Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBR\\:\physicaldrive0 avast detected issue


  • Please log in to reply
14 replies to this topic

#1 tveye79

tveye79

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 20 January 2011 - 10:38 PM

Hello bleepingcomputer.com users,

The site is very informative. I am hoping you can help me with my issue. I started to have problems with Mozilla Firefox redirecting me when I clicked on search results through yahoo, (I could go to the sites if I typed the address in the address bar). I ended up at some suspected attack pages and closed the browser. Since then the computer has been freezing and taking an extremely long time to start. I use Avast antivirus and spybot search and destroy, I had trouble updated both these programs, but was able to use safe mode up until yesterday. Now I cannot get the computer started, I removed the hard drive and hooked it up to an external usb connection and scanned it with my other computer. I am hoping I can get some files off the drive before reinstalling windows (or if I can avoid a reinstall that would be great).
I am running windows xp
the drive that the problem is occuring on is labelled G in the reports

here is the DDS report


DDS (Ver_10-12-12.02) - NTFSx86
Run by Jonny at 19:24:38.90 on Thu 01/20/2011
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.57 [GMT -6:00]

AV: Norton AntiVirus *Disabled/Outdated* {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Internet Security *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Kung Fu\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ca.yahoo.com/?p=us
uSearch Page = hxxp://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sp/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.dell.com
uSearch Bar = hxxp://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true&lc=1033&fid=RegXPWizCredOnly
mSearchAssistant = hxxp://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_08\bin\ssv.dll
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-ca\msntb.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Web assistant: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-ca\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim95\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} - hxxp://www.streamaudio.com/download/ccpm_0237.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} - hxxp://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-15 165584]
R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2009-11-16 11920]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\savrtpel.sys [2006-11-6 37000]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-15 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-15 40384]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2003-11-21 255648]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2003-11-21 218736]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2003-11-21 235168]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-15 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-15 40384]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2003-6-24 66784]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-11-21 87712]
S3 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2003-11-21 158848]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050105.009\NAVENG.Sys [2005-1-12 72712]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050105.009\NavEx15.Sys [2005-1-12 629544]
S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2009-11-16 266432]
S3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2006-11-6 305288]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVSCAN.EXE [2003-11-21 194272]

