe[4876] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\Desktop\ij57hl1o.exe[4876] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\Desktop\ij57hl1o.exe[4876] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\Desktop\ij57hl1o.exe[4876] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\Desktop\ij57hl1o.exe[4876] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\Desktop\ij57hl1o.exe[4876] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\Desktop\ij57hl1o.exe[4876] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Users\Cordelia\Desktop\ij57hl1o.exe[4876] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5020] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5020] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5020] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5020] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5020] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5020] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5020] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5020] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5020] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5020] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5020] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5020] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5020] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5020] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5020] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5020] USER32.dll!TrackPopupMenu 75C514F3 5 Bytes JMP 66992342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Windows\System32\svchost.exe[5408] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[5408] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[5408] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[5408] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[5408] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[5408] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[5408] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[5408] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[5408] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[5408] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[5408] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[5408] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[5408] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[5408] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\System32\svchost.exe[5408] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[5688] ntdll.dll!LdrLoadDll 77039390 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[5688] ntdll.dll!LdrUnloadDll 7704BA50 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[5688] ADVAPI32.dll!CreateServiceW 75BA9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[5688] ADVAPI32.dll!DeleteService 75BAA07E 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[5688] ADVAPI32.dll!SetServiceObjectSecurity 75BE6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[5688] ADVAPI32.dll!ChangeServiceConfigA 75BE6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[5688] ADVAPI32.dll!ChangeServiceConfigW 75BE6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[5688] ADVAPI32.dll!ChangeServiceConfig2A 75BE7099 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[5688] ADVAPI32.dll!ChangeServiceConfig2W 75BE71E1 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[5688] ADVAPI32.dll!CreateServiceA 75BE72A1 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[5688] USER32.dll!SetWindowsHookExA 75C36322 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[5688] USER32.dll!SetWindowsHookExW 75C387AD 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[5688] USER32.dll!UnhookWindowsHookEx 75C398DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[5688] USER32.dll!SetWinEventHook 75C39F3A 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Windows\system32\notepad.exe[5688] USER32.dll!UnhookWinEvent 75C3C06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD1600BEVT-22ZCT0___________________11.01A11#4&dc9b4ff&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

    ---- EOF - GMER 1.0.15 ----
     
  3. cordelia0704

    cordelia0704 Thread Starter

    Joined:
    Jan 28, 2011
    Messages:
    17
    and now i can hear audio ads even when firefox is closed.
    this is completely crazy to me, it makes no sense at all
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya cordelia0704,

