Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

download, programme run and video problems


  • This topic is locked This topic is locked
29 replies to this topic

#1 lavellej

lavellej

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 14 February 2011 - 03:05 PM

for a couple of weeks i have been unable to view youtube. trying to update flash player led to download problems and running problems. i have had to download various files to an external hard drive and run on this computer. trying to download on this computer i get digital signature error messages. i also have script problems where i have trouble viewing various pages, cannot open hotmail messages and have errors on webpage messages on all pages i view. i have ran a few virus checkers but nothing is picked up. i am not sure i have any virus but cant think what else to do? many thanks in advance

DDS (Ver_10-12-12.02) - NTFSx86
Run by lave at 19:56:02.30 on 14/02/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.353.1033.18.1014.273 [GMT 1:00]

AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\ctfmon.exe
C:\Malwarebytes' Anti-Malware2\mbam.exe
F:\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ie/webhp?sourceid=navclient&ie=UTF-8
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [UpdateYouPaintShortCut] "c:\program files\cyberlink\youpaint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youpaint" updatewithcreateonce "software\cyberlink\youpaint\1.2"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRunOnce: [Malwarebytes' Anti-Malware] c:\malwarebytes' anti-malware2\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: youtube.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {B1C24548-0B9B-4D1F-9C86-3291F244DF1A} = 208.67.222.222,208.67.220.220
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-30 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-5 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-9-3 98392]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-5 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-5 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-5 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1375992]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-7-29 1153368]
R3 ACPIService;ATK0100 ACPI SERVICE;c:\windows\system32\drivers\ATKACPI.SYS [2010-1-7 16456]
R3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\drivers\fspad_wlh32.sys [2010-3-26 42496]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-1-7 58368]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-5-10 996896]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-16 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-1-7 43944]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-1-7 29472]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-3 15264]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2v.sys [2008-9-29 449536]

=============== Created Last 30 ================

2011-02-13 19:07:27 181608 ----a-w- c:\progra~2\microsoft\windows\sqm\manifest\Sqm10137.bin
2011-02-12 14:54:55 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-11 20:40:26 -------- d-----w- C:\Malwarebytes' Anti-Malware2
2011-02-09 19:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-09 19:13:20 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 19:12:56 2329088 ----a-w- c:\windows\system32\win32k.sys
2011-02-08 21:31:11 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-08 21:31:08 107520 ----a-w- c:\windows\system32\cdd.dll
2011-02-08 21:31:07 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-08 21:31:07 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-05 17:43:02 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-05 17:41:53 38848 ----a-w- c:\windows\avastSS.scr
2011-02-05 17:41:44 -------- d-----w- c:\progra~2\Alwil Software
2011-02-05 11:14:52 -------- d-----w- C:\MGTools
2011-02-01 18:57:35 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-01-31 18:50:41 -------- d-sh--w- C:\$RECYCLE.BIN
2011-01-31 18:50:32 -------- d-----w- c:\users\lave\appdata\local\temp
2011-01-31 18:38:26 -------- d-----w- c:\users\lave\appdata\roaming\SUPERAntiSpyware.com
2011-01-31 18:38:26 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-01-31 18:38:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-31 18:32:52 -------- d-----w- c:\program files\CCleaner
2011-01-31 18:31:52 -------- d-----w- c:\users\lave\appdata\roaming\Malwarebytes
2011-01-31 18:31:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 18:31:38 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-31 18:31:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-31 18:31:34 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-01-30 13:02:56 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-01-30 13:02:56 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-30 13:02:56 208896 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-30 10:43:23 -------- d-----w- C:\VIPRERESCUE
2011-01-26 06:19:59 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{384cd7f1-4b10-4b55-9d6e-d8cbca4bd8a7}\mpengine.dll

