Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown issue, something's eating diskspace


  • This topic is locked This topic is locked
19 replies to this topic

#1 ZT-repairseek

ZT-repairseek

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 10 February 2011 - 08:41 PM

well, as I've detailed http://www.bleepingcomputer.com/forums/topic377981.html/ <- there, something's eating up disk space even when the comp is sitting idle, and on some odd occasions giving a little back, but it's still more than what ought to be used... and MBAM/AVAST came up clean. O_o so here's an HJT log to see if there's anything that leaps out at anyone. I hadn't gotten to running dds and gmer tho. I've left the machine off since making this log to keep the problem state from changing on the fine helpers around here. I hope we can figure this one out soon; I'm struggling on with a laptop that's on borrowed time, n' as a nerd whose entire social cloud is online... going completely without isn't really acceptable. n' I hope to not have to dig back out my 11 year old box that sounds at all times like it wants to explode. (sorry for the minor venting)


~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:11:47 PM, on 2/6/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\mmc.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Tools\HJT\findstuffwrong.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=1208&m=et1161-03
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=1208&m=et1161-03
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=1208&m=et1161-03
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\FreeDownloadManager\iefdm2.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dllink.htm
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: ImDisk Virtual Disk Driver Helper (ImDskSvc) - Olof Lagerkvist - C:\Windows\system32\imdsksvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 3998 bytes

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:50 AM

Posted 17 February 2011 - 08:41 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 18 February 2011 - 06:30 PM

well. the fluxuations aren't acting the same this bootup. don't really get it... but it bothers me having what seems to be 50gb of files when I select all and hit properties, but having the drive's properties box tell me is't 87+GB.

here we go with DDR, defogger, gmer, and a spare HJT just for good measure. nothing buzzed at me, but...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


DDS (Ver_10-12-12.02) - NTFSx86
Run by ZT01 at 15:59:53.01 on Fri 02/18/2011
Internet Explorer: 7.0.6002.18005
Microsoftョ Windows Vista・Home Premium 6.0.6002.2.1252.1.1033.18.2942.2329 [GMT -5:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Program Files\Avast5\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Tools\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=1208&m=et1161-03
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=1208&m=et1161-03
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=1208&m=et1161-03
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\freedownloadmanager\iefdm2.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [avast5] "c:\program files\avast5\avastUI.exe" /nogui
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files\freedownloadmanager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\freedownloadmanager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\freedownloadmanager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\freedownloadmanager\dllink.htm
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-6 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-6 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-6 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast5\AvastSvc.exe [2011-2-6 40384]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2010-4-6 98400]
S3 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\drivers\awealloc.sys [2011-2-1 15184]
S3 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\drivers\imdisk.sys [2011-2-1 28888]
S3 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe [2011-2-1 10240]

=============== Created Last 30 ================

2011-02-07 01:02:40 2730536 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-02-07 01:02:38 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{10e3530b-f171-4d22-91d5-18e84fe75435}\mpengine.dll
2011-02-06 23:41:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-06 23:35:23 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-06 23:34:51 38848 ----a-w- c:\windows\avastSS.scr
2011-02-06 23:34:42 -------- d-----w- c:\program files\Avast5
2011-02-06 23:34:42 -------- d-----w- c:\progra~2\Alwil Software
2011-02-05 22:36:58 -------- d-----w- c:\program files\TotalVideoConverter
2011-02-05 22:32:59 -------- d-----w- c:\users\zt01\appdata\roaming\Softplicity
2011-02-05 22:32:56 -------- d-----w- c:\program files\TotalAudioConverter
2011-02-04 01:43:49 -------- d-----w- C:\sysreset
2011-02-04 01:20:48 -------- d-----w- c:\progra~2\NVIDIA Corporation
2011-02-04 01:17:06 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2011-02-04 01:17:06 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2011-02-04 01:17:06 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-04 01:17:06 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-04 01:17:06 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-04 01:17:06 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-04 01:17:06 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2011-02-04 01:17:06 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-04 01:17:06 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-02-04 01:16:42 -------- d-----w- c:\program files\NVIDIA Corporation
2011-02-04 01:16:28 -------- d-----w- C:\NVIDIA
2011-02-04 01:10:59 -------- d-----w- C:\-Artwork-
2011-02-04 01:10:50 -------- d-----w- C:\-Arrivals-
2011-02-03 02:53:55 -------- d-----w- C:\ICON
2011-02-02 06:23:20 -------- d-----w- C:\Wallpaper
2011-02-02 06:20:25 -------- d-----w- c:\users\zt01\appdata\roaming\NoteTab Pro
2011-02-02 06:20:22 -------- d-----w- c:\program files\NoteTabPro6
2011-02-02 05:36:05 -------- d-----w- C:\MyStuff
2011-02-02 05:03:57 276992 ----a-w- c:\windows\system32\a3dapi.dll
2011-02-02 04:42:09 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll
2011-02-02 04:42:09 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll
2011-02-02 04:42:09 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll
2011-02-02 04:42:08 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
2011-02-02 04:42:08 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
2011-02-02 04:42:06 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
2011-02-02 04:42:06 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
2011-02-02 04:31:54 614912 ------w- c:\windows\eiunin21.exe
2011-02-02 04:18:57 -------- d-----w- C:\ReNamer
2011-02-02 04:18:42 -------- d-----w- C:\muTorrent
2011-02-02 04:18:05 -------- d-----w- C:\GeoClock
2011-02-02 04:06:35 -------- d-----w- C:\Emulation
2011-02-02 03:47:05 86016 ----a-w- c:\windows\system32\imdisk.cpl
2011-02-02 03:47:05 36864 ----a-w- c:\windows\system32\imdisk.exe
2011-02-02 03:47:05 28888 ----a-w- c:\windows\system32\drivers\imdisk.sys
2011-02-02 03:47:05 15184 ----a-w- c:\windows\system32\drivers\awealloc.sys
2011-02-02 03:47:05 10240 ----a-w- c:\windows\system32\imdsksvc.exe
2011-02-02 03:28:06 -------- d-----w- C:\ISO
2011-02-02 02:37:16 -------- d-----w- c:\users\zt01\appdata\roaming\FALCOM
2011-02-02 01:27:26 62208 ----a-w- c:\windows\iun1401.exe
2011-02-02 01:24:55 -------- d-----w- c:\program files\HexWorkshop4.1
2011-02-02 01:22:00 -------- d-----w- C:\MPC
2011-02-02 01:19:03 -------- d-----w- c:\program files\WinAce
2011-02-02 01:16:42 -------- d-----w- C:\CALC98
2011-02-02 00:45:05 306688 ----a-w- c:\windows\IsUninst.exe
2011-02-02 00:43:43 86528 ----a-w- c:\windows\bnetunin.exe
2011-02-02 00:43:43 61440 ----a-w- c:\windows\diabunin.exe
2011-02-01 23:43:22 -------- d-----w- c:\users\zt01\appdata\roaming\Foxit Software
2011-02-01 23:39:06 -------- d-----w- C:\ToInst
2011-02-01 23:33:30 -------- d-----w- c:\program files\AnimationShop3
2011-02-01 23:28:38 -------- d-----w- c:\program files\common files\Jasc Software Inc
2011-02-01 23:28:20 -------- d-----w- c:\program files\PSP9
2011-02-01 05:39:10 -------- d-----w- c:\users\zt01\appdata\roaming\Malwarebytes
2011-02-01 05:35:24 -------- d-----w- C:\NTLEA
2011-02-01 05:33:35 -------- d-----w- c:\users\zt01\appdata\roaming\NoteTab Light
2011-02-01 05:30:28 -------- d-----w- c:\program files\WinCDEmu
2011-02-01 05:29:43 -------- d-----w- c:\program files\FoxitReader
2011-02-01 05:28:59 -------- d-----w- c:\users\zt01\appdata\roaming\Free Download Manager
2011-02-01 05:28:57 -------- d-----w- c:\program files\FreeDownloadManager
2011-02-01 05:28:57 -------- d-----w- c:\progra~2\FreeDownloadManager.ORG
2011-02-01 01:28:47 -------- d-----w- c:\users\zt01\appdata\local\Frameworkx.com
2011-02-01 01:27:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-01 01:27:43 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-01 01:27:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-01 01:26:01 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2011-02-01 01:26:01 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2011-02-01 01:18:33 -------- d-----w- c:\windows\system32\eu-ES
2011-02-01 01:18:33 -------- d-----w- c:\windows\system32\ca-ES
2011-02-01 01:18:32 -------- d-----w- c:\windows\system32\vi-VN
2011-02-01 01:16:16 -------- d-----w- c:\windows\system32\SPReview
2011-02-01 01:10:05 928768 ----a-w- c:\windows\system32\scavenge.dll
2011-02-01 01:10:01 57856 ----a-w- c:\windows\system32\compcln.exe
2011-02-01 01:05:24 -------- d-----w- c:\windows\system32\EventProviders
2011-02-01 01:02:53 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-02-01 00:48:21 -------- d-----w- C:\Tools
2011-02-01 00:48:08 -------- d-----w- C:\Games
2011-01-31 05:28:20 -------- d---a-w- C:\book
2011-01-31 05:23:30 -------- d-----w- c:\users\zt01\appdata\local\Seven Zip