    Proceed as follows :-

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Post log in next reply,

    Kevin
     
  5. cordelia0704

    cordelia0704 Thread Starter

    Joined:
    Jan 28, 2011
    Messages:
    17
    2011/01/29 02:01:59.0576 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
    2011/01/29 02:01:59.0576 ================================================================================
    2011/01/29 02:01:59.0576 SystemInfo:
    2011/01/29 02:01:59.0576
    2011/01/29 02:01:59.0576 OS Version: 6.0.6002 ServicePack: 2.0
    2011/01/29 02:01:59.0576 Product type: Workstation
    2011/01/29 02:01:59.0576 ComputerName: CORDELIASPC
    2011/01/29 02:01:59.0576 UserName: Cordelia
    2011/01/29 02:01:59.0576 Windows directory: C:\Windows
    2011/01/29 02:01:59.0576 System windows directory: C:\Windows
    2011/01/29 02:01:59.0576 Processor architecture: Intel x86
    2011/01/29 02:01:59.0576 Number of processors: 2
    2011/01/29 02:01:59.0576 Page size: 0x1000
    2011/01/29 02:01:59.0576 Boot type: Normal boot
    2011/01/29 02:01:59.0576 ================================================================================
    2011/01/29 02:02:00.0496 Initialize success
    2011/01/29 02:02:43.0431 ================================================================================
    2011/01/29 02:02:43.0432 Scan started
    2011/01/29 02:02:43.0432 Mode: Manual;
    2011/01/29 02:02:43.0432 ================================================================================
    2011/01/29 02:02:45.0651 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/01/29 02:02:45.0834 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2011/01/29 02:02:45.0966 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2011/01/29 02:02:46.0015 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2011/01/29 02:02:46.0061 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2011/01/29 02:02:46.0215 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2011/01/29 02:02:46.0401 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
    2011/01/29 02:02:46.0578 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2011/01/29 02:02:46.0673 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/01/29 02:02:46.0787 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    2011/01/29 02:02:46.0955 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2011/01/29 02:02:47.0051 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    2011/01/29 02:02:47.0201 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2011/01/29 02:02:47.0274 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    2011/01/29 02:02:47.0413 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2011/01/29 02:02:47.0518 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2011/01/29 02:02:47.0720 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/01/29 02:02:47.0920 aswMonFlt (317f85fb68a3be507e9ccede5e6d9ee0) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/01/29 02:02:48.0112 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\Windows\system32\drivers\aswRdr.sys
    2011/01/29 02:02:48.0364 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\Windows\system32\drivers\aswSP.sys
    2011/01/29 02:02:48.0563 aswTdi (1408421505257846eb336feeef33352d) C:\Windows\system32\drivers\aswTdi.sys
    2011/01/29 02:02:48.0749 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/01/29 02:02:48.0889 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/01/29 02:02:49.0138 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
    2011/01/29 02:02:49.0364 b57nd60x (7d0f2bfa273831124fa08526af48af18) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/01/29 02:02:49.0528 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/01/29 02:02:49.0792 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2011/01/29 02:02:49.0933 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2011/01/29 02:02:50.0160 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/01/29 02:02:50.0230 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/01/29 02:02:50.0362 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/01/29 02:02:50.0630 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/01/29 02:02:50.0786 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/01/29 02:02:50.0863 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/01/29 02:02:51.0019 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/01/29 02:02:51.0170 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/01/29 02:02:51.0329 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/01/29 02:02:51.0624 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    2011/01/29 02:02:51.0730 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/01/29 02:02:51.0902 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/01/29 02:02:52.0060 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    2011/01/29 02:02:52.0212 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/01/29 02:02:52.0324 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2011/01/29 02:02:52.0451 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2011/01/29 02:02:52.0650 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2011/01/29 02:02:52.0833 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/01/29 02:02:53.0122 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    2011/01/29 02:02:53.0633 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    2011/01/29 02:02:53.0767 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    2011/01/29 02:02:53.0969 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/01/29 02:02:54.0748 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/01/29 02:02:54.0929 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/01/29 02:02:55.0138 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/01/29 02:02:55.0593 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
    2011/01/29 02:02:55.0758 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    2011/01/29 02:02:56.0237 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    2011/01/29 02:02:56.0765 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/01/29 02:02:57.0440 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/01/29 02:02:57.0624 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/01/29 02:02:57.0742 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/01/29 02:02:58.0049 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/01/29 02:02:58.0411 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/01/29 02:02:58.0623 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/01/29 02:02:58.0764 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/01/29 02:02:59.0435 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/01/29 02:02:59.0701 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/01/29 02:02:59.0883 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/01/29 02:03:00.0054 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/01/29 02:03:00.0402 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/01/29 02:03:00.0622 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/01/29 02:03:00.0832 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/01/29 02:03:00.0959 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    2011/01/29 02:03:01.0333 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/01/29 02:03:01.0548 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    2011/01/29 02:03:01.0705 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/01/29 02:03:01.0940 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/01/29 02:03:02.0091 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    2011/01/29 02:03:02.0361 igfx (0627fc0c422cd6e0f23e1b0d1d9f0899) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/01/29 02:03:02.0751 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/01/29 02:03:02.0964 INIDVD (8aeb8e0e8273b3ee181ea9ac5729cba6) C:\Windows\system32\DRIVERS\inidvd.sys
    2011/01/29 02:03:03.0157 IntcAzAudAddService (3cfa12fefea751dae7b8133a6ef3c0d9) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/01/29 02:03:03.0297 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2011/01/29 02:03:03.0638 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/01/29 02:03:03.0809 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/01/29 02:03:04.0720 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    2011/01/29 02:03:04.0948 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/01/29 02:03:05.0094 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/01/29 02:03:05.0628 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    2011/01/29 02:03:05.0814 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/01/29 02:03:05.0951 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/01/29 02:03:06.0196 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/01/29 02:03:06.0355 JMCR (858c550ebbd243826a2193262c1b54a3) C:\Windows\system32\DRIVERS\jmcr.sys
    2011/01/29 02:03:06.0493 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/01/29 02:03:06.0653 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/01/29 02:03:07.0182 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/01/29 02:03:07.0355 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/01/29 02:03:07.0558 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    2011/01/29 02:03:07.0748 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    2011/01/29 02:03:07.0916 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/01/29 02:03:08.0313 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/01/29 02:03:08.0462 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    2011/01/29 02:03:08.0647 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    2011/01/29 02:03:08.0814 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/01/29 02:03:09.0070 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/01/29 02:03:09.0246 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/01/29 02:03:09.0408 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/01/29 02:03:09.0543 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/01/29 02:03:09.0805 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    2011/01/29 02:03:09.0962 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/01/29 02:03:10.0117 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/01/29 02:03:10.0304 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    2011/01/29 02:03:10.0732 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    2011/01/29 02:03:10.0864 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/01/29 02:03:11.0009 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/01/29 02:03:11.0309 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/01/29 02:03:11.0567 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/01/29 02:03:11.0854 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    2011/01/29 02:03:12.0018 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    2011/01/29 02:03:12.0225 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/01/29 02:03:12.0410 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/01/29 02:03:12.0624 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/01/29 02:03:12.0800 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/01/29 02:03:12.0997 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/01/29 02:03:13.0161 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/01/29 02:03:13.0376 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/01/29 02:03:13.0548 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/01/29 02:03:13.0749 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/01/29 02:03:13.0959 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/01/29 02:03:14.0267 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/01/29 02:03:14.0458 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/01/29 02:03:14.0677 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/01/29 02:03:14.0857 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/01/29 02:03:15.0104 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/01/29 02:03:15.0270 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/01/29 02:03:15.0438 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/01/29 02:03:15.0637 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/01/29 02:03:15.0828 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/01/29 02:03:15.0942 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/01/29 02:03:16.0135 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/01/29 02:03:16.0412 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
    2011/01/29 02:03:16.0613 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/01/29 02:03:16.0822 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
    2011/01/29 02:03:17.0007 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/01/29 02:03:17.0182 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    2011/01/29 02:03:17.0361 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    2011/01/29 02:03:17.0751 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    2011/01/29 02:03:18.0318 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2011/01/29 02:03:18.0724 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/01/29 02:03:18.0949 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/01/29 02:03:19.0171 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/01/29 02:03:19.0390 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/01/29 02:03:19.0562 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    2011/01/29 02:03:19.0961 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/01/29 02:03:20.0215 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
    2011/01/29 02:03:20.0431 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/01/29 02:03:20.0782 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/01/29 02:03:21.0028 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    2011/01/29 02:03:21.0421 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/01/29 02:03:21.0643 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    2011/01/29 02:03:21.0851 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/01/29 02:03:22.0029 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/01/29 02:03:22.0212 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/01/29 02:03:22.0362 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/01/29 02:03:22.0509 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/01/29 02:03:22.0733 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/01/29 02:03:22.0975 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/01/29 02:03:23.0222 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/01/29 02:03:23.0541 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    2011/01/29 02:03:23.0708 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/01/29 02:03:23.0962 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/01/29 02:03:24.0149 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
    2011/01/29 02:03:24.0360 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
    2011/01/29 02:03:24.0631 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
    2011/01/29 02:03:24.0798 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/01/29 02:03:25.0198 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/01/29 02:03:25.0401 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/01/29 02:03:25.0571 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/01/29 02:03:25.0757 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/01/29 02:03:26.0003 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/01/29 02:03:26.0170 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/01/29 02:03:26.0404 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    2011/01/29 02:03:26.0626 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/01/29 02:03:26.0782 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    2011/01/29 02:03:26.0982 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/01/29 02:03:27.0228 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    2011/01/29 02:03:27.0429 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    2011/01/29 02:03:27.0652 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    2011/01/29 02:03:27.0935 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/01/29 02:03:28.0131 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/01/29 02:03:28.0476 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
    2011/01/29 02:03:28.0723 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
    2011/01/29 02:03:28.0972 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/01/29 02:03:29.0326 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/01/29 02:03:29.0523 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/01/29 02:03:29.0713 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/01/29 02:03:29.0891 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/01/29 02:03:30.0160 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/01/29 02:03:30.0660 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2011/01/29 02:03:30.0927 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/01/29 02:03:31.0095 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2011/01/29 02:03:31.0279 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/01/29 02:03:31.0435 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/01/29 02:03:31.0729 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/01/29 02:03:31.0869 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/01/29 02:03:32.0071 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/01/29 02:03:32.0285 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/01/29 02:03:32.0696 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/01/29 02:03:33.0106 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    2011/01/29 02:03:33.0275 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/01/29 02:03:33.0579 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    2011/01/29 02:03:33.0860 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    2011/01/29 02:03:34.0074 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/01/29 02:03:34.0231 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/01/29 02:03:34.0451 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/01/29 02:03:34.0640 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\Windows\system32\Drivers\usbaapl.sys
    2011/01/29 02:03:34.0971 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/01/29 02:03:35.0171 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/01/29 02:03:35.0321 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/01/29 02:03:35.0490 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/01/29 02:03:35.0663 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/01/29 02:03:35.0879 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/01/29 02:03:36.0098 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/01/29 02:03:36.0248 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/01/29 02:03:36.0971 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/01/29 02:03:37.0674 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2011/01/29 02:03:38.0302 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
    2011/01/29 02:03:38.0788 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/01/29 02:03:39.0259 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/01/29 02:03:39.0663 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    2011/01/29 02:03:39.0975 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    2011/01/29 02:03:40.0320 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    2011/01/29 02:03:41.0384 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/01/29 02:03:41.0879 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/01/29 02:03:42.0158 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/01/29 02:03:42.0313 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    2011/01/29 02:03:42.0501 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/01/29 02:03:42.0699 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/29 02:03:42.0977 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/29 02:03:43.0248 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    2011/01/29 02:03:43.0440 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/01/29 02:03:43.0714 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/01/29 02:03:43.0967 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/01/29 02:03:44.0136 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/01/29 02:03:44.0429 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/01/29 02:03:44.0495 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/01/29 02:03:44.0501 ================================================================================
    2011/01/29 02:03:44.0501 Scan finished
    2011/01/29 02:03:44.0501 ================================================================================
    2011/01/29 02:03:44.0518 Detected object count: 1
    2011/01/29 02:03:51.0757 \HardDisk0 - will be cured after reboot
    2011/01/29 02:03:51.0758 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/01/29 02:04:16.0053 Deinitialize success
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Please proceed as follows :-