==================== Find3M ====================

2010-12-29 10:19:41 131101 ----a-w- c:\users\lave\DOSBox-0.63-install.exe

============= FINISH: 19:58:42.87 ===============

i also cant seem to post attachments!
gmer log below (apologies as i cant attach)
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-14 20:53:41
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-00A23T0 rev.01.01A01
Running: 9g4mfxdg.exe; Driver: C:\Users\lave\AppData\Local\Temp\pwtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8A20F728]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8A20F7D8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8A20F870]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8A22382E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8A223652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8A22378C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81A7D599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81AA1F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 81AA974C 4 Bytes [28, F7, 20, 8A]
.text ntkrnlpa.exe!RtlSidHashLookup + 3FC 81AA990C 4 Bytes [D8, F7, 20, 8A]
.text ntkrnlpa.exe!RtlSidHashLookup + 54C 81AA9A5C 4 Bytes [70, F8, 20, 8A]
PAGE ntkrnlpa.exe!ZwLoadDriver 81BDB291 7 Bytes JMP 8A223790 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 81C42FBF 5 Bytes JMP 8A21F1EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 81C5CCF3 5 Bytes JMP 8A220CA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 81C6AD63 7 Bytes JMP 8A223656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 81D14EAC 7 Bytes JMP 8A223832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 83852000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 83852123 486 Bytes [D5, 84, 83, FE, 05, 34, D5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 529A 8385230A 142 Bytes [84, 83, 3B, 08, 77, 04, 3B, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 83852399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 838523FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\spoolsv.exe[260] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[260] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[260] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[260] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[260] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[260] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[260] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[408] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[408] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[408] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[408] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[408] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[408] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[408] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[472] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[472] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[472] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[472] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[472] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[472] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[472] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[488] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[488] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[488] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[488] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[488] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[488] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[488] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[540] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[540] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[540] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[540] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[540] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[540] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[540] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[588] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[588] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[604] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[624] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[624] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[624] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[624] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[624] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[624] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[624] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[644] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[644] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[656] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[656] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[784] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[784] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[784] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[784] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[784] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[784] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[784] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[792] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[792] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[892] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[892] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[956] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[956] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[956] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[956] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[956] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[956] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[956] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1020] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1056] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1056] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1056] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1056] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1180] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1324] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1324] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1324] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1324] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1324] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1324] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1324] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[1416] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[1416] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[1416] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[1416] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[1416] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[1416] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[1416] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1464] kernel32.dll!SetUnhandledExceptionFilter 76583162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1492] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1492] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1492] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1492] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1492] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1492] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1492] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[1696] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[1696] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[1696] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[1696] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[1696] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[1696] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[1696] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1832] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1832] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1832] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1832] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1832] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1832] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1832] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[1848] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[1848] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[1848] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[1848] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[1848] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[1848] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[1848] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1852] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1852] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1852] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1852] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1852] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1852] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1852] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1980] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1980] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1980] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1980] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1980] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1980] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1980] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\igfxsrvc.exe[2060] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\igfxsrvc.exe[2060] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\igfxsrvc.exe[2060] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\igfxsrvc.exe[2060] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\igfxsrvc.exe[2060] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\igfxsrvc.exe[2060] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\igfxsrvc.exe[2060] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2068] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2068] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2068] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2068] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2068] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2068] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2068] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2100] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2100] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2100] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2100] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2100] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2100] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2100] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[2176] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[2176] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[2176] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[2176] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[2176] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[2176] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[2176] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\WindowsMobile\wmdc.exe[2236] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\WindowsMobile\wmdc.exe[2236] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\WindowsMobile\wmdc.exe[2236] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\WindowsMobile\wmdc.exe[2236] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\WindowsMobile\wmdc.exe[2236] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\WindowsMobile\wmdc.exe[2236] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\WindowsMobile\wmdc.exe[2236] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[2280] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[2280] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2284] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2284] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2284] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2284] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2284] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2284] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2284] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2360] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2360] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2360] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2360] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2360] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2360] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2360] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2416] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[2580] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2644] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2644] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2644] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2644] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2644] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2644] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2644] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2876] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2876] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2876] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2876] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2876] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2876] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2876] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\unsecapp.exe[3420] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\unsecapp.exe[3420] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\unsecapp.exe[3420] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\unsecapp.exe[3420] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\unsecapp.exe[3420] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\unsecapp.exe[3420] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\unsecapp.exe[3420] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3672] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3672] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3672] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3672] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3672] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3672] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[3672] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3732] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3732] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3732] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3732] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3732] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3732] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3732] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[3784] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[3784] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[3784] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[3784] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[3784] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[3784] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[3784] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3864] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3864] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3864] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3864] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3864] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3864] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3864] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text F:\9g4mfxdg.exe[3924] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text F:\9g4mfxdg.exe[3924] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text F:\9g4mfxdg.exe[3924] USER32.dll!UnhookWindowsHookEx 760FCC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text F:\9g4mfxdg.exe[3924] USER32.dll!UnhookWinEvent 760FD924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text F:\9g4mfxdg.exe[3924] USER32.dll!SetWindowsHookExW 7610210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text F:\9g4mfxdg.exe[3924] USER32.dll!SetWinEventHook 7610507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text F:\9g4mfxdg.exe[3924] USER32.dll!SetWindowsHookExA 76126DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[4076] ntdll.dll!LdrUnloadDll 7769BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[4076] ntdll.dll!LdrLoadDll 7769F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\Lavasoft Kernexplorer \Device\Kernexplorer 8389F556
Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Threads - GMER 1.0.15 ----

Thread System [4:3660] 8385FF2E

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6006491
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd60325ea
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6133de8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6133de8@0022a5e1a745 0xA1 0x00 0xAB 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6006491 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd60325ea (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6133de8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6133de8@0022a5e1a745 0xA1 0x00 0xAB 0x7C ...

---- EOF - GMER 1.0.15 ----

EDIT: Posts merged ~BP

Edited by Budapest, 14 February 2011 - 04:25 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 19 February 2011 - 11:32 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 lavellej

lavellej
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 19 February 2011 - 03:36 PM

many thanks - please find updated OTL & GMER log
OTL logfile created on: 19/02/2011 20:21:59 - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = F:\
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 250.00 Mb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 191.78 Gb Total Space | 153.09 Gb Free Space | 79.82% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 30.41 Gb Free Space | 76.03% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 123.61 Gb Free Space | 41.47% Space Free | Partition Type: NTFS

Computer Name: LAVE-PC | User Name: lave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - F:\OTL2.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (SafeList) ==========

MOD - F:\OTL2.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SBRE) -- C:\Windows\System32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (fspad_wlh32) -- C:\Windows\system32\DRIVERS\fspad_wlh32.sys (Sentelic Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (ACPIService) -- C:\Windows\system32\DRIVERS\ATKACPI.SYS ()
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (WN111v2) -- C:\Windows\System32\drivers\WN111v2v.sys (Atheros Communications, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1721347234-3370991427-4293593148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]
IE - HKU\S-1-5-21-1721347234-3370991427-4293593148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1721347234-3370991427-4293593148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/webhp?sourceid=navclient&ie=UTF-8
IE - HKU\S-1-5-21-1721347234-3370991427-4293593148-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1721347234-3370991427-4293593148-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2011/02/18 20:28:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1721347234-3370991427-4293593148-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1721347234-3370991427-4293593148-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UpdateYouPaintShortCut] C:\Program Files\CyberLink\YouPaint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1721347234-3370991427-4293593148-1000..\Run: [msnmsgr] File not found
O4 - HKU\S-1-5-21-1721347234-3370991427-4293593148-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1721347234-3370991427-4293593148-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1721347234-3370991427-4293593148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1721347234-3370991427-4293593148-1000\..Trusted Domains: youtube.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/02 12:36:45 | 000,000,000 | R--D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)


========== Files/Folders - Created Within 30 Days ==========

[2011/02/18 20:35:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/18 20:35:28 | 000,000,000 | ---D | C] -- C:\Users\lave\AppData\Local\temp
[2011/02/18 20:02:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/18 20:02:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/18 20:02:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/18 20:00:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/18 20:00:17 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/02/14 21:43:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/14 21:43:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/14 21:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/11 21:40:26 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware2
[2011/02/05 18:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/02/05 18:43:08 | 000,294,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/02/05 18:43:08 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/02/05 18:43:06 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/02/05 18:43:05 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/02/05 18:43:02 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/02/05 18:41:53 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/02/05 18:41:52 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/02/05 18:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/02/05 18:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/02/05 12:14:52 | 000,000,000 | ---D | C] -- C:\MGTools
[2011/02/01 19:57:35 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2011/01/31 19:41:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/31 19:41:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/31 19:38:26 | 000,000,000 | ---D | C] -- C:\Users\lave\AppData\Roaming\SUPERAntiSpyware.com
[2011/01/31 19:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/01/31 19:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/01/31 19:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/31 19:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/01/31 19:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/01/31 19:31:52 | 000,000,000 | ---D | C] -- C:\Users\lave\AppData\Roaming\Malwarebytes
[2011/01/31 19:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/31 19:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/31 19:31:34 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/01/30 11:43:23 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE

========== Files - Modified Within 30 Days ==========

[2011/02/19 20:21:52 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/19 20:21:52 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/19 20:19:19 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/19 20:11:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/19 20:08:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/19 15:57:00 | 000,010,464 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/19 15:57:00 | 000,010,464 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/19 15:49:26 | 797,605,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/18 20:28:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/18 19:59:53 | 000,000,401 | ---- | M] () -- C:\Users\lave\Desktop\ComboFix.exe - Shortcut.lnk
[2011/02/18 19:50:40 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/02/14 20:18:36 | 212,241,941 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/10 07:05:42 | 000,338,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/05 18:43:02 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/02/05 12:11:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
[2011/02/05 10:55:39 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2011/01/31 19:21:17 | 000,000,004 | ---- | M] () -- C:\ProgramData\WBLD.INI
[2011/01/30 11:41:59 | 082,436,096 | ---- | M] () -- C:\Users\lave\Desktop\VIPRERescue8236.exe
[2011/01/25 22:29:00 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat
[2011/01/25 22:19:04 | 000,000,000 | ---- | M] () -- C:\Users\lave\defogger_reenable

========== Files Created - No Company Name ==========

[2011/02/18 20:02:23 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/18 20:02:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/18 20:02:23 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/18 20:02:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/18 20:02:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/18 19:59:53 | 000,000,401 | ---- | C] () -- C:\Users\lave\Desktop\ComboFix.exe - Shortcut.lnk
[2011/02/14 20:18:36 | 212,241,941 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/12 09:19:05 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/02/05 12:11:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2011/02/05 10:55:39 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/01/30 11:41:58 | 082,436,096 | ---- | C] () -- C:\Users\lave\Desktop\VIPRERescue8236.exe
[2011/01/25 22:29:00 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat
[2011/01/25 22:19:04 | 000,000,000 | ---- | C] () -- C:\Users\lave\defogger_reenable
[2010/01/07 05:22:04 | 000,000,004 | ---- | C] () -- C:\ProgramData\WBLD.INI
[2010/01/07 04:32:37 | 000,016,456 | ---- | C] () -- C:\Windows\System32\drivers\ATKACPI.SYS
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/10/09 17:28:23 | 000,000,000 | ---D | M] -- C:\Users\lave\AppData\Roaming\FinalTorrent
[2011/02/18 19:50:40 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/10/22 17:00:00 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< %systemroot%\system32\*.sys /90 >
[2011/01/05 04:37:38 | 002,329,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2011/02/19 08:55:27 | 000,051,740 | ---- | M] () -- C:\aaw7boot.log
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/02/18 20:35:26 | 000,010,660 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/02/19 15:49:26 | 797,605,888 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/07 09:02:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/07 09:02:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/02/19 15:49:29 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
[2011/01/25 22:29:00 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/10/26 20:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/14 02:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< End of report >
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-19 21:35:37
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-00A23T0 rev.01.01A01
Running: q8pgofu2.exe; Driver: C:\Users\lave\AppData\Local\Temp\pwtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x89E11728]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x89E117D8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x89E11870]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x89E2582E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x89E25652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x89E2578C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81A51599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81A75F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 81A7D74C 4 Bytes [28, 17, E1, 89] {SUB [EDI], DL; LOOPZ 0xffffffffffffff8d}
.text ntkrnlpa.exe!RtlSidHashLookup + 3FC 81A7D90C 4 Bytes [D8, 17, E1, 89] {FCOM DWORD [EDI]; LOOPZ 0xffffffffffffff8d}
.text ntkrnlpa.exe!RtlSidHashLookup + 54C 81A7DA5C 4 Bytes [70, 18, E1, 89] {JO 0x1a; LOOPZ 0xffffffffffffff8d}
PAGE ntkrnlpa.exe!ZwLoadDriver 81BAF291 7 Bytes JMP 89E25790 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 81C16FBF 5 Bytes JMP 89E211EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 81C30CF3 5 Bytes JMP 89E22CA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 81C3ED63 2 Bytes JMP 89E25656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection + 3 81C3ED66 4 Bytes [1E, 08, CC, CC] {PUSH DS; OR AH, CL; INT 3 }
PAGE ntkrnlpa.exe!ZwCreateProcessEx 81CE8EAC 7 Bytes JMP 89E25832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text user32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0
.text user32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0
.text user32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30
.text user32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720
.text user32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[456] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[456] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[504] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[504] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[504] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[504] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[504] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[504] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[504] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[540] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[540] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[540] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[540] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[540] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[540] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[540] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[588] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[588] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[588] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[588] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[588] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[588] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[588] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[600] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[600] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[608] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[608] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[616] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[616] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[796] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[796] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[876] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[876] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[876] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[876] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[876] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[876] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[876] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[932] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[932] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[932] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[932] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[932] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[932] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[932] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[956] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[956] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[956] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[956] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[956] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[956] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 6C7C83A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!CallNextHookEx 76F4CC8F 5 Bytes JMP 6C7A9D8C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!CreateWindowExW 76F50E51 5 Bytes JMP 6C7B818F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 6C764643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!DialogBoxIndirectParamW 76F74AA7 5 Bytes JMP 6C8DFE70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!DialogBoxParamW 76F7564A 5 Bytes JMP 6C6D4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!DialogBoxParamA 76F8CF6A 5 Bytes JMP 6C8DFE0D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!DialogBoxIndirectParamA 76F8D29C 5 Bytes JMP 6C8DFED3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!MessageBoxIndirectA 76F9E8C9 5 Bytes JMP 6C8DFDA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!MessageBoxIndirectW 76F9E9C3 5 Bytes JMP 6C8DFD37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!MessageBoxExA 76F9EA29 5 Bytes JMP 6C8DFCD5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] USER32.dll!MessageBoxExW 76F9EA4D 5 Bytes JMP 6C8DFC73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] ole32.dll!OleLoadFromStream 76D25BF6 5 Bytes JMP 6C8E01C3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1028] ole32.dll!CoCreateInstance 76D7590C 5 Bytes JMP 6C7B8C7D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1104] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1104] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1104] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1104] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1376] kernel32.dll!SetUnhandledExceptionFilter 77743162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\System32\spoolsv.exe[1696] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[1696] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[1696] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[1696] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[1696] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[1696] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[1696] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1708] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1708] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1708] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1708] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1708] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1708] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[1708] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1772] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1772] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1772] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1772] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1772] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1772] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1772] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1792] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1792] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1792] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1792] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1792] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1792] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[1792] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1876] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1876] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1876] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1876] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1876] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1876] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1876] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1908] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1908] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1908] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1908] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1908] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1908] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1908] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1940] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1940] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1940] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1940] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1940] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1940] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1940] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2000] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2000] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2000] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2000] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2000] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2000] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2000] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[2248] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[2248] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[2248] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[2248] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[2248] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[2248] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[2248] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2520] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2520] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2520] user32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2520] user32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2520] user32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2520] user32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2520] user32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[2584] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[2584] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[2584] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[2584] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[2584] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[2584] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[2584] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\rundll32.exe[2620] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\rundll32.exe[2620] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\rundll32.exe[2620] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\rundll32.exe[2620] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\rundll32.exe[2620] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\rundll32.exe[2620] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\rundll32.exe[2620] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[2664] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[2664] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[2664] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[2664] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[2664] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[2664] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[2664] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[2696] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[2696] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[2696] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[2696] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[2696] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[2696] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[2696] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2900] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2900] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2900] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2900] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2900] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2900] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2900] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[3016] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[3016] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[3056] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[3056] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[3056] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[3056] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[3056] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[3056] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxtray.exe[3056] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[3064] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[3064] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[3064] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[3064] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[3064] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[3064] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\hkcmd.exe[3064] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[3072] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[3072] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[3072] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[3072] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[3072] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[3072] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\igfxpers.exe[3072] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3112] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3112] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3112] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3112] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3112] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3112] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3112] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\igfxsrvc.exe[3136] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\igfxsrvc.exe[3136] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\igfxsrvc.exe[3136] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\igfxsrvc.exe[3136] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\igfxsrvc.exe[3136] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\igfxsrvc.exe[3136] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\igfxsrvc.exe[3136] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text F:\q8pgofu2.exe[3152] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text F:\q8pgofu2.exe[3152] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text F:\q8pgofu2.exe[3152] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text F:\q8pgofu2.exe[3152] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text F:\q8pgofu2.exe[3152] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text F:\q8pgofu2.exe[3152] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text F:\q8pgofu2.exe[3152] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Internet Explorer\iexplore.exe[3192] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Internet Explorer\iexplore.exe[3192] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Internet Explorer\iexplore.exe[3192] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Internet Explorer\iexplore.exe[3192] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Internet Explorer\iexplore.exe[3192] USER32.dll!CreateWindowExW 76F50E51 5 Bytes JMP 6C7B818F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3192] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Internet Explorer\iexplore.exe[3192] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Internet Explorer\iexplore.exe[3192] USER32.dll!DialogBoxIndirectParamW 76F74AA7 5 Bytes JMP 6C8DFE70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3192] USER32.dll!DialogBoxParamW 76F7564A 5 Bytes JMP 6C6D4BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3192] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Internet Explorer\iexplore.exe[3192] USER32.dll!DialogBoxParamA 76F8CF6A 5 Bytes JMP 6C8DFE0D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3192] USER32.dll!DialogBoxIndirectParamA 76F8D29C 5 Bytes JMP 6C8DFED3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3192] USER32.dll!MessageBoxIndirectA 76F9E8C9 5 Bytes JMP 6C8DFDA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3192] USER32.dll!MessageBoxIndirectW 76F9E9C3 5 Bytes JMP 6C8DFD37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3192] USER32.dll!MessageBoxExA 76F9EA29 5 Bytes JMP 6C8DFCD5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3192] USER32.dll!MessageBoxExW 76F9EA4D 5 Bytes JMP 6C8DFC73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[3236] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[3236] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[3236] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[3236] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[3236] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[3236] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[3236] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\WindowsMobile\wmdc.exe[3260] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\WindowsMobile\wmdc.exe[3260] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\WindowsMobile\wmdc.exe[3260] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\WindowsMobile\wmdc.exe[3260] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\WindowsMobile\wmdc.exe[3260] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\WindowsMobile\wmdc.exe[3260] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\WindowsMobile\wmdc.exe[3260] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3332] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3332] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3332] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3332] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3332] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3332] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3332] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Skype\Phone\Skype.exe[3356] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Skype\Phone\Skype.exe[3356] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Skype\Phone\Skype.exe[3356] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Skype\Phone\Skype.exe[3356] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Skype\Phone\Skype.exe[3356] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Skype\Phone\Skype.exe[3356] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Skype\Phone\Skype.exe[3356] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3376] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3376] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3376] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3376] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3376] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3376] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3376] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\notepad.exe[3464] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\notepad.exe[3464] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\notepad.exe[3464] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\notepad.exe[3464] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\notepad.exe[3464] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\notepad.exe[3464] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\notepad.exe[3464] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[3576] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[3576] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text F:\OTL2.exe[3880] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text F:\OTL2.exe[3880] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3892] ntdll.dll!LdrUnloadDll 77A2BF1F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3892] ntdll.dll!LdrLoadDll 77A2F625 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3892] USER32.dll!UnhookWindowsHookEx 76F4CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3892] USER32.dll!UnhookWinEvent 76F4D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3892] USER32.dll!SetWindowsHookExW 76F5210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3892] USER32.dll!SetWinEventHook 76F5507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3892] USER32.dll!SetWindowsHookExA 76F76DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6006491
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd60325ea
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6133de8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6133de8@0022a5e1a745 0xA1 0x00 0xAB 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6006491 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd60325ea (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6133de8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6133de8@0022a5e1a745 0xA1 0x00 0xAB 0x7C ...