==================== Find3M ====================


============= FINISH: 16:00:19.18 ===============



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:01 on 18/02/2011 (ZT01)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-18 16:21:28
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000004d WDC_WD32 rev.01.0
Running: qouih4t9823b65y2.exe; Driver: C:\Users\ZT01\AppData\Local\Temp\uxtyrpog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8CFCB82E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8CFCB652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8CFCB78C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 81D77DF0 7 Bytes JMP 8CFCB790 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 81DE328F 5 Bytes JMP 8CFC71EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 81E3BF78 5 Bytes JMP 8CFC8C88 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 81E3D803 7 Bytes JMP 8CFCB656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 81E9D796 7 Bytes JMP 8CFCB832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\Users\ZT01\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\spoolsv.exe[264] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[264] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[264] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[264] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[264] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[264] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[264] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[264] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[264] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[264] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[264] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[264] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[264] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[264] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[264] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[280] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[280] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[280] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[280] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[280] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[280] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[280] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[280] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[280] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[280] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[280] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[280] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[280] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[280] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[280] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[304] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[304] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[304] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[304] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[304] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[304] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[304] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[304] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[304] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[304] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[304] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[304] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[304] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[304] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[304] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[552] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[552] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[552] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[552] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[552] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[552] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[552] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[552] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[552] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[552] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[552] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[552] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[552] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[552] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[552] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[596] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[596] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[596] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[596] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[596] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[596] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[596] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[596] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[596] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[596] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[596] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[596] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[596] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[596] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[596] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[612] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[612] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[612] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[612] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[612] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[612] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[612] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[612] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[620] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[620] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[620] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[620] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[620] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[620] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[620] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[620] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[620] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[620] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[692] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[692] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[692] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[692] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[692] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[692] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[692] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[692] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[692] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[692] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[692] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[692] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[808] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[808] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[808] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[864] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[864] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[864] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[864] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[864] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[864] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[864] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[864] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[864] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[864] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[864] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[864] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[864] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[864] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[864] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[892] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[892] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[892] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[892] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[892] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[892] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[892] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[892] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1052] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1052] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1064] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1244] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1244] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1244] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1244] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1244] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1328] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1328] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1328] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1328] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1328] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1328] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1328] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1328] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1328] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1328] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1328] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1328] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1328] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1328] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1328] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1356] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1356] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1356] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1356] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1356] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1356] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1356] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1356] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1356] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1356] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1356] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1356] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1356] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1356] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\nvvsvc.exe[1356] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1492] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1492] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1492] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1492] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1492] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1492] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1492] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1492] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1500] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1500] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1500] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1500] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1500] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1500] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1500] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1500] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[1656] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[1656] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[1656] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[1656] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[1656] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[1656] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[1656] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[1656] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[1656] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[1656] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[1656] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[1656] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[1656] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[1656] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[1656] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\DRIVERS\xaudio.exe[1692] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\DRIVERS\xaudio.exe[1692] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\DRIVERS\xaudio.exe[1692] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\DRIVERS\xaudio.exe[1692] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\DRIVERS\xaudio.exe[1692] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\DRIVERS\xaudio.exe[1692] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\DRIVERS\xaudio.exe[1692] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\DRIVERS\xaudio.exe[1692] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\DRIVERS\xaudio.exe[1692] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\DRIVERS\xaudio.exe[1692] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\DRIVERS\xaudio.exe[1692] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\DRIVERS\xaudio.exe[1692] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\DRIVERS\xaudio.exe[1692] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\DRIVERS\xaudio.exe[1692] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\DRIVERS\xaudio.exe[1692] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1720] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1720] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1720] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1720] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1720] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1720] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1720] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1720] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1720] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1720] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1720] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1720] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1720] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1720] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1720] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1728] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1728] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1728] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1728] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1728] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1728] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1728] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1728] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1728] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1728] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Avast5\AvastSvc.exe[1752] kernel32.dll!SetUnhandledExceptionFilter 7658A84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\Explorer.EXE[1760] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1760] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1760] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1760] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1760] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1760] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1760] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1760] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1760] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1760] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1760] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1760] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1760] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1760] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1760] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[2092] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[2092] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[2092] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[2092] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[2092] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[2092] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[2092] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[2092] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[2092] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[2092] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[2092] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[2092] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[2092] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[2092] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskeng.exe[2092] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\RtHDVCpl.exe[2148] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\RtHDVCpl.exe[2148] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\RtHDVCpl.exe[2148] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\RtHDVCpl.exe[2148] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\RtHDVCpl.exe[2148] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\RtHDVCpl.exe[2148] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\RtHDVCpl.exe[2148] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\RtHDVCpl.exe[2148] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\RtHDVCpl.exe[2148] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\RtHDVCpl.exe[2148] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\RtHDVCpl.exe[2148] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\RtHDVCpl.exe[2148] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\RtHDVCpl.exe[2148] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\RtHDVCpl.exe[2148] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\RtHDVCpl.exe[2148] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[2176] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[2176] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[2176] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[2176] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[2176] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[2176] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[2176] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[2176] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[2176] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[2176] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[2176] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[2176] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[2176] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[2176] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[2176] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2228] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2228] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2228] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2228] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2228] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2228] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2228] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2228] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2228] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2228] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2228] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2228] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2228] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2228] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2228] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Tools\qouih4t9823b65y2.exe[2308] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Tools\qouih4t9823b65y2.exe[2308] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Tools\qouih4t9823b65y2.exe[2308] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Tools\qouih4t9823b65y2.exe[2308] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Tools\qouih4t9823b65y2.exe[2308] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Tools\qouih4t9823b65y2.exe[2308] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Tools\qouih4t9823b65y2.exe[2308] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Tools\qouih4t9823b65y2.exe[2308] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Tools\qouih4t9823b65y2.exe[2308] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Tools\qouih4t9823b65y2.exe[2308] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Tools\qouih4t9823b65y2.exe[2308] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Tools\qouih4t9823b65y2.exe[2308] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Tools\qouih4t9823b65y2.exe[2308] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Tools\qouih4t9823b65y2.exe[2308] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Tools\qouih4t9823b65y2.exe[2308] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2832] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2832] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2832] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2832] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2832] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2832] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2832] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2832] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2832] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2832] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2832] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2832] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2832] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2832] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2832] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.exe[3052] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.exe[3052] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.exe[3052] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.exe[3052] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.exe[3052] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.exe[3052] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.exe[3052] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.exe[3052] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.exe[3052] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.exe[3052] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.exe[3052] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.exe[3052] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.exe[3052] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.exe[3052] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.exe[3052] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[3376] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[3376] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[3376] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[3376] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[3376] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[3376] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[3376] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[3376] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[3376] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[3376] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conime.exe[3576] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conime.exe[3576] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conime.exe[3576] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conime.exe[3576] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conime.exe[3576] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conime.exe[3576] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conime.exe[3576] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conime.exe[3576] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conime.exe[3576] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conime.exe[3576] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conime.exe[3576] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conime.exe[3576] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conime.exe[3576] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conime.exe[3576] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conime.exe[3576] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3820] ntdll.dll!LdrLoadDll 778A9390 5 Bytes JMP 64D06950 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3820] ntdll.dll!LdrUnloadDll 778BBA50 5 Bytes JMP 64D069B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3820] ADVAPI32.dll!CreateServiceW 767A9EB4 5 Bytes JMP 64D072B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3820] ADVAPI32.dll!DeleteService 767AA07E 5 Bytes JMP 64D078E0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3820] ADVAPI32.dll!SetServiceObjectSecurity 767E6CD9 5 Bytes JMP 64D09D40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3820] ADVAPI32.dll!ChangeServiceConfigA 767E6DD9 5 Bytes JMP 64D07AE0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3820] ADVAPI32.dll!ChangeServiceConfigW 767E6F81 5 Bytes JMP 64D07ED0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3820] ADVAPI32.dll!ChangeServiceConfig2A 767E7099 5 Bytes JMP 64D08290 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3820] ADVAPI32.dll!ChangeServiceConfig2W 767E71E1 5 Bytes JMP 64D083C0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3820] ADVAPI32.dll!CreateServiceA 767E72A1 5 Bytes JMP 64D06E40 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3820] USER32.dll!SetWindowsHookExA 779B6322 5 Bytes JMP 64D0B9B0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3820] USER32.dll!SetWindowsHookExW 779B87AD 5 Bytes JMP 64D0BB30 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3820] USER32.dll!UnhookWindowsHookEx 779B98DB 5 Bytes JMP 64D0BCB0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3820] USER32.dll!SetWinEventHook 779B9F3A 5 Bytes JMP 64D0B720 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3820] USER32.dll!UnhookWinEvent 779BC06F 5 Bytes JMP 64D0B8A0 C:\Program Files\Avast5\snxhk.dll (avast! snxhk/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:22:44 PM, on 2/18/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Windows\system32\conime.exe