    Step 1

    Download [​IMG] TFC to your desktop, from either of the following links
    Link 1
    Link 2
    • Make sure any open work is saved. TFC will close all open application windows.
    • Double-click TFC.exe to run the program.
    • If prompted, click "Yes" to reboot.
    TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

    Step 2

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Step 3

    Download [​IMG] from any of the following links and save to your Desktop:

    Link 1
    Link 2
    Link 3

    • Double click on the icon to run it. Vista and Windows 7 users right click and select Run as Administrator. Make sure all other windows are closed and to let it run uninterrupted.
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Under the Custom Scan box paste this in
      Code:
            netsvcs
            drivers32
            %SYSTEMDRIVE%\*.*
            %systemroot%\*. /mp /s
            CREATERESTOREPOINT
            %systemroot%\System32\config\*.sav
            HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

    What i`d like in your reply :-

    • Log from Malwarebytes Quick scan
    • OTL Txt
    • Extras Txt
    • System review, improvements? issues?

    Kevin
     
  7. cordelia0704

    cordelia0704 Thread Starter

    Joined:
    Jan 28, 2011
    Messages:
    17
    I tried putting all this in one post and it didn't get posted, so this make take 2 or so to get everything up here. so far I haven't heard anymore audio ads or been able to produce a redirect or a pop up, but the computer is running incredibly slow, not sure if there's something still running in the background or if i just need another reboot.

    otl.txt:

    OTL logfile created on: 1/29/2011 2:38:37 AM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Cordelia\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 69.52 Gb Total Space | 29.37 Gb Free Space | 42.25% Space Free | Partition Type: NTFS
    Drive D: | 69.52 Gb Total Space | 25.70 Gb Free Space | 36.97% Space Free | Partition Type: NTFS

    Computer Name: CORDELIASPC | User Name: Cordelia | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/29 02:37:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Cordelia\Desktop\OTL.exe
    PRC - [2011/01/29 02:25:56 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Cordelia\AppData\Local\Temp\RtkBtMnt.exe
    PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/12/10 08:36:30 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    PRC - [2010/12/10 08:36:29 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/10/13 17:06:34 | 000,098,304 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    PRC - [2010/09/29 06:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
    PRC - [2010/09/29 06:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
    PRC - [2010/09/29 05:59:56 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
    PRC - [2010/03/17 15:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/04/28 02:35:36 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/04/15 19:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/03/17 22:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/29 02:37:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Cordelia\Desktop\OTL.exe
    MOD - [2011/01/13 03:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
    MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    MOD - [2010/03/17 15:53:28 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/10/13 17:06:34 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
    SRV - [2010/09/29 06:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
    SRV - [2010/09/29 06:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
    SRV - [2010/08/05 20:47:53 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/03/17 22:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/01/13 03:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2009/12/17 17:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV - [2009/08/09 16:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
    DRV - [2009/08/05 09:25:28 | 000,015,896 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\inidvd.sys -- (INIDVD)
    DRV - [2008/07/28 02:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/07/10 21:20:10 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2008/04/28 03:26:42 | 002,127,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/04/20 22:07:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
    DRV - [2008/04/15 19:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2008/03/28 07:44:56 | 000,210,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2008/02/29 02:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2008/01/30 04:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2008/01/17 22:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0810&m=aspire_7730z
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0810&m=aspire_7730z

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0810&m=aspire_7730z
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0810&m=aspire_7730z
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en&source=iglk"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q="

    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/11 15:09:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/27 18:38:52 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/18 20:53:36 | 000,000,000 | ---D | M]