=============== Created Last 30 ================


==================== Find3M ====================

2011-01-08 14:26:14 24040 ----a-w- c:\windows\TMPG001.TMP

============= FINISH: 19:25:14.54 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/28/2004 6:43:28 PM
System Uptime: 1/20/2011 7:08:57 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0N6381
Processor: Intel® Celeron® CPU 2.40GHz | Microprocessor | 2394/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 56.876 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 149 GiB total, 41.931 GiB free.
G: is FIXED (NTFS) - 37 GiB total, 13.397 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1221: 10/4/2010 10:33:54 PM - System Checkpoint
RP1222: 10/5/2010 11:33:53 PM - System Checkpoint
RP1223: 10/7/2010 12:33:54 AM - System Checkpoint
RP1224: 10/8/2010 1:33:54 AM - System Checkpoint
RP1225: 10/9/2010 2:33:54 AM - System Checkpoint
RP1226: 10/10/2010 3:33:54 AM - System Checkpoint
RP1227: 10/11/2010 4:33:53 AM - System Checkpoint
RP1228: 10/12/2010 5:33:53 AM - System Checkpoint
RP1229: 10/13/2010 6:33:54 AM - System Checkpoint
RP1230: 10/14/2010 7:33:56 AM - System Checkpoint
RP1231: 10/15/2010 8:33:53 AM - System Checkpoint
RP1232: 10/16/2010 9:33:55 AM - System Checkpoint
RP1233: 10/17/2010 10:33:54 AM - System Checkpoint
RP1234: 10/18/2010 11:33:55 AM - System Checkpoint
RP1235: 10/19/2010 12:33:54 PM - System Checkpoint
RP1236: 10/20/2010 1:33:55 PM - System Checkpoint
RP1237: 10/21/2010 2:33:54 PM - System Checkpoint
RP1238: 10/22/2010 3:33:55 PM - System Checkpoint
RP1239: 10/23/2010 4:33:54 PM - System Checkpoint
RP1240: 10/24/2010 5:33:54 PM - System Checkpoint
RP1241: 10/25/2010 6:33:54 PM - System Checkpoint
RP1242: 10/26/2010 7:33:55 PM - System Checkpoint
RP1243: 10/27/2010 8:33:54 PM - System Checkpoint
RP1244: 10/28/2010 9:33:54 PM - System Checkpoint
RP1245: 10/29/2010 10:33:54 PM - System Checkpoint
RP1246: 10/30/2010 11:33:53 PM - System Checkpoint
RP1247: 11/1/2010 4:54:14 PM - System Checkpoint
RP1248: 11/2/2010 4:58:06 PM - System Checkpoint
RP1249: 11/6/2010 1:27:00 PM - System Checkpoint
RP1250: 11/7/2010 1:14:42 PM - System Checkpoint
RP1251: 11/8/2010 2:14:39 PM - System Checkpoint
RP1252: 11/9/2010 3:14:39 PM - System Checkpoint
RP1253: 12/15/2010 1:35:18 PM - avast! Free Antivirus Setup
RP1254: 12/16/2010 1:45:35 PM - System Checkpoint
RP1255: 12/17/2010 2:19:33 PM - System Checkpoint
RP1256: 12/18/2010 3:10:21 PM - System Checkpoint
RP1257: 12/20/2010 11:55:49 AM - System Checkpoint
RP1258: 12/21/2010 12:05:35 PM - System Checkpoint
RP1259: 12/21/2010 4:19:41 PM - Installed Coby Media Manager
RP1260: 12/22/2010 5:04:28 PM - System Checkpoint
RP1261: 12/24/2010 10:28:22 PM - System Checkpoint
RP1262: 12/25/2010 11:04:42 PM - System Checkpoint
RP1263: 12/27/2010 12:14:40 AM - System Checkpoint
RP1264: 12/28/2010 1:04:42 AM - System Checkpoint
RP1265: 12/29/2010 2:04:42 AM - System Checkpoint
RP1266: 12/30/2010 3:04:42 AM - System Checkpoint
RP1267: 12/31/2010 4:04:09 AM - System Checkpoint
RP1268: 1/1/2011 4:04:44 AM - System Checkpoint
RP1269: 1/2/2011 4:05:47 AM - System Checkpoint
RP1270: 1/20/2011 6:17:46 PM - System Checkpoint

==== Installed Programs ======================

Adobe Acrobat - Reader 6.0.2 Update
Adobe ActiveShare 1.3.1
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
AiO_Scan_CDA
AiOSoftwareNPI
avast! Free Antivirus
Before You Know It 3.6
Blender (remove only)
BufferChm
CardRd81
CC_ccProxyMSI
CC_ccStart
ccCommon
CCScore
Civilization III
Coby Media Manager
CodeBaby Player (Remove Only) 1.0.2.19
Conexant D850 56K V.9x DFVc Modem
CR2
CustomerResearchQFolder
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
DellSupport
Destinations
DeviceManagementQFolder
Digital Line Detect
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
ESSvpaht
ESSvpot
eSupportQFolder
F300
F300_Help
Fax_CDA
Gif2swf
Gravis Xperience 4.5
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Iron Man Image Lab
J2SE Runtime Environment 5.0 Update 8
Jasc Paint Shop Photo Album
Java 2 Runtime Environment, SE v1.4.2_03
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
LimeWire 4.12.11
LiveReg (Symantec Corporation)
Macromedia Flash MX 2004
MarketResearch
Medical Terminology for Health Professions
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
Modem Helper
Movies
MSN
MSN Toolbar
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MUSICMATCH® Jukebox
NetWaiting
NewCopy_CDA
Norton AntiSpam
Norton AntiVirus
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton WMI Update
Notifier
OfotoXMI
OTtBP
OTtBPSDK
PCDADDIN
PCDHELP
Pivot Stickfigure Animator
Pokémon Masters Arena
Pokémon Team Turbo (remove only)
ProductContextNPI
QuickTime
Readme
Rogers Yahoo! Applications
Roll
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Serif 3DPlus 2.0
SFR
SFR2
SHASTA
SKIN0001
SKINXSDK
SolutionCenter
Sonic DLA
Status
Symantec Network Drivers Update
Symantec Script Blocking Installer
Tales Animator 2.0
Toolbox
TrayApp
Trellix Web
Uninstall Dual Mode Camera
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update Manager (remove only)
USB SMART PAD
Viewpoint Media Player
VPRINTOL
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WIRELESS
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

1/20/2011 6:33:40 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.