C:\Tools\HJT\findstuffwrong.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=1208&m=et1161-03
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=1208&m=et1161-03
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=1208&m=et1161-03
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\FreeDownloadManager\iefdm2.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\FreeDownloadManager\dllink.htm
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: ImDisk Virtual Disk Driver Helper (ImDskSvc) - Olof Lagerkvist - C:\Windows\system32\imdsksvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 3904 bytes




~~~~~~~~~~~~~~~~~~~~~~~~~


*-EDIT-*

that's weird. the creep stops if I disable AVAST's shields, but it was originally doing this before I even installed AVAST. something else to figure out... but either way, time with them on had the space creep up from 87.7 to 87.9 gigs. and either way, there's still only around 50 gigs actually used judging from both windows explorer AND a seperate tool. and windows' error checker didn't seem to find anything during the bootup scan it insisted on doing.

more food for thought on this one. >.<;

*-EDIT#2-*

I take that back. it doesn't stop it, it just slows it IMMENSELY.

Edited by ZT-repairseek, 18 February 2011 - 08:02 PM.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:50 AM

Posted 18 February 2011 - 08:21 PM

This doesn't look to be a malware issue but we need to check a few things first.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 19 February 2011 - 05:42 PM

well. it didn't seem to find anything. the whole "space usage increasing without anything being done" stuff is still going on though...
this is really irritating me. I finally go to use the machine and now using it advances something I'm not sure the cause or cure for. >.<;



2011/02/19 17:39:13.0704 3536 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/19 17:39:13.0766 3536 ================================================================================
2011/02/19 17:39:13.0766 3536 SystemInfo:
2011/02/19 17:39:13.0766 3536
2011/02/19 17:39:13.0766 3536 OS Version: 6.0.6002 ServicePack: 2.0
2011/02/19 17:39:13.0766 3536 Product type: Workstation
2011/02/19 17:39:13.0766 3536 ComputerName: NEBULUS01
2011/02/19 17:39:13.0766 3536 UserName: ZT01
2011/02/19 17:39:13.0766 3536 Windows directory: C:\Windows
2011/02/19 17:39:13.0766 3536 System windows directory: C:\Windows
2011/02/19 17:39:13.0766 3536 Processor architecture: Intel x86
2011/02/19 17:39:13.0766 3536 Number of processors: 2
2011/02/19 17:39:13.0766 3536 Page size: 0x1000
2011/02/19 17:39:13.0766 3536 Boot type: Normal boot
2011/02/19 17:39:13.0766 3536 ================================================================================
2011/02/19 17:39:14.0063 3536 Initialize success
2011/02/19 17:39:25.0778 3732 ================================================================================
2011/02/19 17:39:25.0778 3732 Scan started
2011/02/19 17:39:25.0778 3732 Mode: Manual;
2011/02/19 17:39:25.0778 3732 ================================================================================
2011/02/19 17:39:26.0231 3732 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/02/19 17:39:26.0309 3732 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/02/19 17:39:26.0355 3732 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/02/19 17:39:26.0387 3732 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/02/19 17:39:26.0402 3732 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/02/19 17:39:26.0543 3732 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/02/19 17:39:26.0605 3732 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/02/19 17:39:26.0745 3732 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/19 17:39:26.0808 3732 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/02/19 17:39:27.0057 3732 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/02/19 17:39:27.0073 3732 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/02/19 17:39:27.0104 3732 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/02/19 17:39:27.0135 3732 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/19 17:39:27.0167 3732 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/02/19 17:39:27.0198 3732 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/02/19 17:39:27.0229 3732 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\Windows\system32\drivers\aswFsBlk.sys
2011/02/19 17:39:27.0276 3732 aswMonFlt (317f85fb68a3be507e9ccede5e6d9ee0) C:\Windows\system32\drivers\aswMonFlt.sys
2011/02/19 17:39:27.0307 3732 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\Windows\system32\drivers\aswRdr.sys
2011/02/19 17:39:27.0354 3732 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\Windows\system32\drivers\aswSP.sys
2011/02/19 17:39:27.0385 3732 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/19 17:39:27.0416 3732 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/02/19 17:39:27.0463 3732 AWEAlloc (1374ea6d7b75dd4a4180265a739aac98) C:\Windows\system32\DRIVERS\awealloc.sys
2011/02/19 17:39:27.0510 3732 BazisVirtualCDBus (33ac10402622b7e92ca44075f1bec94b) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
2011/02/19 17:39:27.0557 3732 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/02/19 17:39:27.0588 3732 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/02/19 17:39:27.0619 3732 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/19 17:39:27.0635 3732 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/19 17:39:27.0650 3732 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/19 17:39:27.0681 3732 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/19 17:39:27.0713 3732 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/19 17:39:27.0728 3732 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/19 17:39:27.0744 3732 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/19 17:39:27.0775 3732 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/19 17:39:27.0806 3732 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/19 17:39:27.0853 3732 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/19 17:39:27.0884 3732 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/02/19 17:39:27.0915 3732 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/02/19 17:39:27.0947 3732 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/02/19 17:39:28.0009 3732 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/02/19 17:39:28.0040 3732 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/02/19 17:39:28.0056 3732 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/02/19 17:39:28.0118 3732 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/02/19 17:39:28.0181 3732 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/02/19 17:39:28.0243 3732 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/02/19 17:39:28.0305 3732 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/19 17:39:28.0352 3732 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/19 17:39:28.0415 3732 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/02/19 17:39:28.0461 3732 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/02/19 17:39:28.0493 3732 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/02/19 17:39:28.0555 3732 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/02/19 17:39:28.0586 3732 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/02/19 17:39:28.0602 3732 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/19 17:39:28.0633 3732 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/02/19 17:39:28.0664 3732 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/02/19 17:39:28.0680 3732 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/19 17:39:28.0695 3732 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/02/19 17:39:28.0727 3732 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/19 17:39:28.0758 3732 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/19 17:39:28.0789 3732 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/02/19 17:39:28.0836 3732 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/19 17:39:28.0867 3732 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/19 17:39:28.0898 3732 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/19 17:39:28.0945 3732 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/19 17:39:28.0976 3732 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/02/19 17:39:29.0085 3732 HSF_DPV (9efa5fec26cec696a66a891ac90b412d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/02/19 17:39:29.0163 3732 HSXHWBS2 (a3077d9ed7ff612a033536a6009dbea5) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/02/19 17:39:29.0210 3732 HTTP (abbc72793f1c588b1a7db0cac69a4fe8) C:\Windows\system32\drivers\HTTP.sys
2011/02/19 17:39:29.0241 3732 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/02/19 17:39:29.0273 3732 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/19 17:39:29.0304 3732 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/02/19 17:39:29.0335 3732 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/19 17:39:29.0397 3732 ImDisk (6d0c065581be91d6f17f5b1a10e91ed3) C:\Windows\system32\DRIVERS\imdisk.sys
2011/02/19 17:39:29.0507 3732 IntcAzAudAddService (23ebcee9aaa4d6c88728791fab462456) C:\Windows\system32\drivers\RTKVHDA.sys
2011/02/19 17:39:29.0569 3732 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/02/19 17:39:29.0585 3732 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/19 17:39:29.0616 3732 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/19 17:39:29.0663 3732 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/19 17:39:29.0678 3732 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/19 17:39:29.0709 3732 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/02/19 17:39:29.0725 3732 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/02/19 17:39:29.0772 3732 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/19 17:39:29.0803 3732 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/19 17:39:29.0819 3732 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/19 17:39:29.0850 3732 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/19 17:39:29.0865 3732 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/02/19 17:39:29.0912 3732 KSecDD (ea7f1d605518486269f45bd80fa00907) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/19 17:39:29.0959 3732 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/19 17:39:30.0006 3732 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/19 17:39:30.0037 3732 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/19 17:39:30.0068 3732 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/19 17:39:30.0084 3732 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/02/19 17:39:30.0115 3732 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/02/19 17:39:30.0146 3732 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/02/19 17:39:30.0162 3732 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/02/19 17:39:30.0209 3732 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/02/19 17:39:30.0240 3732 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/19 17:39:30.0271 3732 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/19 17:39:30.0287 3732 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