    [2010/08/25 17:04:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cordelia\AppData\Roaming\Mozilla\Extensions
    [2010/08/25 17:04:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cordelia\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2011/01/29 00:58:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cordelia\AppData\Roaming\Mozilla\Firefox\Profiles\ictbtojd.default\extensions
    [2010/12/13 09:26:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cordelia\AppData\Roaming\Mozilla\Firefox\Profiles\ictbtojd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/09/16 09:01:27 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Cordelia\AppData\Roaming\Mozilla\Firefox\Profiles\ictbtojd.default\extensions\[email protected]
    [2010/11/11 02:05:30 | 000,000,903 | ---- | M] () -- C:\Users\Cordelia\AppData\Roaming\Mozilla\Firefox\Profiles\ictbtojd.default\searchplugins\conduit.xml
    [2011/01/29 00:58:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/04 16:37:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/06 09:55:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/12/10 22:35:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/12/16 10:06:58 | 000,427,674 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 14729 more lines...
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
    O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Reg Error: Key error.)
    O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
    O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{21ae53fc-bc59-11df-8f59-00238b6c92ba}\Shell\AutoRun\command - "" = I:\Autorun.exe /run
    O33 - MountPoints2\{21ae53fc-bc59-11df-8f59-00238b6c92ba}\Shell\Shell00\Command - "" = I:\Autorun.exe /run
    O33 - MountPoints2\{21ae53fc-bc59-11df-8f59-00238b6c92ba}\Shell\Shell01\Command - "" = I:\Autorun.exe /action
    O33 - MountPoints2\{21ae53fc-bc59-11df-8f59-00238b6c92ba}\Shell\Shell02\Command - "" = I:\Autorun.exe /uninstall
    O33 - MountPoints2\{a5656ab6-b9eb-11df-a39e-00238b6c92ba}\Shell - "" = AutoRun
    O33 - MountPoints2\{a5656ab6-b9eb-11df-a39e-00238b6c92ba}\Shell\AutoRun\command - "" = H:\setup.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/29 02:37:23 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Cordelia\Desktop\OTL.exe
    [2011/01/29 02:22:10 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Cordelia\Desktop\TFC.exe
    [2011/01/29 01:57:46 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2011/01/29 00:43:21 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
    [2011/01/28 23:48:43 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Cordelia\Desktop\HijackThis.exe
    [2011/01/28 23:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/01/28 23:00:39 | 000,000,000 | ---D | C] -- C:\Users\Cordelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/01/28 22:39:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/01/28 22:39:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/01/28 22:39:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/01/28 22:39:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/01/28 22:39:33 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2011/01/28 22:39:14 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/28 22:38:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/01/28 22:27:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/01/28 14:30:31 | 000,000,000 | ---D | C] -- C:\Users\Cordelia\AppData\Roaming\Malwarebytes
    [2011/01/28 14:30:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/01/28 14:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/01/28 14:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/01/28 14:30:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/01/28 14:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/01/23 18:08:31 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
    [2011/01/21 01:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\.cookn
    [2011/01/21 01:40:23 | 000,000,000 | ---D | C] -- C:\Users\Cordelia\Documents\Cook'n9
    [2011/01/21 01:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\Cook'n9
    [2011/01/18 08:47:44 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
    [2011/01/18 08:47:41 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
    [2010/08/03 23:51:03 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Cordelia\AppData\Roaming\pcouffin.sys
    [2008/11/25 08:45:03 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/01/29 02:37:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Cordelia\Desktop\OTL.exe
    [2011/01/29 02:26:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/29 02:25:39 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/29 02:25:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/29 02:25:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/29 02:25:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/01/29 02:25:22 | 2072,899,584 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/29 02:22:12 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Cordelia\Desktop\TFC.exe
    [2011/01/29 02:00:47 | 000,000,942 | ---- | M] () -- C:\Users\Cordelia\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/01/29 01:55:20 | 001,125,260 | ---- | M] () -- C:\Users\Cordelia\Documents\CORDELIA_MFile.mud
    [2011/01/29 01:55:15 | 001,125,260 | ---- | M] () -- C:\Users\Cordelia\Documents\CORDELIA_MFile_bak.mud
    [2011/01/29 01:51:27 | 001,237,433 | ---- | M] () -- C:\Users\Cordelia\Desktop\tdsskiller.zip
    [2011/01/29 00:44:20 | 374,796,120 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/01/28 23:48:44 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Cordelia\Desktop\HijackThis.exe
    [2011/01/28 23:13:12 | 000,296,448 | ---- | M] () -- C:\Users\Cordelia\Desktop\ij57hl1o.exe
    [2011/01/28 23:05:44 | 000,624,128 | ---- | M] () -- C:\Users\Cordelia\Desktop\dds.scr
    [2011/01/28 23:00:39 | 000,001,954 | ---- | M] () -- C:\Users\Cordelia\Desktop\HiJackThis.lnk
    [2011/01/28 22:14:22 | 000,000,036 | ---- | M] () -- C:\Users\Cordelia\AppData\Local\housecall.guid.cache
    [2011/01/28 14:30:21 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/25 17:47:42 | 000,638,996 | ---- | M] () -- C:\Users\Cordelia\Desktop\oneforthemoney.pdf
    [2011/01/25 17:19:15 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/01/25 17:19:15 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/01/24 16:12:36 | 000,019,627 | ---- | M] () -- C:\Users\Cordelia\Desktop\156302_167504923288235_100000861851325_300223_1356306_n.jpg
    [2011/01/24 16:03:57 | 000,764,056 | ---- | M] () -- C:\Users\Cordelia\Desktop\Torn.pdf
    [2011/01/24 16:02:58 | 000,589,927 | ---- | M] () -- C:\Users\Cordelia\Desktop\ascend.pdf
    [2011/01/21 02:29:57 | 005,424,212 | ---- | M] () -- C:\Users\Cordelia\Desktop\ce-brochure.pdf
    [2011/01/21 02:09:54 | 000,000,090 | ---- | M] () -- C:\Windows\Cook'n99.ini
    [2011/01/21 01:41:59 | 000,000,431 | ---- | M] () -- C:\Windows\COOK'N5.INI
    [2011/01/21 01:40:30 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\Cook'n Recipe Browser.lnk
    [2011/01/18 08:38:10 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2011/01/16 17:05:18 | 000,014,706 | ---- | M] () -- C:\Users\Cordelia\Desktop\original mobs.xlsx
    [2011/01/16 16:57:50 | 000,039,017 | ---- | M] () -- C:\Users\Cordelia\Desktop\mob Resistances.xlsx
    [2011/01/15 17:33:23 | 000,065,235 | ---- | M] () -- C:\Users\Cordelia\Desktop\Photo-0132.jpg
    [2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2011/01/13 03:37:19 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2011/01/11 22:40:21 | 000,304,968 | ---- | M] () -- C:\Users\Cordelia\Desktop\fringe3.jpg
    [2011/01/11 22:40:13 | 000,393,328 | ---- | M] () -- C:\Users\Cordelia\Desktop\fringe2.jpg
    [2011/01/11 22:40:06 | 000,321,020 | ---- | M] () -- C:\Users\Cordelia\Desktop\fringe1.jpg
    [2011/01/10 12:01:09 | 000,061,796 | ---- | M] () -- C:\Users\Cordelia\Desktop\702745.jpg
    [2011/01/09 21:49:15 | 000,094,746 | ---- | M] () -- C:\Users\Cordelia\Desktop\Laura2.jpg
    [2011/01/08 19:19:21 | 000,000,016 | ---- | M] () -- C:\Windows\popcinfo.dat
    [2011/01/08 15:16:02 | 000,280,342 | ---- | M] () -- C:\Users\Cordelia\Desktop\Photo-0036.jpg
    [2011/01/04 19:58:16 | 000,073,851 | ---- | M] () -- C:\Users\Cordelia\Desktop\awakened.jpg
    [2010/12/31 15:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