==== End Of File ===========================


here is the results from gmer
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-20 20:56:13
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.8.16
Running: gmer.exe; Driver: C:\DOCUME~1\Jonny\LOCALS~1\Temp\pxdoapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xF00CDCF0]
SSDT FFAF0FC0 ZwConnectPort
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xF00CDBAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xF00CE160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xF00CE08A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xF00CD782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xF00CDC86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xF00CD6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xF00CD726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xF00CDDA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF00CE22E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xF00CDD66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xF00CDEE6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF00DABAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xF00DA9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xF00DAB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 805643A3 5 Bytes JMP F00D7FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!NtCreateSection 8056461B 7 Bytes JMP F00DA9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 80581E82 7 Bytes JMP F00DABB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A10B2 2 Bytes JMP F00D65D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject + 3 805A10B5 2 Bytes [B3, 6F] {MOV BL, 0x6f}
PAGE ntoskrnl.exe!ZwLoadDriver 805A407A 7 Bytes JMP F00DAB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\DOCUME~1\Jonny\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1488] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[724] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT C:\WINDOWS\system32\services.exe[724] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\Fastfat \Fat BA7E4C8A

AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Threads - GMER 1.0.15 ----

Thread System [4:976] EEFD21F0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\Control@
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\Implemented Categories@
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}@
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}@
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32@ C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\Insertable@
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\MiscStatus\1@ 131473
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\ProgID@ AxMetaStream.MetaStreamCtlSecondary.1
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\Programmable@
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\ToolboxBitmap32@ C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll, 101
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\Version@ 1.0
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\VersionIndependentProgID@ AxMetaStream.MetaStreamCtlSecondary

---- Files - GMER 1.0.15 ----

File G:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for SNES rom file sampler - 6 quality games emulation emulator rom smc super nintendo mario rpg chronotrigger secret of mana zelda link past megaman x.zip\chronotrigger.smc 4194816 bytes
File G:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for SNES rom file sampler - 6 quality games emulation emulator rom smc super nintendo mario rpg chronotrigger secret of mana zelda link past megaman x.zip\mario rpg.smc 4194304 bytes
File G:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for SNES rom file sampler - 6 quality games emulation emulator rom smc super nintendo mario rpg chronotrigger secret of mana zelda link past megaman x.zip\megamanx.smc 1573376 bytes
File G:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for SNES rom file sampler - 6 quality games emulation emulator rom smc super nintendo mario rpg chronotrigger secret of mana zelda link past megaman x.zip\secret of mana.smc 2097664 bytes
File G:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for SNES rom file sampler - 6 quality games emulation emulator rom smc super nintendo mario rpg chronotrigger secret of mana zelda link past megaman x.zip\super mario world.smc 524800 bytes
File G:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for SNES rom file sampler - 6 quality games emulation emulator rom smc super nintendo mario rpg chronotrigger secret of mana zelda link past megaman x.zip\Zelda link past.smc 1049088 bytes

---- EOF - GMER 1.0.15 ----

I forgot to mention that when I ran scans with Avast, it detected a suspicious file mbr\\:\PHYSICALDRIVE0 which avast could not move to chest, or delete. I did several boot time scans with avast and it ended up detecting more of the same file (mbr\\:\PHYSICALDRIVE0) my wife told me that there were around five of them detected last time the computer was able to start. When I try to start windows on that computer it would begin to boot, windows xp logo would disappear almost immediately after coming up and then it would go back to the start up in safe mode, safe mode w/networking... ect screen. I tried booting from a windows XP cd but I am not very experienced with running the computer from a cd and could not get it to boot. any help would be greatly appreciated.

EDIT: Posts merged ~BP

Edited by Budapest, 20 January 2011 - 10:51 PM.


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:28 PM

Posted 26 January 2011 - 01:21 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 tveye79

tveye79
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 27 January 2011 - 10:11 PM

Thanks for your reply.

I am still having issues with this computer. I do have a copy of windows xp setup, I think it is for home edition, which is what is installed on the computer, it is a microsoft disk, but not the one which installed the windows (I got the computer used). I can get into the recovery console through the windows cd, but still cannot log into windows under any mode. (I am not experiencing any issues with the computer running the c: drive.)