2011/02/19 17:39:30.0318 3732 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/02/19 17:39:30.0349 3732 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/02/19 17:39:30.0365 3732 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/19 17:39:30.0396 3732 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/19 17:39:30.0427 3732 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/19 17:39:30.0443 3732 mrxsmb (317eb668973951bad512ee8bebf9ed25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/19 17:39:30.0474 3732 mrxsmb10 (05716f0203b5c774a87384a1ff7b968f) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/19 17:39:30.0489 3732 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/19 17:39:30.0521 3732 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/02/19 17:39:30.0536 3732 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/02/19 17:39:30.0567 3732 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/02/19 17:39:30.0599 3732 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/02/19 17:39:30.0630 3732 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/19 17:39:30.0645 3732 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/19 17:39:30.0661 3732 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/02/19 17:39:30.0708 3732 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/02/19 17:39:30.0739 3732 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/19 17:39:30.0770 3732 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/02/19 17:39:30.0786 3732 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/02/19 17:39:30.0833 3732 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/19 17:39:30.0879 3732 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/02/19 17:39:30.0926 3732 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/19 17:39:30.0957 3732 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/19 17:39:30.0973 3732 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/19 17:39:31.0004 3732 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/02/19 17:39:31.0020 3732 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/19 17:39:31.0051 3732 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/19 17:39:31.0098 3732 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/19 17:39:31.0113 3732 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/02/19 17:39:31.0160 3732 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/19 17:39:31.0191 3732 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/02/19 17:39:31.0238 3732 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/19 17:39:31.0269 3732 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/02/19 17:39:31.0363 3732 NVENETFD (c39ad3b818502edfa4b819148b72a0e3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/02/19 17:39:31.0675 3732 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/19 17:39:31.0831 3732 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/02/19 17:39:31.0862 3732 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/02/19 17:39:31.0893 3732 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/02/19 17:39:31.0956 3732 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/02/19 17:39:32.0018 3732 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/02/19 17:39:32.0049 3732 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/19 17:39:32.0096 3732 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/02/19 17:39:32.0112 3732 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/19 17:39:32.0143 3732 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/02/19 17:39:32.0159 3732 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/02/19 17:39:32.0205 3732 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/19 17:39:32.0252 3732 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/19 17:39:32.0346 3732 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/19 17:39:32.0377 3732 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/02/19 17:39:32.0455 3732 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/19 17:39:32.0517 3732 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/02/19 17:39:32.0595 3732 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/19 17:39:32.0642 3732 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/19 17:39:32.0689 3732 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/19 17:39:32.0720 3732 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/19 17:39:32.0751 3732 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/19 17:39:32.0783 3732 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/19 17:39:32.0814 3732 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/19 17:39:32.0829 3732 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/19 17:39:32.0861 3732 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/02/19 17:39:32.0876 3732 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/19 17:39:32.0923 3732 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/02/19 17:39:32.0970 3732 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/19 17:39:33.0001 3732 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/19 17:39:33.0048 3732 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/19 17:39:33.0095 3732 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/02/19 17:39:33.0110 3732 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/19 17:39:33.0157 3732 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/02/19 17:39:33.0204 3732 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/02/19 17:39:33.0235 3732 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/19 17:39:33.0251 3732 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/19 17:39:33.0282 3732 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/19 17:39:33.0313 3732 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/02/19 17:39:33.0344 3732 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/02/19 17:39:33.0344 3732 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/02/19 17:39:33.0391 3732 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/02/19 17:39:33.0422 3732 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/02/19 17:39:33.0453 3732 srv (baa6018a27857b5ff0c03ce756b4a7a2) C:\Windows\system32\DRIVERS\srv.sys
2011/02/19 17:39:33.0485 3732 srv2 (d69b44e3b000c2ff583f10c65489b4fb) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/19 17:39:33.0516 3732 srvnet (2d10de9022822772adaa120b15a9bd03) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/19 17:39:33.0547 3732 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/19 17:39:33.0594 3732 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/19 17:39:33.0609 3732 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/19 17:39:33.0641 3732 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/19 17:39:33.0719 3732 Tcpip (0e6b0885c3d5e4643ed2d043de3433d8) C:\Windows\system32\drivers\tcpip.sys
2011/02/19 17:39:33.0750 3732 Tcpip6 (0e6b0885c3d5e4643ed2d043de3433d8) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/19 17:39:33.0781 3732 tcpipreg (b085a1c98f96ba7882a27b001becf5ac) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/19 17:39:33.0812 3732 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/02/19 17:39:33.0828 3732 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/02/19 17:39:33.0859 3732 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/19 17:39:33.0890 3732 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/19 17:39:33.0968 3732 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/19 17:39:33.0984 3732 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/19 17:39:33.0999 3732 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/19 17:39:34.0031 3732 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/02/19 17:39:34.0062 3732 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/19 17:39:34.0109 3732 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/19 17:39:34.0124 3732 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/02/19 17:39:34.0155 3732 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/19 17:39:34.0171 3732 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/19 17:39:34.0202 3732 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/19 17:39:34.0233 3732 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
2011/02/19 17:39:34.0265 3732 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/19 17:39:34.0327 3732 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/19 17:39:34.0389 3732 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/19 17:39:34.0405 3732 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/19 17:39:34.0452 3732 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/02/19 17:39:34.0467 3732 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/19 17:39:34.0499 3732 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/19 17:39:34.0530 3732 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/19 17:39:34.0561 3732 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/02/19 17:39:34.0577 3732 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/02/19 17:39:34.0608 3732 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/02/19 17:39:34.0639 3732 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/02/19 17:39:34.0655 3732 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/02/19 17:39:34.0686 3732 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/02/19 17:39:34.0717 3732 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/02/19 17:39:34.0748 3732 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/02/19 17:39:34.0795 3732 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/19 17:39:34.0842 3732 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/19 17:39:34.0857 3732 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/19 17:39:34.0904 3732 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/02/19 17:39:34.0951 3732 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/19 17:39:35.0045 3732 winachsf (cf27edac75c87f2b776d9218f02f8301) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/02/19 17:39:35.0154 3732 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/02/19 17:39:35.0201 3732 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/19 17:39:35.0247 3732 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/19 17:39:35.0279 3732 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/02/19 17:39:35.0403 3732 ================================================================================
2011/02/19 17:39:35.0403 3732 Scan finished
2011/02/19 17:39:35.0403 3732 ================================================================================
2011/02/19 17:39:47.0696 3528 Deinitialize success

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:50 AM

Posted 19 February 2011 - 08:07 PM

Then let's let Combofix take a look

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 20 February 2011 - 05:02 PM

well, since it's vista, there's no recovery console to go from. . . at least, from what I can find from MS themselves. and so CF didn't ask.
to my dismay, in the relatively small time combofix took, the used space made it up to a full 88gb. >.<



ComboFix 11-02-20.01 - ZT01 02/20/2011 16:52:15.1.2 - x86
Microsoftョ Windows Vista・Home Premium 6.0.6002.2.1252.1.1033.18.2942.2200 [GMT -5:00]
Running from: c:\users\ZT01\Desktop\ComFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-20 to 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-20 21:56 . 2011-02-20 21:56 -------- d-----w- c:\users\ZT01\AppData\Local\temp
2011-02-20 21:56 . 2011-02-20 21:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-07 01:02 . 2011-02-02 22:10 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10E3530B-F171-4D22-91D5-18E84FE75435}\mpengine.dll
2011-02-06 23:41 . 2011-02-02 22:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-06 23:35 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-06 23:35 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-06 23:35 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-06 23:35 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-06 23:34 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-06 23:34 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-06 23:34 . 2011-02-06 23:35 -------- d-----w- c:\program files\Avast5
2011-02-06 23:34 . 2011-02-06 23:34 -------- d-----w- c:\programdata\Alwil Software
2011-02-05 22:36 . 2011-02-05 22:37 -------- d-----w- c:\program files\TotalVideoConverter
2011-02-05 22:32 . 2011-02-05 22:32 -------- d-----w- c:\users\ZT01\AppData\Roaming\Softplicity