    ========== Files Created - No Company Name ==========

    [2011/01/29 01:51:36 | 001,237,433 | ---- | C] () -- C:\Users\Cordelia\Desktop\tdsskiller.zip
    [2011/01/29 00:44:20 | 374,796,120 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/01/28 23:13:12 | 000,296,448 | ---- | C] () -- C:\Users\Cordelia\Desktop\ij57hl1o.exe
    [2011/01/28 23:05:33 | 000,624,128 | ---- | C] () -- C:\Users\Cordelia\Desktop\dds.scr
    [2011/01/28 23:00:39 | 000,001,954 | ---- | C] () -- C:\Users\Cordelia\Desktop\HiJackThis.lnk
    [2011/01/28 22:40:37 | 2072,899,584 | -HS- | C] () -- C:\hiberfil.sys
    [2011/01/28 22:39:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/01/28 22:39:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/01/28 22:39:36 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/01/28 22:39:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/01/28 22:39:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/01/28 22:14:22 | 000,000,036 | ---- | C] () -- C:\Users\Cordelia\AppData\Local\housecall.guid.cache
    [2011/01/28 14:30:21 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/25 17:42:55 | 000,638,996 | ---- | C] () -- C:\Users\Cordelia\Desktop\oneforthemoney.pdf
    [2011/01/24 16:12:34 | 000,019,627 | ---- | C] () -- C:\Users\Cordelia\Desktop\156302_167504923288235_100000861851325_300223_1356306_n.jpg
    [2011/01/24 15:42:09 | 000,589,927 | ---- | C] () -- C:\Users\Cordelia\Desktop\ascend.pdf
    [2011/01/24 15:35:46 | 000,764,056 | ---- | C] () -- C:\Users\Cordelia\Desktop\Torn.pdf
    [2011/01/21 02:29:55 | 005,424,212 | ---- | C] () -- C:\Users\Cordelia\Desktop\ce-brochure.pdf
    [2011/01/21 01:40:30 | 000,000,787 | ---- | C] () -- C:\Users\Public\Desktop\Cook'n Recipe Browser.lnk
    [2011/01/15 17:33:18 | 000,065,235 | ---- | C] () -- C:\Users\Cordelia\Desktop\Photo-0132.jpg
    [2011/01/11 22:40:20 | 000,304,968 | ---- | C] () -- C:\Users\Cordelia\Desktop\fringe3.jpg
    [2011/01/11 22:40:12 | 000,393,328 | ---- | C] () -- C:\Users\Cordelia\Desktop\fringe2.jpg
    [2011/01/11 22:40:03 | 000,321,020 | ---- | C] () -- C:\Users\Cordelia\Desktop\fringe1.jpg
    [2011/01/11 11:46:54 | 000,014,706 | ---- | C] () -- C:\Users\Cordelia\Desktop\original mobs.xlsx
    [2011/01/10 12:01:08 | 000,061,796 | ---- | C] () -- C:\Users\Cordelia\Desktop\702745.jpg
    [2011/01/09 21:49:10 | 000,094,746 | ---- | C] () -- C:\Users\Cordelia\Desktop\Laura2.jpg
    [2011/01/09 15:45:29 | 000,039,017 | ---- | C] () -- C:\Users\Cordelia\Desktop\mob Resistances.xlsx
    [2011/01/08 15:16:00 | 000,280,342 | ---- | C] () -- C:\Users\Cordelia\Desktop\Photo-0036.jpg
    [2011/01/04 19:58:12 | 000,073,851 | ---- | C] () -- C:\Users\Cordelia\Desktop\awakened.jpg
    [2010/12/30 00:45:03 | 000,000,000 | ---- | C] () -- C:\Windows\cedt.INI
    [2010/12/25 00:42:56 | 000,000,431 | ---- | C] () -- C:\Windows\COOK'N5.INI
    [2010/12/25 00:40:38 | 000,000,090 | ---- | C] () -- C:\Windows\Cook'n99.ini
    [2010/12/23 23:51:54 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL
    [2010/12/23 23:51:47 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
    [2010/10/12 09:44:15 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
    [2010/09/22 12:48:34 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/09/17 13:22:02 | 000,000,385 | ---- | C] () -- C:\Users\Cordelia\AppData\Roaming\Rim.Desktop.Exception.log
    [2010/09/17 13:03:33 | 000,001,602 | ---- | C] () -- C:\Users\Cordelia\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    [2010/09/11 15:02:46 | 000,001,784 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2010/09/09 18:35:14 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2010/09/09 16:23:21 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini
    [2010/08/04 20:27:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2010/08/03 23:53:24 | 000,000,671 | ---- | C] () -- C:\Users\Cordelia\AppData\Roaming\vso_ts_preview.xml
    [2010/08/03 23:53:08 | 000,000,034 | ---- | C] () -- C:\Users\Cordelia\AppData\Roaming\pcouffin.log
    [2010/08/03 23:51:03 | 000,087,608 | ---- | C] () -- C:\Users\Cordelia\AppData\Roaming\inst.exe
    [2010/08/03 23:51:03 | 000,007,887 | ---- | C] () -- C:\Users\Cordelia\AppData\Roaming\pcouffin.cat
    [2010/08/03 23:51:03 | 000,001,144 | ---- | C] () -- C:\Users\Cordelia\AppData\Roaming\pcouffin.inf
    [2010/08/03 20:18:11 | 000,005,632 | ---- | C] () -- C:\Users\Cordelia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/03 19:39:53 | 000,000,000 | ---- | C] () -- C:\Users\Cordelia\AppData\Roaming\wklnhst.dat
    [2010/08/03 19:08:15 | 000,146,735 | ---- | C] () -- C:\Users\Cordelia\AppData\Local\edsinstaller.txt-20100803.log
    [2010/08/03 14:48:35 | 000,000,680 | ---- | C] () -- C:\Users\Cordelia\AppData\Local\d3d9caps.dat
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2008/11/25 10:52:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
    [2008/11/25 10:52:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
    [2008/11/25 10:30:35 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
    [2008/11/25 10:03:09 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
    [2008/11/25 08:43:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2008/11/25 08:43:16 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
    [2007/11/29 17:30:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
    [2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
    [2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
    [2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