I have the hardrive in an external port now to scan it. It is labelled G: in the log files.

here is the DDS log


DDS (Ver_10-12-12.02) - NTFSx86
Run by Jonny at 20:13:53.21 on Thu 01/27/2011
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.49 [GMT -6:00]


============== Running Processes ===============

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Jonny\Desktop\Kung Fu\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter

============== Pseudo HJT Report ===============

uStart Page = hxxp://ca.yahoo.com/?p=us
uSearch Page = hxxp://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sp/*http://www.yahoo.com
uDefault_Page_URL = hxxp://www.dell.com
uSearch Bar = hxxp://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true&lc=1033&fid=RegXPWizCredOnly
mSearchAssistant = about:blank
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_08\bin\ssv.dll
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-ca\msntb.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-ca\msntb.dll
TB: Web assistant: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim95\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} - hxxp://www.streamaudio.com/download/ccpm_0237.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} - hxxp://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R? ntxpusb;Gravis USB device driver
S? aswFsBlk;aswFsBlk
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? kid_sys;Kensington Input Devices Class filter driver

=============== Created Last 30 ================

2011-01-26 04:55:34 -------- d-----w- c:\docume~1\jonny\locals~1\applic~1\Temp
2011-01-25 15:08:38 -------- d-----w- c:\docume~1\jonny\locals~1\applic~1\Identities
2011-01-24 04:39:30 -------- d-----w- c:\windows\system32\NtmsData
2011-01-22 20:45:18 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-22 20:44:30 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-01-22 20:43:25 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-22 20:43:25 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-22 20:43:25 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-22 20:43:25 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-22 20:43:25 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-22 20:43:25 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-22 20:43:25 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-22 20:43:25 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-22 20:43:24 -------- d-----w- C:\449cbb8473e9f7881700b41444
2011-01-22 20:16:03 -------- d-----w- c:\program files\MSXML 6.0
2011-01-22 18:49:49 -------- d-----w- c:\program files\common files\ODBC
2011-01-22 18:20:38 -------- d-----w- c:\windows\ServicePackFiles
2011-01-22 18:04:29 -------- d-----w- c:\program files\MSXML 4.0
2011-01-22 17:30:23 -------- d-----w- C:\PMAIL
2011-01-22 01:53:46 1409 ----a-w- c:\windows\QTFont.for
2011-01-21 20:39:05 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-01-21 20:25:44 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-01-21 20:25:44 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-01-21 20:24:33 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-01-21 20:24:11 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-01-21 20:23:35 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-01-21 20:22:57 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2011-01-21 20:22:57 283648 ------w- c:\windows\system32\dllcache\pdh.dll
2011-01-21 20:22:56 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2011-01-21 20:22:56 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-01-21 20:22:56 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2011-01-21 20:22:56 35328 ------w- c:\windows\system32\dllcache\sc.exe
2011-01-21 20:22:56 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2011-01-21 20:22:56 110592 ------w- c:\windows\system32\dllcache\services.exe
2011-01-21 20:22:55 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-01-21 20:22:55 616960 ------w- c:\windows\system32\dllcache\advapi32.dll
2011-01-21 20:22:42 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-01-21 20:17:52 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-01-21 20:10:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-21 20:10:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-01-21 20:09:57 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2011-01-21 20:07:09 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-01-21 20:05:43 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-01-21 17:45:25 -------- d-----w- c:\docume~1\jonny\locals~1\applic~1\Opera

==================== Find3M ====================

2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
2011-01-08 14:26:14 24040 ----a-w- c:\windows\TMPG001.TMP

============= FINISH: 20:18:27.78 ===============

{Here is the GMER Log}


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-27 21:28:00
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.8.16
Running: gmer.exe; Driver: C:\DOCUME~1\Jonny\LOCALS~1\Temp\pxdoapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xEFC50728]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xEFC577EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xEFC576A2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xEFC57CA8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xEFC57BBE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xEFC57276]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xEFC507D8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xEFC5777E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xEFC571B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xEFC57218]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xEFC50870]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xEFC578C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEFC57D76]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xEFC57880]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xEFC57A04]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEFC6482E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xEFC64652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xEFC6478C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + B0 804E271C 4 Bytes JMP 0AEFC577
PAGE ntoskrnl.exe!ObInsertObject 80564423 5 Bytes JMP EFC61C88 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!NtCreateSection 8056469B 7 Bytes JMP EFC64656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 805820F6 7 Bytes JMP EFC64832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A29A4 5 Bytes JMP EFC601EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A5972 7 Bytes JMP EFC64790 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\DOCUME~1\Jonny\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[140] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[140] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[140] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[140] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[140] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[140] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[140] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[140] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[140] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[140] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[140] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[140] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[140] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[140] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[140] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[276] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[276] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[276] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[276] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[276] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[276] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[276] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[276] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[276] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[276] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[276] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[276] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[276] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[276] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[276] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\HPZipm12.exe[288] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\HPZipm12.exe[288] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\HPZipm12.exe[288] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\HPZipm12.exe[288] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\HPZipm12.exe[288] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\HPZipm12.exe[288] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\HPZipm12.exe[288] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\HPZipm12.exe[288] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\HPZipm12.exe[288] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\HPZipm12.exe[288] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\HPZipm12.exe[288] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\HPZipm12.exe[288] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\HPZipm12.exe[288] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\HPZipm12.exe[288] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\HPZipm12.exe[288] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[296] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[296] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[296] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[296] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[296] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[296] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[296] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[296] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\DOCUME~1\Jonny\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[360] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\DOCUME~1\Jonny\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[360] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[388] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[388] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[388] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[388] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[388] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[388] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[388] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[644] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[644] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[644] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[644] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[644] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[644] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[644] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[644] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[644] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[644] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[644] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[644] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[688] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[688] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[688] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[700] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[700] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[700] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[888] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[888] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[956] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[956] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[956] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[956] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[956] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[956] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\fxssvc.exe[1044] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\fxssvc.exe[1044] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\fxssvc.exe[1044] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\fxssvc.exe[1044] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\fxssvc.exe[1044] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\fxssvc.exe[1044] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\fxssvc.exe[1044] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\fxssvc.exe[1044] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\fxssvc.exe[1044] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\fxssvc.exe[1044] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\fxssvc.exe[1044] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\fxssvc.exe[1044] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\fxssvc.exe[1044] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\fxssvc.exe[1044] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\fxssvc.exe[1044] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1052] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1052] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1052] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1052] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1052] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1432] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1756] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1756] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1756] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1756] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1756] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1756] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1756] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1756] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1756] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1756] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1756] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1756] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1756] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1888] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1888] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1888] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1888] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1888] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1888] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1888] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1888] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1888] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1888] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1888] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1888] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1888] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1888] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[1888] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1984] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1984] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1984] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1984] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1984] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1984] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1984] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1984] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1984] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1984] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1984] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1984] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1984] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1984] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1984] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2356] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2356] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2356] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2356] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2356] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2356] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2356] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2356] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2356] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2356] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2356] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2356] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2356] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2356] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2356] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2676] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2676] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2676] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3160] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3160] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3160] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3160] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3160] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3160] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3160] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3160] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3160] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3160] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3160] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3160] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3160] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3160] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3160] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Opera\opera.exe[3372] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Opera\opera.exe[3372] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Opera\opera.exe[3372] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Opera\opera.exe[3372] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Opera\opera.exe[3372] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Opera\opera.exe[3372] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Opera\opera.exe[3372] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Opera\opera.exe[3372] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Opera\opera.exe[3372] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Opera\opera.exe[3372] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Opera\opera.exe[3372] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Opera\opera.exe[3372] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Opera\opera.exe[3372] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Opera\opera.exe[3372] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Opera\opera.exe[3372] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[688] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005F0002
IAT C:\WINDOWS\system32\services.exe[688] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005F0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat BA7E4C8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\Control@
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\Implemented Categories@
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}@
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}@
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32@ C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\Insertable@
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\MiscStatus@ 0
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\MiscStatus\1
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\MiscStatus\1@ 131473
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\ProgID@ AxMetaStream.MetaStreamCtlSecondary.1
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\Programmable@
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\ToolboxBitmap32@ C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll, 101
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\Version@ 1.0
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\VersionIndependentProgID@ AxMetaStream.MetaStreamCtlSecondary