2011-02-05 22:32 . 2011-02-05 22:32 -------- d-----w- c:\program files\TotalAudioConverter
2011-02-04 01:43 . 2011-02-04 01:55 -------- d-----w- C:\sysreset
2011-02-04 01:20 . 2011-02-04 01:20 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-02-04 01:17 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2011-02-04 01:17 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2011-02-04 01:17 . 2010-10-16 18:55 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-04 01:17 . 2010-10-16 18:55 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-04 01:17 . 2010-10-16 18:55 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-04 01:17 . 2010-10-16 18:55 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-04 01:17 . 2010-10-16 18:55 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2011-02-04 01:17 . 2010-10-16 18:55 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-04 01:17 . 2010-10-16 18:55 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-02-04 01:16 . 2011-02-04 01:21 -------- d-----w- c:\program files\NVIDIA Corporation
2011-02-04 01:16 . 2011-02-04 01:16 -------- d-----w- C:\NVIDIA
2011-02-04 01:10 . 2011-02-05 23:26 -------- d-----w- C:\-Artwork-
2011-02-04 01:10 . 2011-02-07 01:05 -------- d-----w- C:\-Arrivals-
2011-02-03 02:53 . 2011-02-03 02:54 -------- d-----w- C:\ICON
2011-02-02 06:23 . 2011-02-03 05:49 -------- d-----w- C:\Wallpaper
2011-02-02 06:20 . 2011-02-02 06:21 -------- d-----w- c:\users\ZT01\AppData\Roaming\NoteTab Pro
2011-02-02 06:20 . 2011-02-02 06:20 -------- d-----w- c:\program files\NoteTabPro6
2011-02-02 05:36 . 2011-02-02 05:36 -------- d-----w- C:\MyStuff
2011-02-02 05:03 . 1999-03-08 12:19 276992 ----a-w- c:\windows\system32\a3dapi.dll
2011-02-02 04:42 . 2004-04-19 04:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-02-02 04:42 . 2004-04-19 04:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-02-02 04:42 . 2004-04-19 04:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-02-02 04:42 . 2004-04-19 04:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-02-02 04:42 . 2004-04-19 04:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-02-02 04:42 . 2011-02-02 04:42 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-02-02 04:42 . 2011-02-02 04:42 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-02-02 04:31 . 2010-01-04 07:14 614912 ------w- c:\windows\eiunin21.exe
2011-02-02 04:18 . 2011-02-04 04:26 -------- d-----w- C:\ReNamer
2011-02-02 04:18 . 2011-02-02 04:18 -------- d-----w- C:\muTorrent
2011-02-02 04:18 . 2011-02-02 04:18 -------- d-----w- C:\GeoClock
2011-02-02 04:06 . 2011-02-02 05:25 -------- d-----w- C:\Emulation
2011-02-02 03:47 . 2010-12-09 15:40 36864 ----a-w- c:\windows\system32\imdisk.exe
2011-02-02 03:47 . 2010-12-09 15:40 86016 ----a-w- c:\windows\system32\imdisk.cpl
2011-02-02 03:47 . 2010-12-07 12:20 28888 ----a-w- c:\windows\system32\drivers\imdisk.sys
2011-02-02 03:47 . 2010-12-07 12:20 10240 ----a-w- c:\windows\system32\imdsksvc.exe
2011-02-02 03:47 . 2010-12-07 10:26 15184 ----a-w- c:\windows\system32\drivers\awealloc.sys
2011-02-02 03:28 . 2011-02-02 05:01 -------- d-----w- C:\ISO
2011-02-02 02:37 . 2011-02-05 21:59 -------- d-----w- c:\users\ZT01\AppData\Roaming\FALCOM
2011-02-02 01:27 . 2011-02-02 01:27 62208 ----a-w- c:\windows\iun1401.exe
2011-02-02 01:24 . 2011-02-02 01:24 -------- d-----w- c:\program files\HexWorkshop4.1
2011-02-02 01:22 . 2011-02-02 01:22 -------- d-----w- C:\MPC
2011-02-02 01:21 . 2011-02-02 01:21 -------- d-----w- c:\users\ZT01\AppData\Roaming\Media Player Classic
2011-02-02 01:19 . 2011-02-02 01:19 -------- d-----w- c:\program files\WinAce
2011-02-02 01:16 . 2011-02-02 01:17 -------- d-----w- C:\CALC98
2011-02-02 01:11 . 2011-02-02 01:11 -------- d-----w- c:\users\ZT01\AppData\Roaming\Leadertech
2011-02-02 00:45 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-02-02 00:43 . 2011-02-02 00:43 86528 ----a-w- c:\windows\bnetunin.exe
2011-02-02 00:43 . 2011-02-02 00:43 61440 ----a-w- c:\windows\diabunin.exe
2011-02-02 00:29 . 2011-02-05 00:03 -------- d-----w- c:\program files\Winamp
2011-02-01 23:43 . 2011-02-01 23:43 -------- d-----w- c:\users\ZT01\AppData\Roaming\Foxit Software
2011-02-01 23:39 . 2011-02-02 02:23 -------- d-----w- C:\ToInst
2011-02-01 23:33 . 2011-02-01 23:33 -------- d-----w- c:\program files\AnimationShop3
2011-02-01 23:28 . 2011-02-01 23:28 -------- d-----w- c:\programdata\InstallShield
2011-02-01 23:28 . 2011-02-01 23:28 -------- d-----w- c:\program files\Common Files\Jasc Software Inc
2011-02-01 23:28 . 2011-02-01 23:29 -------- d-----w- c:\program files\PSP9
2011-02-01 23:28 . 2011-02-01 23:28 -------- d-----w- c:\users\ZT01\AppData\Roaming\Jasc Software Inc
2011-02-01 05:39 . 2011-02-01 05:39 -------- d-----w- c:\users\ZT01\AppData\Roaming\Malwarebytes
2011-02-01 05:35 . 2011-02-01 05:35 -------- d-----w- C:\NTLEA
2011-02-01 05:33 . 2011-02-01 05:34 -------- d-----w- c:\users\ZT01\AppData\Roaming\NoteTab Light
2011-02-01 05:31 . 2011-02-01 05:31 -------- d-----w- c:\program files\7-Zip
2011-02-01 05:30 . 2011-02-01 05:30 -------- d-----w- c:\program files\WinCDEmu
2011-02-01 05:29 . 2011-02-01 05:30 -------- d-----w- c:\program files\FoxitReader
2011-02-01 05:28 . 2011-02-01 05:28 -------- d-----w- c:\users\ZT01\AppData\Roaming\Free Download Manager
2011-02-01 05:28 . 2011-02-01 05:29 -------- d-----w- c:\program files\FreeDownloadManager
2011-02-01 05:28 . 2011-02-01 05:28 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2011-02-01 01:28 . 2011-02-01 01:28 -------- d-----w- c:\users\ZT01\AppData\Local\Frameworkx.com
2011-02-01 01:27 . 2011-02-01 01:27 -------- d-----w- c:\programdata\Malwarebytes
2011-02-01 01:27 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-01 01:27 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-01 01:26 . 2010-01-11 00:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2011-02-01 01:26 . 2010-01-11 00:40 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2011-02-01 01:18 . 2011-02-01 01:18 -------- d-----w- c:\windows\system32\ca-ES
2011-02-01 01:18 . 2011-02-01 01:18 -------- d-----w- c:\windows\system32\eu-ES
2011-02-01 01:18 . 2011-02-01 01:18 -------- d-----w- c:\windows\system32\vi-VN
2011-02-01 01:16 . 2011-02-01 01:16 -------- d-----w- c:\windows\system32\SPReview
2011-02-01 01:10 . 2009-04-11 04:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2011-02-01 01:10 . 2009-04-11 04:27 57856 ----a-w- c:\windows\system32\compcln.exe
2011-02-01 01:05 . 2011-02-01 01:05 -------- d-----w- c:\windows\system32\EventProviders
2011-02-01 01:02 . 2011-02-01 01:02 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-02-01 00:48 . 2011-02-18 23:12 -------- d-----w- C:\Tools
2011-02-01 00:48 . 2011-02-02 00:43 -------- d-----w- C:\Games
2011-01-31 05:28 . 2011-01-31 05:28 -------- d---a-w- C:\book
2011-01-31 05:23 . 2011-01-31 05:23 -------- d-----w- c:\users\ZT01\AppData\Local\Seven Zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 01:27 . 2011-02-02 01:27 1409 ----a-w- c:\windows\Fonts\MAIDWORD.fot
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"avast5"="c:\program files\Avast5\avastUI.exe" [2011-01-13 3396624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3266769259-3880101330-600960622-1000]
"EnableNotificationsRef"=dword:00000001

R3 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\DRIVERS\awealloc.sys [2010-12-07 15184]
R3 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\DRIVERS\imdisk.sys [2010-12-07 28888]
R3 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe [2010-12-07 10240]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2010-10-28 98400]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=1208&m=et1161-03
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=1208&m=et1161-03
IE: Download all with Free Download Manager - file://c:\program files\FreeDownloadManager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\FreeDownloadManager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\FreeDownloadManager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\FreeDownloadManager\dllink.htm
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Hellfire - c:\games\offline\diablo\SIERRA\HELLFIRE\Uninst.isu
AddRemove-{8E5CFA2B-8CC5-4C8D-88CB-C4A1D4AD9790}_is1 - c:\games\Offline\TouhouHisouTensoku\th123\unins000.exe
AddRemove-{F9942587-59C1-43CC-8B6A-A5DB09CBA735}_is1 - c:\games\Offline\TouhouHisouten\th105\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 16:56
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3266769259-3880101330-600960622-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*8*瑢ck\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\SOFTWARE\MOSS\W*i*n*d*o*w*s*Hr菇b!\{6A36DFA4-83F5-FC67-DDB2-0AD22AB03E71}]
"DesktopFolder"="c:\\Users\\Public\\Desktop\\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2732)
c:\windows\system32\ieframe.dll
.
Completion time: 2011-02-20 16:57:48
ComboFix-quarantined-files.txt 2011-02-20 21:57

Pre-Run: 214,827,307,008 bytes free
Post-Run: 214,697,984,000 bytes free

- - End Of File - - 09E4D56D888E7C616976692741B763D9

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:50 AM

Posted 20 February 2011 - 05:13 PM

Vista has its own recovery console built in so no worries there :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

RegNull::
[HKEY_USERS\S-1-5-21-3266769259-3880101330-600960622-1000\Software \Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*8*瑢ck \OpenWithList]
[HKEY_LOCAL_MACHINE\SOFTWARE\MOSS\W*i*n*d*o*w*s*Hr菇b!\{6A36DFA4-83F5-FC67-DDB2-0AD22AB03E71}]


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Please also run this to check for a nasty rootkit which does like to add large GB folders

Download and run HAMeb_check.exe

Post the contents of the resulting log.
Posted Image
m0le is a proud member of UNITE

#9 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 21 February 2011 - 02:06 PM

um... before I try to feed that into combofix, er, for some reason it looks like what you're telling me to use is having an encoding hiccup and I'm seeing some chinese-looking symbols in it, immediately before "ck \OpenWithList" and just after "W*i*n*d*o*w*s*Hr". should I copy-paste out of the page source for this thread, or might that be messed too? I just want to be sure, because as all the warnings go, combofix that really eat one's system if it's directed incorrectly. and having checked on a different computer, I can say that it's not the laptop's current settings causing the aforementioned apparent hiccup.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:50 AM

Posted 21 February 2011 - 05:42 PM

Good to check that with me :thumbup2:

The entry in the log actually shows these characters so it isn't an error that really is what they say.

This is just checking whether this is malicious entry or just an entry using unicode. It will leave it alone if it's legitimate but remove it if it's malicious. Nothing to worry about.
Posted Image
m0le is a proud member of UNITE

#11 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 21 February 2011 - 06:14 PM

hrm. space used went down slightly between the previous boot and this one to run CF and that rootkit finder thing, but -I can't find out how it is now because now that CF ran and gave me it's log, I'm getting "Illegal Operation attempted on a Registry Key that has been marked for deletion" error if I try to open windows explorer in any form, be it the [my computer] shortcut, winkey+E, or the control panel. this... sounds like I have a new problem. or is it a need for a reboot?

Edited by ZT-repairseek, 21 February 2011 - 06:16 PM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:50 AM

Posted 21 February 2011 - 06:17 PM

Reboot. Correct :thumbup2:
Posted Image
m0le is a proud member of UNITE

#13 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 21 February 2011 - 06:33 PM

space used went down a little more. and then it went back up to 88GB. and now selecting everything on C:\ and hitting properties tells me there's actually 90.8GB used. a program I was directed to that visualizes space use(WinDirStat) tells me that systemvolumeinformation is now taking up 40.2GB of that, but there remains the fact I'm getting a different answer from that and hitting properties on all of what's on C:\, than what hitting properties on C:\ tells me. >.< and either way, when this problem is solved, I'd like that 40gigs back. *sweat* -*and the creep in the drive properties box is still happening, because it's now saying 88.10
also that HAMeb thing says it's not compatible with my system. here's the CF log that I got when it finished it's run:


~~~~~~~~~~~~~

ComboFix 11-02-20.01 - ZT01 02/21/2011 18:06:51.2.2 - x86
Microsoftョ Windows Vista・Home Premium 6.0.6002.2.1252.1.1033.18.2942.2276 [GMT -5:00]
Running from: c:\users\ZT01\Desktop\ComFix.exe
Command switches used :: c:\users\ZT01\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-21 to 2011-02-21 )))))))))))))))))))))))))))))))
.

2011-02-21 23:10 . 2011-02-21 23:10 -------- d-----w- c:\users\ZT01\AppData\Local\temp
2011-02-21 23:10 . 2011-02-21 23:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-20 21:50 . 2011-02-20 21:57 -------- d-----w- C:\ComFix
2011-02-07 01:02 . 2011-02-02 22:10 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10E3530B-F171-4D22-91D5-18E84FE75435}\mpengine.dll
2011-02-06 23:41 . 2011-02-02 22:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-06 23:35 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-06 23:35 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-06 23:35 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-06 23:35 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-06 23:34 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-06 23:34 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-06 23:34 . 2011-02-06 23:35 -------- d-----w- c:\program files\Avast5
2011-02-06 23:34 . 2011-02-06 23:34 -------- d-----w- c:\programdata\Alwil Software
2011-02-05 22:36 . 2011-02-05 22:37 -------- d-----w- c:\program files\TotalVideoConverter
2011-02-05 22:32 . 2011-02-05 22:32 -------- d-----w- c:\users\ZT01\AppData\Roaming\Softplicity
2011-02-05 22:32 . 2011-02-05 22:32 -------- d-----w- c:\program files\TotalAudioConverter
2011-02-04 01:43 . 2011-02-04 01:55 -------- d-----w- C:\sysreset
2011-02-04 01:20 . 2011-02-04 01:20 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-02-04 01:17 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2011-02-04 01:17 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2011-02-04 01:17 . 2010-10-16 18:55 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-04 01:17 . 2010-10-16 18:55 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-04 01:17 . 2010-10-16 18:55 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-04 01:17 . 2010-10-16 18:55 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-04 01:17 . 2010-10-16 18:55 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2011-02-04 01:17 . 2010-10-16 18:55 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-04 01:17 . 2010-10-16 18:55 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-02-04 01:16 . 2011-02-04 01:21 -------- d-----w- c:\program files\NVIDIA Corporation
2011-02-04 01:16 . 2011-02-04 01:16 -------- d-----w- C:\NVIDIA
2011-02-04 01:10 . 2011-02-05 23:26 -------- d-----w- C:\-Artwork-
2011-02-04 01:10 . 2011-02-07 01:05 -------- d-----w- C:\-Arrivals-
2011-02-03 02:53 . 2011-02-03 02:54 -------- d-----w- C:\ICON
2011-02-02 06:23 . 2011-02-03 05:49 -------- d-----w- C:\Wallpaper
2011-02-02 06:20 . 2011-02-02 06:21 -------- d-----w- c:\users\ZT01\AppData\Roaming\NoteTab Pro
2011-02-02 06:20 . 2011-02-02 06:20 -------- d-----w- c:\program files\NoteTabPro6
2011-02-02 05:36 . 2011-02-02 05:36 -------- d-----w- C:\MyStuff
2011-02-02 05:03 . 1999-03-08 12:19 276992 ----a-w- c:\windows\system32\a3dapi.dll
2011-02-02 04:42 . 2004-04-19 04:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-02-02 04:42 . 2004-04-19 04:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-02-02 04:42 . 2004-04-19 04:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-02-02 04:42 . 2004-04-19 04:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-02-02 04:42 . 2004-04-19 04:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-02-02 04:42 . 2011-02-02 04:42 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-02-02 04:42 . 2011-02-02 04:42 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-02-02 04:31 . 2010-01-04 07:14 614912 ------w- c:\windows\eiunin21.exe
2011-02-02 04:18 . 2011-02-04 04:26 -------- d-----w- C:\ReNamer
2011-02-02 04:18 . 2011-02-02 04:18 -------- d-----w- C:\muTorrent
2011-02-02 04:18 . 2011-02-02 04:18 -------- d-----w- C:\GeoClock
2011-02-02 04:06 . 2011-02-02 05:25 -------- d-----w- C:\Emulation
2011-02-02 03:47 . 2010-12-09 15:40 36864 ----a-w- c:\windows\system32\imdisk.exe
2011-02-02 03:47 . 2010-12-09 15:40 86016 ----a-w- c:\windows\system32\imdisk.cpl
2011-02-02 03:47 . 2010-12-07 12:20 28888 ----a-w- c:\windows\system32\drivers\imdisk.sys
2011-02-02 03:47 . 2010-12-07 12:20 10240 ----a-w- c:\windows\system32\imdsksvc.exe
2011-02-02 03:47 . 2010-12-07 10:26 15184 ----a-w- c:\windows\system32\drivers\awealloc.sys
2011-02-02 03:28 . 2011-02-02 05:01 -------- d-----w- C:\ISO
2011-02-02 02:37 . 2011-02-05 21:59 -------- d-----w- c:\users\ZT01\AppData\Roaming\FALCOM
2011-02-02 01:27 . 2011-02-02 01:27 62208 ----a-w- c:\windows\iun1401.exe
2011-02-02 01:24 . 2011-02-02 01:24 -------- d-----w- c:\program files\HexWorkshop4.1
2011-02-02 01:22 . 2011-02-02 01:22 -------- d-----w- C:\MPC
2011-02-02 01:21 . 2011-02-02 01:21 -------- d-----w- c:\users\ZT01\AppData\Roaming\Media Player Classic
2011-02-02 01:19 . 2011-02-02 01:19 -------- d-----w- c:\program files\WinAce
2011-02-02 01:16 . 2011-02-02 01:17 -------- d-----w- C:\CALC98
2011-02-02 01:11 . 2011-02-02 01:11 -------- d-----w- c:\users\ZT01\AppData\Roaming\Leadertech
2011-02-02 00:45 . 1998-10-29 21:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-02-02 00:43 . 2011-02-02 00:43 86528 ----a-w- c:\windows\bnetunin.exe
2011-02-02 00:43 . 2011-02-02 00:43 61440 ----a-w- c:\windows\diabunin.exe
2011-02-02 00:29 . 2011-02-05 00:03 -------- d-----w- c:\program files\Winamp
2011-02-01 23:43 . 2011-02-01 23:43 -------- d-----w- c:\users\ZT01\AppData\Roaming\Foxit Software
2011-02-01 23:39 . 2011-02-02 02:23 -------- d-----w- C:\ToInst
2011-02-01 23:33 . 2011-02-01 23:33 -------- d-----w- c:\program files\AnimationShop3
2011-02-01 23:28 . 2011-02-01 23:28 -------- d-----w- c:\programdata\InstallShield
2011-02-01 23:28 . 2011-02-01 23:28 -------- d-----w- c:\program files\Common Files\Jasc Software Inc
2011-02-01 23:28 . 2011-02-01 23:29 -------- d-----w- c:\program files\PSP9
2011-02-01 23:28 . 2011-02-01 23:28 -------- d-----w- c:\users\ZT01\AppData\Roaming\Jasc Software Inc
2011-02-01 05:39 . 2011-02-01 05:39 -------- d-----w- c:\users\ZT01\AppData\Roaming\Malwarebytes
2011-02-01 05:35 . 2011-02-01 05:35 -------- d-----w- C:\NTLEA
2011-02-01 05:33 . 2011-02-01 05:34 -------- d-----w- c:\users\ZT01\AppData\Roaming\NoteTab Light
2011-02-01 05:31 . 2011-02-01 05:31 -------- d-----w- c:\program files\7-Zip
2011-02-01 05:30 . 2011-02-01 05:30 -------- d-----w- c:\program files\WinCDEmu
2011-02-01 05:29 . 2011-02-01 05:30 -------- d-----w- c:\program files\FoxitReader
2011-02-01 05:28 . 2011-02-01 05:28 -------- d-----w- c:\users\ZT01\AppData\Roaming\Free Download Manager
2011-02-01 05:28 . 2011-02-01 05:29 -------- d-----w- c:\program files\FreeDownloadManager
2011-02-01 05:28 . 2011-02-01 05:28 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2011-02-01 01:28 . 2011-02-01 01:28 -------- d-----w- c:\users\ZT01\AppData\Local\Frameworkx.com
2011-02-01 01:27 . 2011-02-01 01:27 -------- d-----w- c:\programdata\Malwarebytes
2011-02-01 01:27 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-01 01:27 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-01 01:26 . 2010-01-11 00:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2011-02-01 01:26 . 2010-01-11 00:40 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2011-02-01 01:18 . 2011-02-01 01:18 -------- d-----w- c:\windows\system32\ca-ES
2011-02-01 01:18 . 2011-02-01 01:18 -------- d-----w- c:\windows\system32\eu-ES
2011-02-01 01:18 . 2011-02-01 01:18 -------- d-----w- c:\windows\system32\vi-VN
2011-02-01 01:16 . 2011-02-01 01:16 -------- d-----w- c:\windows\system32\SPReview
2011-02-01 01:10 . 2009-04-11 04:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2011-02-01 01:10 . 2009-04-11 04:27 57856 ----a-w- c:\windows\system32\compcln.exe
2011-02-01 01:05 . 2011-02-01 01:05 -------- d-----w- c:\windows\system32\EventProviders
2011-02-01 01:02 . 2011-02-01 01:02 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-02-01 00:48 . 2011-02-18 23:12 -------- d-----w- C:\Tools
2011-02-01 00:48 . 2011-02-02 00:43 -------- d-----w- C:\Games
2011-01-31 05:28 . 2011-01-31 05:28 -------- d---a-w- C:\book
2011-01-31 05:23 . 2011-01-31 05:23 -------- d-----w- c:\users\ZT01\AppData\Local\Seven Zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 01:27 . 2011-02-02 01:27 1409 ----a-w- c:\windows\Fonts\MAIDWORD.fot
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"avast5"="c:\program files\Avast5\avastUI.exe" [2011-01-13 3396624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3266769259-3880101330-600960622-1000]
"EnableNotificationsRef"=dword:00000001