    ========== LOP Check ==========

    [2010/08/03 12:59:54 | 000,000,000 | ---D | M] -- C:\Users\Cordelia\AppData\Roaming\Acer
    [2010/11/06 14:10:39 | 000,000,000 | ---D | M] -- C:\Users\Cordelia\AppData\Roaming\Amazon
    [2010/10/12 09:35:47 | 000,000,000 | ---D | M] -- C:\Users\Cordelia\AppData\Roaming\Amber ePub
    [2010/08/03 23:36:26 | 000,000,000 | ---D | M] -- C:\Users\Cordelia\AppData\Roaming\Apowersoft
    [2011/01/28 13:39:15 | 000,000,000 | ---D | M] -- C:\Users\Cordelia\AppData\Roaming\Azureus
    [2010/10/13 00:56:06 | 000,000,000 | ---D | M] -- C:\Users\Cordelia\AppData\Roaming\Barnes & Noble
    [2010/09/17 14:41:17 | 000,000,000 | ---D | M] -- C:\Users\Cordelia\AppData\Roaming\Blackberry Desktop
    [2010/12/24 00:05:54 | 000,000,000 | ---D | M] -- C:\Users\Cordelia\AppData\Roaming\FreeBurner
    [2010/08/03 12:59:53 | 000,000,000 | ---D | M] -- C:\Users\Cordelia\AppData\Roaming\Leadertech
    [2010/10/12 23:10:27 | 000,000,000 | ---D | M] -- C:\Users\Cordelia\AppData\Roaming\myebook
    [2010/09/17 13:22:29 | 000,000,000 | ---D | M] -- C:\Users\Cordelia\AppData\Roaming\Research In Motion
    [2010/12/14 15:01:44 | 000,000,000 | ---D | M] -- C:\Users\Cordelia\AppData\Roaming\TechWizard
    [2010/08/03 19:39:56 | 000,000,000 | ---D | M] -- C:\Users\Cordelia\AppData\Roaming\Template
    [2010/08/25 17:04:49 | 000,000,000 | ---D | M] -- C:\Users\Cordelia\AppData\Roaming\Thunderbird
    [2010/08/10 11:58:12 | 000,000,000 | ---D | M] -- C:\Users\Cordelia\AppData\Roaming\Vso
    [2010/12/17 14:02:47 | 000,000,000 | ---D | M] -- C:\Users\Cordelia\AppData\Roaming\webex
    [2011/01/29 02:24:39 | 000,028,486 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/11/25 08:45:40 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/01/29 02:25:22 | 2072,899,584 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/29 02:25:20 | 2386,690,048 | -HS- | M] () -- C:\pagefile.sys
    [2008/11/25 10:03:57 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
    [2011/01/29 02:04:16 | 000,060,410 | ---- | M] () -- C:\TDSSKiller.2.4.15.0_29.01.2011_02.01.59_log.txt

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-18 13:52:00

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:359B3BDA
    @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C7DEC6B7

    < End of report >
     
  8. cordelia0704

    cordelia0704 Thread Starter

    Joined:
    Jan 28, 2011
    Messages:
    17
    malwarebytes log (I had already run this before posting, it keeps coming up clean, but here's a new scan)

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5631

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18999

    1/29/2011 2:52:21 AM
    mbam-log-2011-01-29 (02-52-21).txt

    Scan type: Quick scan
    Objects scanned: 152246
    Time elapsed: 2 minute(s), 53 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    extras.txt

    OTL Extras logfile created on: 1/29/2011 2:38:37 AM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Cordelia\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18999)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 69.52 Gb Total Space | 29.37 Gb Free Space | 42.25% Space Free | Partition Type: NTFS
    Drive D: | 69.52 Gb Total Space | 25.70 Gb Free Space | 36.97% Space Free | Partition Type: NTFS

    Computer Name: CORDELIASPC | User Name: Cordelia | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    http [open] -- Reg Error: Value error.
    https [open] -- Reg Error: Value error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{094901EE-4E9D-45EF-AC76-A46827EAE77C}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
    "{345D6FF4-CF3F-4058-8D58-405701C237FF}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
    "{48F14920-6685-4306-A67E-EDEC10A0DEDD}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
    "{4C6BCDE1-6E93-4019-B9EE-B0D380BD82EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{8394B2F4-7B0E-463D-A753-30091338FB4D}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
    "{AF3FF3BF-028B-477E-8C07-473829563237}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{BAACEE39-005F-4948-8909-DD89302033CC}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{CFF5A02A-5348-47E8-AA45-6D4858F89288}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
    "{F1A1B2ED-655D-4193-871D-CC9EA9E75428}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0DF56807-D418-42BA-976A-9F25A8DC86BB}" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
    "{15B88118-4F80-4354-ABF2-F8219C808918}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{2EDBC013-EE09-41EB-BBBA-42F32FD2EC78}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
    "{3488376A-A63E-4414-BE5C-C03AD93D78C0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{37EAADF5-5F49-49AC-A76C-643929E0A47E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{3964905B-4BEF-46B1-B0D8-87A32734DEC1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{3A7A55C8-2BAE-47D0-899A-40FD50688E8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
    "{3AA3AC3A-9E40-4F33-A07F-4D7069178381}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
    "{3F834D44-C506-44D6-B0CE-7D92CA122443}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
    "{41BF45FD-2280-4D33-84C1-9EF1A7765FFF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{46E6B06A-4FC4-4E25-9D63-18C562BE0B10}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{4BF1FAD5-D1F4-4309-A115-4D154BBB1C08}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{5A4356A5-D116-4469-B849-2DB800D6577F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
    "{5AE31239-0B53-4CFC-A13A-9195CAFEB2EF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{5DC1665F-3DED-4367-BAA6-C443C6A22DFF}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{64C3A9E6-2C84-4D78-AD17-94D4D0578C5B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{684495B9-617B-42D8-9D77-D55355878B8A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{71A0FF44-1148-4E1E-90CB-DF3F61E9CB42}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{7647D994-D241-41B5-94D2-A5517C163C6A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
    "{76B463E2-F1B5-4C4A-91EB-390B396C45A7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{7FAC0195-418F-48FC-9812-B58C424ECDB4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
    "{849FA308-235A-4FE5-B7C3-1FC6F2F450E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
    "{8D85D205-AEB7-4210-AA33-990109AC4C42}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{91648781-EA9E-4966-BD83-FA26ADFDCC02}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{927819EF-B5D5-4687-A128-65AD3B393219}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{A2C85C3D-F661-454B-88CB-4BD8C857CF63}" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
    "{A56CEE02-FE17-4873-8EB5-B405AFE5B084}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
    "{AAF93438-FC77-4F02-8813-5D364A019B1C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{C1A2DD4C-939A-48B0-93E8-3135DE50F89E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{CB58AB3F-4A0E-41FC-BD6A-52DF54547855}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{D956F52B-FDA2-492D-8712-1CF0E29C8128}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
    "{E776AF35-9439-4D8D-99CA-FAFD6F7E721A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{EA62FB99-E246-4A79-8F5F-39C703CF51C0}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
    "{F611C30D-FA71-41EA-9DA3-D3C7D79E0FE4}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
    "{FB21FB48-35AB-4A8B-BEFD-F9C41719973D}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{FE3C5E53-E2A0-47A0-914A-ADF8B4494B03}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "TCP Query User{0EC62DB6-6041-4086-8CF7-3CF6FDC335B2}C:\program files\cook'n9\cook'n.exe" = protocol=6 | dir=in | app=c:\program files\cook'n9\cook'n.exe |
    "TCP Query User{17A2119B-7BF7-4B63-AB26-A1E1A927F7F9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "TCP Query User{7B2BF171-A862-4FCE-AA42-4CD78426F32C}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "TCP Query User{BAD78DC6-6E5E-4764-8F04-6E3FED355470}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "TCP Query User{C00FED6C-5487-49C5-953F-0433AFE457CF}D:0\techwizard.exe" = protocol=6 | dir=in | app=d:0\techwizard.exe |
    "TCP Query User{DD14FF19-4997-48A5-AB0B-5B708B3E9E54}D:1\techwizard.exe" = protocol=6 | dir=in | app=d:1\techwizard.exe |
    "UDP Query User{11F25031-5439-464B-8CF2-D81E38AAC307}C:\program files\cook'n9\cook'n.exe" = protocol=17 | dir=in | app=c:\program files\cook'n9\cook'n.exe |
    "UDP Query User{58DDAD35-5FCE-4DA1-9E95-D7CDAC32E20D}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "UDP Query User{70DB24BF-5FA3-40BE-B45A-4C8F8E6DB903}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "UDP Query User{857EDF8E-AA45-44BA-8630-0478ACE3286A}D:0\techwizard.exe" = protocol=17 | dir=in | app=d:0\techwizard.exe |
    "UDP Query User{DAE55418-FF83-4B82-904B-006F49170567}D:1\techwizard.exe" = protocol=17 | dir=in | app=d:1\techwizard.exe |
    "UDP Query User{E8329F04-76C6-46E7-914B-4E39BC42F566}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{08067AFD-4ECE-4454-80B4-31C859D4EDC1}" = F4400
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{598420E8-E9F9-4FAE-9B6C-599FDF2F611A}" = BlackBerry App World Browser Plugin
    "{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
    "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
    "{5DFC26EF-8316-41D5-BCCD-E562A79EC3B2}" = Vz In Home Agent
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
    "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
    "{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
    "{8C0B406B-DF08-49EF-8702-FA45752C135F}" = Verizon Download Manager
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
    "{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
    "{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5
    "{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
    "{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 4.65
    "A24B23EB-0632-4D92-B087-011CAE348023" = Sigil
    "ActiveTouchMeetingClient" = WebEx
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
    "avast5" = avast! Free Antivirus
    "Bejeweled 31.0" = Bejeweled 3
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
    "BN_DesktopReader" = NOOK for PC
    "CCleaner" = CCleaner
    "CMUD" = CMUD 2.37
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
    "Cook'n Recipe Browser" = Cook'n Recipe Browser
    "Cook'n with Betty Crocker" = Cook'n with Betty Crocker
    "Crimson Editor SVN286" = Crimson Editor SVN286
    "DivX Setup.divx.com" = DivX Setup
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Free Easy Burner_is1" = Free Easy Burner V 4.1
    "Games by Petersonic 1.00" = Games by Petersonic 1.00
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Photo Creations" = HP Photo Creations
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "LG USB Booster_is1" = Booster 1.05A02
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "Recuva" = Recuva
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "The Rosetta Stone" = The Rosetta Stone
    "Verizon Help and Support" = Verizon Help and Support Tool
    "VirtualCloneDrive" = VirtualCloneDrive
    "VISPRO" = Microsoft Office Visio Professional 2007
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR" = WinRAR
    "zMUD" = zMUD 7.21.0.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{4E002314-9999-4402-9823-1CB9E6098849}_is1" = Shopping InContext