---- EOF - GMER 1.0.15 ----

Edited by lavellej, 19 February 2011 - 03:38 PM.


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 20 February 2011 - 11:09 AM

Hello, lavellej.





Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578





Two Antiviruses Warning


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Lavasoft Ad-Watch live or Avast!.

Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1


Please see the warnings above about having two antiviruses. Also, it appears you have run Combofix. Please post the contents of C:\combofix.txt. Let me know if it doesn't exist.





Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 3

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 lavellej

lavellej
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 21 February 2011 - 01:58 PM

Many thanks
I have removed adaware
I have removed trusted sites
I cant find the combofix log - should i rerun?
MBAM & MBR as below
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21/02/2011 19:52:05
mbam-log-2011-02-21 (19-52-05).txt

Scan type: Quick scan
Objects scanned: 142767
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Starter Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: MEDION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MEDION
System Product Name: E122X
Logical Drives Mask: 0x0000002c

Kernel Drivers (total 186):
0x81A38000 \SystemRoot\system32\ntkrnlpa.exe
0x81A01000 \SystemRoot\system32\halmacpi.dll
0x8199D000 \SystemRoot\system32\kdcom.dll
0x85E3F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x85EB7000 \SystemRoot\system32\PSHED.dll
0x85EC8000 \SystemRoot\system32\BOOTVID.dll
0x85ED0000 \SystemRoot\system32\CLFS.SYS
0x85F12000 \SystemRoot\system32\CI.dll
0x86005000 \SystemRoot\system32\drivers\Wdf01000.sys
0x86076000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x86084000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x860CC000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x860D5000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x860DD000 \SystemRoot\system32\DRIVERS\pci.sys
0x86107000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x86112000 \SystemRoot\System32\drivers\partmgr.sys
0x86123000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8612B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x86136000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x86146000 \SystemRoot\System32\drivers\volmgrx.sys
0x86191000 \SystemRoot\system32\DRIVERS\intelide.sys
0x86198000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x861A6000 \SystemRoot\System32\drivers\mountmgr.sys
0x861BC000 \SystemRoot\system32\DRIVERS\atapi.sys
0x861C5000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x861E8000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x85FBD000 \SystemRoot\system32\drivers\fltmgr.sys
0x85E00000 \SystemRoot\system32\drivers\fileinfo.sys
0x86237000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86366000 \SystemRoot\System32\Drivers\msrpc.sys
0x86391000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8641D000 \SystemRoot\System32\Drivers\cng.sys
0x8647A000 \SystemRoot\System32\drivers\pcw.sys
0x86488000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x86491000 \SystemRoot\system32\drivers\ndis.sys
0x86548000 \SystemRoot\system32\drivers\NETIO.SYS
0x86586000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x86615000 \SystemRoot\System32\drivers\tcpip.sys
0x8675E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8678F000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x867CE000 \SystemRoot\System32\Drivers\spldr.sys
0x865AB000 \SystemRoot\System32\drivers\rdyboost.sys
0x867D6000 \SystemRoot\System32\Drivers\mup.sys
0x867E6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x863A4000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x867EE000 \SystemRoot\system32\DRIVERS\disk.sys
0x865D8000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8660D000 \SystemRoot\System32\Drivers\Null.SYS
0x86414000 \SystemRoot\System32\Drivers\Beep.SYS
0x863E7000 \??\C:\Windows\system32\drivers\SBREdrv.sys
0x86200000 \SystemRoot\System32\drivers\vga.sys
0x8620C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x861F1000 \SystemRoot\System32\drivers\watchdog.sys
0x8622D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x85E11000 \SystemRoot\system32\drivers\rdpencdd.sys
0x85E19000 \SystemRoot\system32\drivers\rdprefmp.sys
0x85E21000 \SystemRoot\System32\Drivers\Msfs.SYS
0x85E2C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8A014000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8A02B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8A036000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8A040000 \SystemRoot\system32\drivers\afd.sys
0x8A09A000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8A09F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8A0D1000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8A0D8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8A0F7000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8A108000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8A116000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8A129000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8A139000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8A15B000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8A161000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8A1A2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8A1AC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A1B6000 \SystemRoot\System32\drivers\discache.sys
0x8A1C2000 \SystemRoot\System32\Drivers\dfsc.sys
0x8A1DA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8A215000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8A25C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A27D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8AC24000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8B12C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8A28F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8AC00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B1E3000 \SystemRoot\system32\DRIVERS\L1C62x86.sys
0x8A2C8000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x8B1F5000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x8A3D9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8EE20000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EE6B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EE7A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EE92000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8EE9F000 \SystemRoot\system32\DRIVERS\fspad_wlh32.sys
0x8EEAF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EEBC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8EEC0000 \SystemRoot\system32\DRIVERS\ATKACPI.SYS
0x8EEC8000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8EED5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8EEE7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EEFF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EF0A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EF2C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EF44000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EF5B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EF72000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EF74000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EFA8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EFB6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EE00000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x80E31000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x810DF000 \SystemRoot\system32\drivers\portcls.sys
0x8110E000 \SystemRoot\system32\drivers\drmk.sys
0x81127000 \SystemRoot\System32\Drivers\crashdmp.sys
0x81134000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8113F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x81148000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x813B0000 \SystemRoot\System32\win32k.sys
0x81159000 \SystemRoot\System32\drivers\Dxapi.sys
0x81163000 \SystemRoot\system32\DRIVERS\monitor.sys
0x81210000 \SystemRoot\System32\TSDDD.dll
0x8116E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x81185000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x81240000 \SystemRoot\System32\cdd.dll
0x81187000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8119E000 \SystemRoot\System32\Drivers\usbvideo.sys
0x811C2000 \SystemRoot\system32\drivers\luafv.sys
0xA2637000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0xA266E000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA2671000 \SystemRoot\system32\drivers\WudfPf.sys
0xA268B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA269B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA26E1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA26F1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA2704000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0xA270D000 \SystemRoot\system32\drivers\HTTP.sys
0xA2792000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA27AB000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA27BD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA7421000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA745C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA748F000 \SystemRoot\system32\drivers\peauth.sys
0xA7526000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA7530000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA7551000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA755E000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA75AD000 \SystemRoot\System32\DRIVERS\srv.sys
0x773B0000 \Windows\System32\ntdll.dll
0x48200000 \Windows\System32\smss.exe
0x775F0000 \Windows\System32\apisetschema.dll
0x00FC0000 \Windows\System32\autochk.exe
0x775D0000 \Windows\System32\normaliz.dll
0x77580000 \Windows\System32\Wldap32.dll
0x77540000 \Windows\System32\ws2_32.dll
0x77520000 \Windows\System32\sechost.dll
0x77250000 \Windows\System32\ole32.dll
0x771D0000 \Windows\System32\comdlg32.dll
0x77140000 \Windows\System32\oleaut32.dll
0x770E0000 \Windows\System32\difxapi.dll
0x77090000 \Windows\System32\gdi32.dll
0x76FE0000 \Windows\System32\rpcrt4.dll
0x76F40000 \Windows\System32\advapi32.dll
0x76E00000 \Windows\System32\urlmon.dll
0x761B0000 \Windows\System32\shell32.dll
0x760E0000 \Windows\System32\user32.dll
0x774F0000 \Windows\System32\imagehlp.dll
0x75FE0000 \Windows\System32\wininet.dll
0x75F80000 \Windows\System32\shlwapi.dll
0x75DE0000 \Windows\System32\setupapi.dll
0x75DD0000 \Windows\System32\psapi.dll
0x75DC0000 \Windows\System32\nsi.dll
0x75D10000 \Windows\System32\msvcrt.dll
0x75B10000 \Windows\System32\iertutil.dll
0x75A40000 \Windows\System32\msctf.dll
0x75A30000 \Windows\System32\lpk.dll
0x759A0000 \Windows\System32\clbcatq.dll
0x75980000 \Windows\System32\imm32.dll
0x758E0000 \Windows\System32\usp10.dll
0x75800000 \Windows\System32\kernel32.dll
0x757D0000 \Windows\System32\cfgmgr32.dll
0x757B0000 \Windows\System32\devobj.dll
0x75780000 \Windows\System32\wintrust.dll
0x75660000 \Windows\System32\crypt32.dll
0x75610000 \Windows\System32\KernelBase.dll
0x75580000 \Windows\System32\comctl32.dll
0x75570000 \Windows\System32\msasn1.dll