R3 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\DRIVERS\awealloc.sys [2010-12-07 15184]
R3 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\DRIVERS\imdisk.sys [2010-12-07 28888]
R3 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe [2010-12-07 10240]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2010-10-28 98400]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=1208&m=et1161-03
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp32&d=1208&m=et1161-03
IE: Download all with Free Download Manager - file://c:\program files\FreeDownloadManager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\FreeDownloadManager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\FreeDownloadManager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\FreeDownloadManager\dllink.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-21 18:10
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3266769259-3880101330-600960622-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0*8*瑢ck\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\SOFTWARE\MOSS\W*i*n*d*o*w*s*Hr菇b!\{6A36DFA4-83F5-FC67-DDB2-0AD22AB03E71}]
"DesktopFolder"="c:\\Users\\Public\\Desktop\\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-02-21 18:11:57
ComboFix-quarantined-files.txt 2011-02-21 23:11
ComboFix2.txt 2011-02-20 21:57

Pre-Run: 214,861,504,512 bytes free
Post-Run: 214,751,162,368 bytes free

- - End Of File - - 34AE56EE9B2EB4CB4D6F35903CC1EFCE

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:50 AM

Posted 21 February 2011 - 07:26 PM

This is something other than malware I think.

How To Geek has a useful thread on Vista diskspace and one of these may help you.

Check it out and let me know.

If it isn't malware I may refer you to another advisor who can help you further. :)
Posted Image
m0le is a proud member of UNITE

#15 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 22 February 2011 - 03:23 PM

well. on the one hand, the "deleting older restore points" idea did reduce the used space, but it seems the creep is still going on. and further, as far as I can tell the settings between this laptop and the desktop are the same, but nothing of the sort is happening on the laptop. (it's free space fluxuates by a gig or two from time to time but I've been lead to believe in the laptop's case it's a faulty HDD; the lappy's it's own ball of problems for a different section tho)

and of course, the size report between properties for the desktop's HDD and properties for everything on the drive are still showing discrepancies.
55543517184 bytes VS 58366186412 bytes as of last check.

*rechecks after an errand* I reactivated AVAST's shields to see if they influenced it, and now it's 57835233280 from C:\ properties and 60658106116 (from select all:properties)bytes used. <.<; repeating the above step brought it to 54386942528b (C:\) VS 57208815722b (all). but doing that every few hours seems a bit excessive... perhaps you should direct me to that other advisor? untill I'm done installing and securing, I'd rather leave systemrestore running, even though my usual modus operandi is to only use it before doing anything potentially catastrophic. assuming systemrestore is somehow the culprit, although again it doesn't seem to be doing anything on the laptop (same main version of vista) and I'm not really thinking it's avast itself, either, because again, same stuff on the lappy. this is troublesome indeed.

and if this IS infact malware even after all we've tried thus far, it's absurdly well hidden, I think we can agree.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users