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/30/2010 8:39:58 PM | Computer Name = Cordeliaspc | Source = Perflib | ID = 1008
    Description =

    Error - 12/31/2010 8:44:37 PM | Computer Name = Cordeliaspc | Source = Perflib | ID = 1010
    Description =

    Error - 12/31/2010 8:44:37 PM | Computer Name = Cordeliaspc | Source = Perflib | ID = 1008
    Description =

    Error - 1/1/2011 2:34:30 AM | Computer Name = Cordeliaspc | Source = Windows Search Service | ID = 3013
    Description =

    Error - 1/1/2011 8:48:40 PM | Computer Name = Cordeliaspc | Source = Perflib | ID = 1010
    Description =

    Error - 1/1/2011 8:48:40 PM | Computer Name = Cordeliaspc | Source = Perflib | ID = 1008
    Description =

    Error - 1/2/2011 8:52:38 PM | Computer Name = Cordeliaspc | Source = Perflib | ID = 1010
    Description =

    Error - 1/2/2011 8:52:38 PM | Computer Name = Cordeliaspc | Source = Perflib | ID = 1008
    Description =

    Error - 1/3/2011 8:56:38 PM | Computer Name = Cordeliaspc | Source = Perflib | ID = 1010
    Description =

    Error - 1/3/2011 8:56:38 PM | Computer Name = Cordeliaspc | Source = Perflib | ID = 1008
    Description =

    [ OSession Events ]
    Error - 1/13/2011 6:48:54 PM | Computer Name = Cordeliaspc | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
    seconds with 0 seconds of active time. This session ended with a crash.


    < End of report >
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    continue as follows please :-

    Step 1

    OTL Fix

    Re-Run [​IMG] by double left click, Vista and Widows 7 users right click and select Run as Administrator.
    • Under the [​IMG] box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
      O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
      O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Reg Error: Key error.)
      O33 - MountPoints2\{a5656ab6-b9eb-11df-a39e-00238b6c92ba}\Shell\AutoRun\command - "" = H:\setup.exe
      :Services
      :Reg
      :Files
      ipconfig /flushdns /c
      :Commands
      [purity]
       [emptytemp]
      [EMPTYFLASH]
      [CREATERESTOREPOINT]
       
    • Then click [​IMG] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log it produces in your next reply.

    Step 2

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:

      Code:
      :Dir
      C:\Windows\System32\%APPDATA% /sub
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    Post the two logs please, Any improvement?

    Kevin
     
  10. cordelia0704

    cordelia0704 Thread Starter

    Joined:
    Jan 28, 2011
    Messages:
    17
    SystemLook 04.09.10 by jpshortstuff
    Log created at 04:00 on 29/01/2011 by Cordelia
    Administrator - Elevation successful

    ========== Dir ==========

    C:\Windows\System32\C:\Users\Cordelia\AppData\Roaming - Unable to find folder.

    -= EOF =-

    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
    Starting removal of ActiveX control {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5656ab6-b9eb-11df-a39e-00238b6c92ba}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5656ab6-b9eb-11df-a39e-00238b6c92ba}\ not found.
    File H:\setup.exe not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Cordelia\Desktop\cmd.bat deleted successfully.
    C:\Users\Cordelia\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Cordelia
    ->Temp folder emptied: 237428 bytes
    ->Temporary Internet Files folder emptied: 1475479 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 41941775 bytes
    ->Flash cache emptied: 566 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 846 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 42.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Cordelia
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.20.6 log created on 01292011_035602

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...