---- Files - GMER 1.0.15 ----

File G:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for SNES rom file sampler - 6 quality games emulation emulator rom smc super nintendo mario rpg chronotrigger secret of mana zelda link past megaman x.zip\chronotrigger.smc 4194816 bytes
File G:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for SNES rom file sampler - 6 quality games emulation emulator rom smc super nintendo mario rpg chronotrigger secret of mana zelda link past megaman x.zip\mario rpg.smc 4194304 bytes
File G:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for SNES rom file sampler - 6 quality games emulation emulator rom smc super nintendo mario rpg chronotrigger secret of mana zelda link past megaman x.zip\megamanx.smc 1573376 bytes
File G:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for SNES rom file sampler - 6 quality games emulation emulator rom smc super nintendo mario rpg chronotrigger secret of mana zelda link past megaman x.zip\secret of mana.smc 2097664 bytes
File G:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for SNES rom file sampler - 6 quality games emulation emulator rom smc super nintendo mario rpg chronotrigger secret of mana zelda link past megaman x.zip\super mario world.smc 524800 bytes
File G:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for SNES rom file sampler - 6 quality games emulation emulator rom smc super nintendo mario rpg chronotrigger secret of mana zelda link past megaman x.zip\Zelda link past.smc 1049088 bytes

---- EOF - GMER 1.0.15 ----


Thank you for your help, I am finding this site very eye opening and helpful.

#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:28 AM

Posted 29 January 2011 - 12:20 PM

hi,

We will get two downloads to use. the first is tdsskiller, the second is called Malwarebytes which you can keep and use.

Please download TDSS Killer.exe and save it to your desktop
Double click to launch the utility. After it initializes click the start scan button.

Once the scan completes you can click the continue button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

"After clicking Next, the utility applies selected actions and outputs the result."

"A reboot might require after disinfection."

A report will be found in your Root drive Local Disk (C:) as TDSSKiller.2.4.12.0_02.01.2011_17.32.21_log.txt (name, version, date, time, log.txt)
Please post the log report

Malwarebytes:

Please download the free version of Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

How Can I Reduce My Risk to Malware?


#5 tveye79

tveye79
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 31 January 2011 - 06:27 AM

I couldn't find a way to get tdskiller to scan an external drive. It only scanned the C: drive when I ran it and found nothing.

I did save tdskiller to my G: drive and if I can run windows from it now I will run tdskiller in safemode.

Here is the report from malwarebytes

Scan type: Full scan (G:\|)
Objects scanned: 269722
Time elapsed: 2 hour(s), 55 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109FD3D-D891-4f80-8339-50A4913ACE6F} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90B5A95A-AFD5-4d11-B9BD-A69D53D22226} (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:28 AM

Posted 03 February 2011 - 07:40 PM

We will get another download to use as a check for malware. Its called combofix. There is a guide to read first. Read through the guide and apply the directions on your own machine. Please post the log it generates;

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#7 tveye79

tveye79
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 04 February 2011 - 12:42 AM

ComboFix 11-01-31.02 - Jonny 02/03/2011 22:52:07.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.96 [GMT -6:00]
Running from: c:\documents and settings\Jonny\Desktop\Kung Fu\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG

.
((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
.

2011-02-01 01:01 . 2011-02-04 04:01 -------- d-----w- c:\documents and settings\Jonny\Application Data\Jarte
2011-02-01 01:00 . 2011-02-01 01:01 -------- d-----w- c:\program files\Jarte
2011-01-31 23:48 . 2011-01-31 23:50 -------- d-----w- c:\program files\Audiograbber
2011-01-31 02:44 . 2011-01-31 02:44 -------- d-----w- c:\documents and settings\Jonny\Application Data\Malwarebytes
2011-01-31 02:43 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 02:42 . 2011-01-31 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-31 02:42 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-31 02:42 . 2011-01-31 11:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-30 17:08 . 2011-01-30 17:08 -------- d-----w- c:\program files\Atari
2011-01-30 06:28 . 2011-01-30 17:00 -------- d-----w- c:\documents and settings\Jonny\Application Data\Youtube Downloader HD
2011-01-28 06:43 . 2011-01-28 06:44 -------- d-----w- c:\program files\Cobian Backup 8
2011-01-28 06:35 . 2011-01-28 06:35 -------- d-----w- c:\documents and settings\Jonny\Local Settings\Application Data\Safe mirror
2011-01-28 06:34 . 2011-01-28 06:34 -------- d-----w- c:\program files\Cobian Backup 10
2011-01-26 04:55 . 2011-01-26 04:55 -------- d-----w- c:\documents and settings\Jonny\Local Settings\Application Data\Temp
2011-01-25 15:08 . 2011-01-25 15:08 -------- d-----w- c:\documents and settings\Jonny\Local Settings\Application Data\Identities
2011-01-24 05:29 . 2011-01-24 05:29 -------- d-----w- c:\documents and settings\RainingDreaming
2011-01-24 04:39 . 2011-01-24 12:52 -------- d-----w- c:\windows\system32\NtmsData
2011-01-24 03:13 . 2011-01-24 03:13 -------- d-----w- c:\documents and settings\Gabriel\Local Settings\Application Data\Opera
2011-01-22 20:45 . 2011-01-22 20:45 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-22 20:45 . 2011-01-22 20:45 -------- d-----w- c:\program files\MSBuild
2011-01-22 20:44 . 2011-01-22 20:44 -------- d-----w- c:\program files\Reference Assemblies
2011-01-22 20:44 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-01-22 20:43 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-22 20:43 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-22 20:43 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-22 20:43 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-22 20:43 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-22 20:43 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-22 20:43 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-22 20:43 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-22 20:43 . 2011-01-22 20:44 -------- d-----w- C:\449cbb8473e9f7881700b41444
2011-01-22 20:16 . 2011-01-22 20:16 -------- d-----w- c:\program files\MSXML 6.0
2011-01-22 18:20 . 2011-01-22 18:20 -------- d-----w- c:\windows\ServicePackFiles
2011-01-22 18:04 . 2011-01-22 18:04 -------- d-----w- c:\program files\MSXML 4.0
2011-01-22 17:30 . 2011-01-22 17:31 -------- d-----w- C:\PMAIL
2011-01-22 01:53 . 2011-01-22 01:53 1409 ----a-w- c:\windows\QTFont.for
2011-01-21 20:39 . 2011-01-24 05:25 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-01-21 20:25 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-01-21 20:25 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-01-21 20:24 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2011-01-21 20:24 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-01-21 20:23 . 2009-10-15 17:21 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-01-21 20:22 . 2009-03-06 14:44 283648 ------w- c:\windows\system32\dllcache\pdh.dll
2011-01-21 20:22 . 2005-07-26 04:39 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2011-01-21 20:22 . 2009-02-09 10:20 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2011-01-21 20:22 . 2009-02-09 10:20 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2011-01-21 20:22 . 2009-02-09 10:20 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-01-21 20:22 . 2009-02-06 17:14 110592 ------w- c:\windows\system32\dllcache\services.exe
2011-01-21 20:22 . 2009-02-06 16:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2011-01-21 20:22 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2011-01-21 20:22 . 2009-02-09 10:20 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-01-21 20:22 . 2009-02-09 10:20 616960 ------w- c:\windows\system32\dllcache\advapi32.dll
2011-01-21 20:22 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2011-01-21 20:17 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-01-21 20:10 . 2011-01-22 05:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-01-21 20:10 . 2011-01-21 20:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-21 20:09 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2011-01-21 20:07 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2011-01-21 20:05 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2011-01-21 17:45 . 2011-01-21 17:45 -------- d-----w- c:\documents and settings\Jonny\Local Settings\Application Data\Opera
2011-01-21 17:45 . 2011-01-31 14:19 -------- d-----w- c:\program files\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-12-15 19:35 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-12-15 19:35 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-12-15 19:37 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-12-15 19:37 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-12-15 19:37 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-12-15 19:37 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-12-15 19:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-12-15 19:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-12-15 19:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-08 14:26 . 2009-11-16 20:58 24040 ----a-w- c:\windows\TMPG001.TMP
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^KEN^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\KEN\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 10:00 15360 ----a-w- c:\windows\SYSTEM32\CTFMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-08-13 06:05 122939 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
2002-02-26 16:05 36864 ----a-w- c:\windows\SYSTEM32\grxp4exe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 07:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 15:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 15:36 114688 ----a-w- c:\windows\SYSTEM32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 15:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-04-19 19:45 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-04-19 19:45 131072 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2006-07-30 01:34 5354792 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 01:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-10-22 18:57 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-07-26 08:03 49263 ----a-w- c:\program files\Java\jre1.5.0_08\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager]
2006-02-27 19:15 131072 ----a-w- c:\program files\Rogers\Update Manager\UpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [12/15/2010 1:37 PM 294608]
R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\SYSTEM32\DRIVERS\KID_SYS.sys [11/16/2009 2:57 PM 11920]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [12/15/2010 1:37 PM 17744]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [1/28/2011 12:34 AM 67584]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [1/30/2011 8:43 PM 38224]
S3 ntxpusb;Gravis USB device driver;c:\windows\SYSTEM32\DRIVERS\ntxpusb.sys [11/16/2009 2:57 PM 266432]
.
Contents of the 'Scheduled Tasks' folder

2011-01-31 c:\windows\Tasks\avast! Free Antivirus.job
- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe [2010-12-15 08:47]

2011-02-03 c:\windows\Tasks\Spybot - Search & Destroy.job
- c:\progra~1\SPYBOT~1\SpybotSD.exe [2011-01-21 21:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com/?p=us
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true&lc=1033&fid=RegXPWizCredOnly
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AIM - c:\progra~1\AIM95\aim.exe
MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-DellSupport - c:\program files\Dell Support\DSAgnt.exe
MSConfigStartUp-OneCareUI - c:\program files\Microsoft Windows OneCare Live\winssnotify.exe
MSConfigStartUp-RealTray - c:\program files\Real\RealPlayer\RealPlay.exe
MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
MSConfigStartUp-URLLSTCK - c:\program files\Norton Internet Security\UrlLstCk.exe
MSConfigStartUp-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\ypager.exe
MSConfigStartUp-YOP - c:\progra~1\Yahoo!\YOP\yop.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-03 23:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2011-02-03 23:14:17
ComboFix-quarantined-files.txt 2011-02-04 05:13

Pre-Run: 55,817,396,224 bytes free
Post-Run: 56,113,889,280 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - AECB58B8549F6406965E34A9776665F5

#8 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:28 AM

Posted 05 February 2011 - 04:43 PM

Well as far as malware goes the log looks ok. But thats your C drive. did you manage to run tdsskiller on your G drive?

How Can I Reduce My Risk to Malware?


#9 tveye79

tveye79
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 06 February 2011 - 07:35 PM

I am having a lot of trouble finding a way to run tdsskiller on the G:\ drive, I tried booting up with that as the main hard drive but it is still cycling back to the start in safe mode, ect. menu, I can get the recovery console to load from a cd, but I'm not sure if there is a way to run tdsskiller through that. I also tried staring up with the safe mode with command prompt but that just goes back to the main boot screen again, as well.

it stops loading at mup.sys and then goes to start up screen. The computer is a compaq.

My main concern right now is getting some files from the drive, I have backed up the drive using driveimage xml, but I cannot find certain folders I had, (containing family pictures, and some of my wife's band's recordings). Everything else I have backed up elsewhere.


Any suggestions?

#10 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:28 AM

Posted 06 February 2011 - 07:49 PM

So the G drive is attached via USB to another computer, correct? You cant browse files on the attached G drive. Do you see the G drive if you double click my computer?

How Can I Reduce My Risk to Malware?


#11 tveye79

tveye79
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 06 February 2011 - 10:52 PM

Yes. I have a few spare hard drive cases so I can connect the 'sick' drive to this computer (which I didn't have connected to the internet until recently), and I can also go set it back in the original casing and run it as a seperate system (this is when I cannot start windows).

Sorry for any confusion.

#12 tveye79

tveye79
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 06 February 2011 - 10:55 PM

I can browse files on the G:\ drive, except it will not let me into administrator 'access is denied' and I cannot locate files I had on that drive under the administrator (when browsing the backup files in driveimagexml).

#13 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:28 AM

Posted 07 February 2011 - 09:43 PM

(this is when I cannot start windows).

so its the only hd in the computer and it just wont boot up into windows? Have you thought about doing a repair of XP. Its just a thought, you would need XP installation media. It would leave the files on the drive alone. Thats assuming the HD itself is ok and not the problem.

Info.

How Can I Reduce My Risk to Malware?


#14 tveye79

tveye79
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 08 February 2011 - 12:52 AM

Well I was able to get the computer to boot using BartsPE and a boot disk today. I have backed up and scanned all important data.

I am going to run tdsskiller and post the results. I should also now be able to run combofix on that computer as well.

#15 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:28 AM

Posted 08 February 2011 - 04:56 PM

ok.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users