Processes (total 56):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
444 csrss.exe
496 C:\Windows\System32\wininit.exe
504 csrss.exe
560 C:\Windows\System32\winlogon.exe
600 C:\Windows\System32\services.exe
608 C:\Windows\System32\lsass.exe
616 C:\Windows\System32\lsm.exe
708 C:\Windows\System32\svchost.exe
808 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1404 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1748 C:\Windows\System32\spoolsv.exe
1800 C:\Windows\System32\svchost.exe
1896 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1916 C:\Program Files\Bonjour\mDNSResponder.exe
1944 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2008 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
332 C:\Windows\System32\svchost.exe
488 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
1360 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2104 C:\Windows\System32\taskhost.exe
2368 C:\Windows\System32\dwm.exe
2380 C:\Windows\explorer.exe
2432 C:\Windows\System32\SearchIndexer.exe
2824 C:\Windows\System32\rundll32.exe
2912 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2920 C:\Windows\System32\svchost.exe
2976 C:\Windows\System32\igfxtray.exe
2984 C:\Windows\System32\hkcmd.exe
3004 C:\Windows\System32\igfxpers.exe
3064 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3156 C:\Windows\System32\igfxsrvc.exe
3208 C:\Program Files\iTunes\iTunesHelper.exe
3216 C:\Windows\WindowsMobile\wmdc.exe
3236 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3268 C:\Program Files\Windows Sidebar\sidebar.exe
3440 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3564 C:\Windows\System32\svchost.exe
3896 C:\Program Files\iPod\bin\iPodService.exe
1048 C:\Program Files\Internet Explorer\iexplore.exe
2128 C:\Program Files\Internet Explorer\iexplore.exe
3512 C:\Windows\System32\svchost.exe
1656 C:\Windows\System32\LogonUI.exe
3812 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
4564 <unknown>
4440 C:\Windows\System32\notepad.exe
4904 C:\Windows\System32\audiodg.exe
3120 F:\MBRCheck.exe
4712 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000002f`f8800000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVT-00A23T0, Rev: 01.01A01
PhysicalDrive1 Model Number: WD3200BEK External, Rev: 1.75

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1AB28188E6CBD4C538301102EB706F01356B1CC5
298 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 21 February 2011 - 02:57 PM

OK, please tell me a bit more about the errors you are getting. What is the exact error message(s)? Nothing is too apparent from the logs, but we'll dig in. You do have an unknown MBR, but that's different from an infected MBR. We'll look at it in a bit, but first I need to understand a bit more about the errors.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 lavellej

lavellej
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 22 February 2011 - 05:19 PM

ok the initial problem was that you tube showed a black screen with no options to play etc. I then tried to update flashplayer butnothing would actually happen after i clcik on install (after an unknown publisher message (not valid digital signature) which i could click through). There is always an exclamation error message on each web page i view.
So then i started getting frequent script errors on several pages where the content is all mixed up, and when i try and open hotmail messeges nothing happens?!
suspecting some virus i tried to download mbam (again after getting digital signature message) I first got an 'out of mmemory' error message then when it tried again i got 'the setup files are corrupted. please obtain a new copy of the programme'. I did eventually manage to download to an external drive and run, but did get a message 'the current version of this database is not supported' (along those lines). So having run several anti virus programmes it may the case that i am not infected at all, but that still doesnt help the fact that i cant watch youtube or open hotmail? both of which i could previously
many thanks

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 22 February 2011 - 06:41 PM

Hello, lavellej.

Ok, very helpful. Even if it turns out not to be a virus, I'll still help you fix it if I'm able, or refer you to someone more knowledgable in whatever it turns out to be. We won't leave you, we'll help you fix this.

Given the issues, let's go ahead and run Combofix. We'll also run MBAM again as the definitions are pretty old...the current database is version 5844 and the scan above was version 5363. Lots of updates have occured in those 500 updates. Malware could be blocking you, but let's confirm.


Step 1

Launch MBAM as before.
Click on the Update tab.
Click Check for updates.
If an update is found, let it update, confirm it's at least version 5800 or higher.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

Then, perform a quick scan and post the log here.



Step 2



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 lavellej

lavellej
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 23 February 2011 - 02:48 PM

many thanks for your help
running mbam it says i have the latest version when i try and update even though its only version 5750. trying the link from your email i get an 'unable to download mbam-rules from data.mbamupdates.com unable to open this internet site. the requested site is either unavailable or cannot be found.
so 5750 log below and comboxfix below that regards
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5750

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23/02/2011 20:03:51
mbam-log-2011-02-23 (20-03-51).txt

Scan type: Quick scan
Objects scanned: 146339
Time elapsed: 6 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ComboFix 11-02-22.04 - lave 23/02/2011 20:13:18.3.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.353.1033.18.1014.264 [GMT 1:00]
Running from: F:\ComboFix4.exe
AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 )))))))))))))))))))))))))))))))
.

2011-02-23 19:34 . 2011-02-23 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-23 18:43 . 2011-02-23 18:43 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-02-23 18:43 . 2011-02-23 18:43 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-02-23 18:43 . 2011-02-23 18:43 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-02-23 18:43 . 2011-02-23 18:43 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-02-23 18:43 . 2011-02-23 18:43 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-02-23 18:43 . 2011-02-23 18:43 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-02-23 18:43 . 2011-02-23 18:43 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-02-23 18:43 . 2011-02-23 18:43 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-02-23 18:43 . 2011-02-23 18:43 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-02-23 18:43 . 2011-02-23 18:43 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-02-23 18:43 . 2011-02-23 18:43 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-02-23 18:43 . 2011-02-23 18:43 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-02-23 18:42 . 2011-02-23 18:42 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-02-23 18:42 . 2011-02-23 18:42 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-02-23 18:42 . 2011-02-23 18:42 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-02-23 18:42 . 2011-02-23 18:42 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-02-23 18:42 . 2011-02-23 18:42 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-02-23 18:40 . 2011-02-23 18:40 709456 ----a-w- c:\windows\isRS-000.tmp
2011-02-18 19:35 . 2011-02-23 19:34 -------- d-----w- c:\users\lave\AppData\Local\temp
2011-02-14 20:43 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-14 20:43 . 2011-02-23 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-14 20:43 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-13 19:07 . 2011-02-13 19:07 181608 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10137.bin
2011-02-12 14:54 . 2011-01-05 05:37 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-09 19:13 . 2011-01-07 07:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-09 19:13 . 2011-01-07 05:33 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 19:12 . 2011-01-05 03:37 2329088 ----a-w- c:\windows\system32\win32k.sys
2011-02-08 21:31 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-08 21:31 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2011-02-08 21:31 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-08 21:31 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-05 17:43 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-05 17:43 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-05 17:43 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-05 17:43 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-05 17:43 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-05 17:41 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-05 17:41 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-05 17:41 . 2011-02-05 17:41 -------- d-----w- c:\programdata\Alwil Software
2011-02-05 17:41 . 2011-02-05 17:41 -------- d-----w- c:\program files\Alwil Software
2011-02-05 11:14 . 2011-02-05 11:17 -------- d-----w- C:\MGTools
2011-02-01 18:57 . 2010-11-09 12:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-01-31 18:38 . 2011-01-31 18:38 -------- d-----w- c:\users\lave\AppData\Roaming\SUPERAntiSpyware.com
2011-01-31 18:38 . 2011-01-31 18:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-01-31 18:38 . 2011-02-11 18:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-31 18:32 . 2011-01-31 18:32 -------- d-----w- c:\program files\CCleaner
2011-01-31 18:31 . 2011-01-31 18:31 -------- d-----w- c:\users\lave\AppData\Roaming\Malwarebytes
2011-01-31 18:31 . 2011-01-31 18:31 -------- d-----w- c:\programdata\Malwarebytes
2011-01-31 18:31 . 2011-02-11 19:54 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-01-30 13:02 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-01-30 13:02 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-30 13:02 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-30 10:43 . 2011-02-01 21:12 -------- d-----w- C:\VIPRERESCUE
2011-01-26 06:19 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{384CD7F1-4B10-4B55-9D6E-D8CBCA4BD8A7}\mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-16 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-22 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-22 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-25 8120864]
"UpdateYouPaintShortCut"="c:\program files\CyberLink\YouPaint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-16 135664]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2v.sys [2008-09-29 449536]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-09 98392]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ACPIService;ATK0100 ACPI SERVICE;c:\windows\system32\DRIVERS\ATKACPI.SYS [2009-06-09 16456]
S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2009-11-10 42496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-19 996896]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-16 17:18]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-16 17:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/webhp?sourceid=navclient&ie=UTF-8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {B1C24548-0B9B-4D1F-9C86-3291F244DF1A} = 208.67.222.222,208.67.220.220
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2712)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\Spybot - Search & Destroy\SDHelper.dll
c:\program files\WIDCOMM\Bluetooth Software\BtwNamespaceExt.dll
c:\program files\WIDCOMM\Bluetooth Software\BtwNeLib.dll
c:\program files\WIDCOMM\Bluetooth Software\btwapi.dll
c:\program files\WIDCOMM\Bluetooth Software\btosif.dll
c:\program files\WIDCOMM\Bluetooth Software\btwpimif.dll
.
Completion time: 2011-02-23 20:42:14
ComboFix-quarantined-files.txt 2011-02-23 19:42
ComboFix2.txt 2011-02-18 19:35
ComboFix3.txt 2011-01-31 18:50

Pre-Run: 163,954,966,528 bytes free
Post-Run: 163,927,121,920 bytes free

- - End Of File - - 22445CE93BED573B8094DF6AAD9F431D

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 23 February 2011 - 06:57 PM

Please save Combofix to your desktop as instructed above, (This was run from your F:\ partition) and run combofix as before. There is an important section missing that may be due to it not running on your primary partition. Please post the resulting log here as before.

Do you have other computers connected to the network? How are they running? Can you download the MBAM file from them? Being unable to download the file definitely suggests a virus if you cant get to other sites, but it could also be an infected router.

Thanks!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 lavellej

lavellej
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 24 February 2011 - 01:44 PM

sorry about that - now run from desktop

i tried another computer and yes the same problems in term of script errors, unable to download and run youtube



ComboFix 11-02-22.04 - lave 24/02/2011 7:12.4.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.353.1033.18.1014.421 [GMT 1:00]
Running from: c:\users\lave\Desktop\ComboFix4.exe
AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-24 to 2011-02-24 )))))))))))))))))))))))))))))))
.

2011-02-24 06:27 . 2011-02-24 06:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-23 18:43 . 2011-02-23 18:43 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-02-23 18:43 . 2011-02-23 18:43 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-02-23 18:43 . 2011-02-23 18:43 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-02-23 18:43 . 2011-02-23 18:43 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-02-23 18:43 . 2011-02-23 18:43 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-02-23 18:43 . 2011-02-23 18:43 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-02-23 18:43 . 2011-02-23 18:43 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-02-23 18:43 . 2011-02-23 18:43 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-02-23 18:43 . 2011-02-23 18:43 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-02-23 18:43 . 2011-02-23 18:43 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-02-23 18:43 . 2011-02-23 18:43 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-02-23 18:43 . 2011-02-23 18:43 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-02-23 18:42 . 2011-02-23 18:42 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-02-23 18:42 . 2011-02-23 18:42 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-02-23 18:42 . 2011-02-23 18:42 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-02-23 18:42 . 2011-02-23 18:42 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-02-23 18:42 . 2011-02-23 18:42 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-02-23 18:40 . 2011-02-23 18:40 709456 ----a-w- c:\windows\isRS-000.tmp
2011-02-18 19:35 . 2011-02-24 06:27 -------- d-----w- c:\users\lave\AppData\Local\temp
2011-02-14 20:43 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-14 20:43 . 2011-02-23 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-14 20:43 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-13 19:07 . 2011-02-13 19:07 181608 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10137.bin
2011-02-12 14:54 . 2011-01-05 05:37 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-09 19:13 . 2011-01-07 07:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-09 19:13 . 2011-01-07 05:33 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 19:12 . 2011-01-05 03:37 2329088 ----a-w- c:\windows\system32\win32k.sys
2011-02-08 21:31 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-08 21:31 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll
2011-02-08 21:31 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-08 21:31 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-05 17:43 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-05 17:43 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-05 17:43 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-05 17:43 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-05 17:43 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-05 17:41 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-05 17:41 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-05 17:41 . 2011-02-05 17:41 -------- d-----w- c:\programdata\Alwil Software
2011-02-05 17:41 . 2011-02-05 17:41 -------- d-----w- c:\program files\Alwil Software
2011-02-05 11:14 . 2011-02-05 11:17 -------- d-----w- C:\MGTools
2011-02-01 18:57 . 2010-11-09 12:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-01-31 18:38 . 2011-01-31 18:38 -------- d-----w- c:\users\lave\AppData\Roaming\SUPERAntiSpyware.com
2011-01-31 18:38 . 2011-01-31 18:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-01-31 18:38 . 2011-02-11 18:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-31 18:32 . 2011-01-31 18:32 -------- d-----w- c:\program files\CCleaner
2011-01-31 18:31 . 2011-01-31 18:31 -------- d-----w- c:\users\lave\AppData\Roaming\Malwarebytes
2011-01-31 18:31 . 2011-01-31 18:31 -------- d-----w- c:\programdata\Malwarebytes
2011-01-31 18:31 . 2011-02-11 19:54 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-01-30 13:02 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-01-30 13:02 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-30 13:02 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-30 10:43 . 2011-02-01 21:12 -------- d-----w- C:\VIPRERESCUE
2011-01-26 06:19 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{384CD7F1-4B10-4B55-9D6E-D8CBCA4BD8A7}\mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-16 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-22 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-22 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-25 8120864]
"UpdateYouPaintShortCut"="c:\program files\CyberLink\YouPaint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-16 135664]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2v.sys [2008-09-29 449536]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-09 98392]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ACPIService;ATK0100 ACPI SERVICE;c:\windows\system32\DRIVERS\ATKACPI.SYS [2009-06-09 16456]
S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2009-11-10 42496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-19 996896]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-16 17:18]

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-16 17:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/webhp?sourceid=navclient&ie=UTF-8
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {B1C24548-0B9B-4D1F-9C86-3291F244DF1A} = 208.67.222.222,208.67.220.220
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2656)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2011-02-24 07:32:03
ComboFix-quarantined-files.txt 2011-02-24 06:32
ComboFix2.txt 2011-02-23 19:42
ComboFix3.txt 2011-02-18 19:35
ComboFix4.txt 2011-01-31 18:50

Pre-Run: 164,181,590,016 bytes free
Post-Run: 164,132,487,168 bytes free

- - End Of File - - 7CB62F3E3A641D95008CDA0D9780215F

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 24 February 2011 - 06:25 PM

Hello, lavellej.

OK, that is interesting. If you have multiple computers infected, that either means they're both infected...or that your network router is infected. Let's check that quickly. Thanks also for running CF again.

To check if it's a router infection is fairly easly. Please connect your computer using a WIRED connection to the DSL/cable modem (this assumes you have two boxes...a modem and a router). If you plug directly into the modem, do you still have these issues or are they resolved?



etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 lavellej

lavellej
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 26 February 2011 - 05:27 AM

OK i plugged in via the wire with mixed results. Youtube would start playing a video but freeze within seconds. I got a new error message when trying to download MBAM C:\Users\lave\appdata\local\microsoft\windows\temporary internet files\content.ie5\vzusbd8m\mbam-setup-1.50.1.1100(2).exe is not a valid win32 application
On the plus side i could access hotmail messgages but the speed of opening web pages was extremely slow

many thanks

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 26 February 2011 - 11:13 AM

Hello, lavellej.

OK, that's good and bad. Let's look at your MBR. Do you have a flash drive we can use? I'd like to do this outside of Windows to fully bypass the virus.



etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 lavellej

lavellej
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 26 February 2011 - 04:48 PM

hi yes i have an external hard drive and a usb stick if thats what you mean




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users