    I want to say the problem is gone. The audio is gone, I haven't been redirected anywhere and there are no more pop ups. Also this page loaded in less than 3 minutes so I'd say that's a good sign :p

    Thank you so much
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    I`m a bit concerned about this folder, C:\Windows\System32\%APPDATA% do you still have combofix on your dektop? CF may be the best tool to look at it. Have you had anything relate to Whitesmoke on your system?
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya cordelia0704

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    Killall::
    Dirlook::
    C:\Windows\System32\%APPDATA%
    
    Save this as CFScript.txt, in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


    Kevin
     
  13. cordelia0704

    cordelia0704 Thread Starter

    Joined:
    Jan 28, 2011
    Messages:
    17
    Hi Kevin sorry it was almost 5am for me I had to get some sleep and I've woken up late for an appointment so I'll do this as soon as i get home. I have no idea what whitesmoke is should that make sense to me?
    also, combofix crashed my system a number of times yesterday will it work now? Here's the information microsoft was able to give me after my system rebooted about what caused it.

    Problem signature:
    Problem Event Name: BlueScreen
    OS Version: 6.0.6002.2.2.0.768.3
    Locale ID: 1033

    Additional information about the problem:
    BCCode: 8086
    BCP1: 00000000
    BCP2: 00000000
    BCP3: 00000000
    BCP4: 00000000
    OS Version: 6_0_6002
    Service Pack: 2_0
    Product: 768_1

    Files that help describe the problem:
    C:\Windows\Minidump\Mini012911-01.dmp
    C:\Users\Cordelia\AppData\Local\Temp\WER-62728-0.sysdata.xml
    C:\Users\Cordelia\AppData\Local\Temp\WER4B70.tmp.version.txt
     
  14. cordelia0704

    cordelia0704 Thread Starter

    Joined:
    Jan 28, 2011
    Messages:
    17
    ok crazy day finally over. It was nice to see combofix not crash my computer for a change.

    ComboFix 11-01-29.02 - Cordelia 01/30/2011 1:48.1.2 - x86
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.1976.972 [GMT -5:00]
    Running from: c:\users\Cordelia\Desktop\ComboFix.exe
    Command switches used :: c:\users\Cordelia\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Cordelia\AppData\Roaming\inst.exe
    c:\users\Cordelia\GoToAssistDownloadHelper.exe
    c:\windows\desktop
    c:\windows\desktop\Cook'n with Betty Crocker.lnk

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-30 )))))))))))))))))))))))))))))))
    .

    2011-01-30 06:54 . 2011-01-30 06:55 -------- d-----w- c:\users\Cordelia\AppData\Local\temp
    2011-01-30 06:54 . 2011-01-30 06:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2011-01-30 06:54 . 2011-01-30 06:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-29 08:56 . 2011-01-29 08:56 -------- d-----w- C:\_OTL
    2011-01-29 06:58 . 2011-01-29 06:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\SupportSoft
    2011-01-29 06:57 . 2011-01-29 06:57 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2011-01-29 04:00 . 2011-01-29 04:00 388096 ----a-r- c:\users\Cordelia\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-01-29 04:00 . 2011-01-29 04:00 -------- d-----w- c:\program files\Trend Micro
    2011-01-28 19:30 . 2011-01-28 19:30 -------- d-----w- c:\users\Cordelia\AppData\Roaming\Malwarebytes
    2011-01-28 19:30 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-28 19:30 . 2011-01-28 19:30 -------- d-----w- c:\programdata\Malwarebytes
    2011-01-28 19:30 . 2011-01-28 19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-28 19:30 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-28 06:38 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5D37978B-6743-4DDE-B862-5D6F5523CCFF}\mpengine.dll
    2011-01-23 23:08 . 1998-10-29 19:45 306688 ----a-w- c:\windows\IsUninst.exe
    2011-01-21 06:44 . 2011-01-21 07:09 -------- d-----w- c:\programdata\.cookn
    2011-01-21 06:38 . 2011-01-22 05:18 -------- d-----w- c:\program files\Cook'n9
    2011-01-18 13:47 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-18 13:47 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-01-18 13:47 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-01-18 13:47 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-01-18 13:47 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
    2011-01-18 13:47 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-01-18 13:47 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-13 08:47 . 2010-08-04 00:24 188216 ----a-w- c:\windows\system32\aswBoot.exe
    2011-01-13 08:41 . 2010-08-04 00:24 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-01-13 08:40 . 2010-08-04 00:24 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-01-13 08:37 . 2010-08-04 00:24 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-01-13 08:37 . 2010-08-04 00:24 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-01-13 08:37 . 2010-08-04 00:24 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-12-31 20:06 . 2010-08-04 00:24 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-25 06:06 . 2010-12-25 06:06 0 ----a-w- c:\windows\BETTY.REG
    2010-11-04 18:56 . 2010-12-15 17:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55 . 2010-12-15 17:07 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55 . 2010-12-15 17:07 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55 . 2010-12-15 17:07 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34 . 2010-12-15 17:07 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 06:01 . 2010-12-15 17:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57 . 2010-12-15 17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57 . 2010-12-15 17:08 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57 . 2010-12-15 17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:57 . 2010-12-15 17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:01 . 2010-12-15 17:08 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26 . 2010-12-15 17:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24 . 2010-12-15 17:08 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\windows\System32\%APPDATA% ----

    2011-01-29 06:57 . 2011-01-29 06:57 16384 --sha-w- c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-25 145944]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
    "VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2010-09-29 206120]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2008-06-12 02:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2008-06-12 06:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2009-11-18 20:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-06-05 17:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
    2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
    R3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\DRIVERS\inidvd.sys [2009-08-05 15896]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
    S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2010-10-13 98304]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2010-09-29 206120]
    S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2010-09-29 185640]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 22:21]

    2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 22:21]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0810&m=aspire_7730z
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0810&m=aspire_7730z
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
    DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
    DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
    FF - ProfilePath - c:\users\Cordelia\AppData\Roaming\Mozilla\Firefox\Profiles\ictbtojd.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-30 01:57
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\windows\RtHDVCpl.exe
    c:\program files\Alwil Software\Avast5\AvastUI.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-30 02:01:44 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-30 07:01

    Pre-Run: 30,129,881,088 bytes free
    Post-Run: 29,963,984,896 bytes free

    - - End Of File - - CCE9BE8F248D9BA272CCE2EEFE86FC97
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    How is your system responding, any issues?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/977627

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice