Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

It all started with redirect virus....


  • Please log in to reply
18 replies to this topic

#1 aimeeme-t

aimeeme-t

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 16 July 2011 - 04:19 PM

Hi all,

I wish I found this site weeks ago then maybe I could have sorted this on the first try!

Right here's the problem....Originally I didn't have an av programme so when this XP Cleaner screen popped up I assumed it was to do with that, I downloaded AVG free and I think that got rid of enough to begin with. Then other files kept popping up that avg coulding get rid of so I typed them in to a search and came up with solutions with malware bytes and avast. Between those two programmes I think they got rid of most of it. Now I'm left with a slow running comp and avast keeps telling me that its found a suspicious file 'volsnap.exe' do I want to delete or ignore and no mater the option i choose it asks to do a reboot scan, which it does then goes through the cycle again. I tried searching for solutions to this volsnap and the only thing that came up was TDSSKiller and when I search for that I found this forum which sugested not to use it if you don't know what you're doing which clearly I don't!!

Sooo.....HELP!!

Many Thanks in advance!

Aimee

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:43 PM

Posted 16 July 2011 - 04:29 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 aimeeme-t

aimeeme-t
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 18 July 2011 - 02:15 AM

Hi, Thanks ever so much for helping!

I did the security check bit but when notepad opened up it was blank, the black box instructions read 'the system cannot find the path specified'.

Here's the log from the next step though:

MiniToolBox by Farbar
Ran by Steve & Aimee (administrator) on 18-07-2011 at 08:11:07
Microsoft Windows XP Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
127.0.0.1 hl2rcv.adobe.com

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : homepc

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



PPP adapter Cellular Profile:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

Physical Address. . . . . . . . . : 00-53-45-00-00-00

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.49.28.145

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . : 10.49.28.145

DNS Servers . . . . . . . . . . . : 172.30.139.17

172.30.140.69

Primary WINS Server . . . . . . . : 10.11.12.13

Secondary WINS Server . . . . . . : 10.11.12.14

Server: mr0ns01.three.co.uk
Address: 172.30.140.69

Name: google.com
Addresses: 74.125.230.112, 74.125.230.113, 74.125.230.114, 74.125.230.115
74.125.230.116



Pinging google.com [74.125.230.145] with 32 bytes of data:



Reply from 74.125.230.145: bytes=32 time=313ms TTL=58

Reply from 74.125.230.145: bytes=32 time=266ms TTL=58



Ping statistics for 74.125.230.145:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 266ms, Maximum = 313ms, Average = 289ms

Server: mr0ns01.three.co.uk
Address: 172.30.140.69

Name: yahoo.com
Addresses: 67.195.160.76, 69.147.125.65, 72.30.2.43, 98.137.149.56
209.191.122.70



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=452ms TTL=48

Reply from 98.137.149.56: bytes=32 time=429ms TTL=48



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 429ms, Maximum = 452ms, Average = 440ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x20003 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.49.28.145 10.49.28.145 1
10.49.28.145 255.255.255.255 127.0.0.1 127.0.0.1 50
10.255.255.255 255.255.255.255 10.49.28.145 10.49.28.145 50
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.49.28.145 10.49.28.145 1
255.255.255.255 255.255.255.255 10.49.28.145 10.49.28.145 1
Default Gateway: 10.49.28.145
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/16/2011 03:56:00 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x00c425f4.
Processing media-specific event for [explorer.exe!ws!]

Error: (07/11/2011 07:15:05 AM) (Source: ESENT) (User: )
Description: svchost (1080) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/11/2011 07:15:04 AM) (Source: ESENT) (User: )
Description: svchost (1080) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/11/2011 07:15:03 AM) (Source: ESENT) (User: )
Description: svchost (1080) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/11/2011 07:15:01 AM) (Source: ESENT) (User: )
Description: svchost (1080) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/11/2011 07:15:00 AM) (Source: ESENT) (User: )
Description: svchost (1080) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/11/2011 07:14:55 AM) (Source: ESENT) (User: )
Description: svchost (1080) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/11/2011 07:14:54 AM) (Source: ESENT) (User: )
Description: svchost (1080) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/11/2011 07:14:52 AM) (Source: ESENT) (User: )
Description: svchost (1080) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/07/2011 05:17:57 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


System errors:
=============
Error: (07/18/2011 07:59:17 AM) (Source: DCOM) (User: Steve & Aimee)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (07/17/2011 10:59:45 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8007054f: Security Update for Windows XP (KB890859).

Error: (07/17/2011 10:59:43 PM) (Source: NtServicePack) (User: SYSTEM)
Description: Windows XP KB890859 installation failed.
An internal error occurred.

Error: (07/17/2011 10:55:15 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8007054f: Security Update for Windows XP (KB890859).

Error: (07/17/2011 10:55:14 AM) (Source: NtServicePack) (User: SYSTEM)
Description: Windows XP KB890859 installation failed.
An internal error occurred.

Error: (07/17/2011 09:28:21 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8007054f: Security Update for Windows XP (KB890859).

Error: (07/17/2011 09:28:20 AM) (Source: NtServicePack) (User: SYSTEM)
Description: Windows XP KB890859 installation failed.
An internal error occurred.

Error: (07/17/2011 07:44:20 AM) (Source: DCOM) (User: Steve & Aimee)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (07/16/2011 10:32:27 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8007054f: Security Update for Windows XP (KB890859).

Error: (07/16/2011 10:32:26 PM) (Source: NtServicePack) (User: SYSTEM)
Description: Windows XP KB890859 installation failed.
An internal error occurred.


Microsoft Office Sessions:
=========================
Error: (06/13/2011 09:16:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/13/2011 09:16:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/06/2011 08:29:45 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/04/2011 10:22:56 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 36 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/04/2011 10:44:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/28/2011 11:28:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/28/2011 11:27:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/24/2011 11:13:17 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/20/2011 08:24:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22 seconds with 0 seconds of active time. This session ended with a crash.


========================= Memory info: ===================================

Percentage of memory in use: 80%
Total physical RAM: 510 MB
Available physical RAM: 101.85 MB
Total Pagefile: 1248.89 MB
Available Pagefile: 904.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1996.11 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:38.25 GB) (Free:12.78 GB) NTFS
4 Drive e: (O2 USB Modem) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\HOMEPC

Administrator Guest HelpAssistant
Steve & Aimee SUPPORT_388945a0


== End of log ==


I'll do the next step now and post again when I'm done.

Thanks again!

#4 aimeeme-t

aimeeme-t
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 18 July 2011 - 02:54 AM

Hi again,

This is the log from malwarebytes:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7114

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

7/18/2011 08:52:17
mbam-log-2011-07-18 (08-52-16).txt

Scan type: Quick scan
Objects scanned: 172571
Time elapsed: 31 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{67D14BB0-8A0F-3835-3827-89A4C8CD333B} (Spyware.Passwords.XGen) -> Value: {67D14BB0-8A0F-3835-3827-89A4C8CD333B} -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\steve & aimee\application data\inam\keece.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

I'm going to reboot now and continue with the rest of the steps!

#5 aimeeme-t

aimeeme-t
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 18 July 2011 - 06:46 AM

I'm really hoping you understand all this lot cause I haven't a clue!! lol!

This is the GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-18 12:39:54
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6E040L0 rev.NAR61590
Running: 4e1bf3ym.exe; Driver: C:\DOCUME~1\STEVE&~1\LOCALS~1\Temp\uwtdipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xEEAC8202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xEEB2ED8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xEEAEC6C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xEEACA7F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xEEACA848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xEEACA95E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xEEAEC075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xEEACA746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xEEACA898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xEEACA79A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xEEACA90C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xEEAC8226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xEEAECD87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xEEAED03D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xEEACABE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEEAECBF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEEAECA5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xEEB2EE3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xEEAC7FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xEEAC824A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xEEACAD56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xEEAC8CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xEEACA820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xEEACA870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xEEACA988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xEEAEC3D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xEEACA772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xEEACAA1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xEEACA8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xEEACA7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xEEACAAFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xEEACA936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xEEB2EED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xEEAEC8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xEEAC8BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xEEAEC72A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEEB3710E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xEEAEB6E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xEEAC826E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xEEAC8292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xEEAC804A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xEEAC8186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xEEAECE8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xEEAC8162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xEEAC81AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xEEAC82B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEEB44398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + D9 804E2745 3 Bytes [A7, AC, EE] {CMPSD ; LODSB ; OUT DX, AL }
.text ntoskrnl.exe!_abnormal_termination + DD 804E2749 3 Bytes [A8, AC, EE] {TEST AL, 0xac; OUT DX, AL }
.text ntoskrnl.exe!_abnormal_termination + 37C 804E29E8 4 Bytes CALL B93CD8A3
PAGE ntoskrnl.exe!ObInsertObject 80564423 5 Bytes JMP EEB417F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80569FBB 4 Bytes CALL EEAC9335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 805820F6 7 Bytes JMP EEB4439C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A29A4 5 Bytes JMP EEB3FD4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
INITc VolSnap.sys F8563BD0 4 Bytes [36, 9A, 4D, 80]
INITc VolSnap.sys F8563BF8 4 Bytes [8C, 87, 4E, 80]
INITc VolSnap.sys F8563C20 4 Bytes [A0, C1, 4D, 80]
INITc VolSnap.sys F8563C48 4 Bytes [B0, C8, 4D, 80]
INITc VolSnap.sys F8563C70 4 Bytes [09, BF, 4D, 80]
INITc ...
.text win32k.sys!EngFreeUserMem + 674 BF809B45 5 Bytes JMP EEACBCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF80FBC0 5 Bytes JMP EEACBBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 4EF BF8255ED 5 Bytes JMP EEACAF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 1E5F BF8341A1 5 Bytes JMP EEACBE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 237D BF8346BF 5 Bytes JMP EEACBB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 4564 BF8368A6 5 Bytes JMP EEACC014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + EE3F BF841181 5 Bytes JMP EEACAFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + DE42 BF85AD4E 5 Bytes JMP EEACAE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3474 BF87111B 5 Bytes JMP EEACB180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 34FF BF8711A6 5 Bytes JMP EEACB326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 35C1 BF87593B 5 Bytes JMP EEACBBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF894CB8 5 Bytes JMP EEACB2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 3AA1 BF8B6854 5 Bytes JMP EEACBD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 34B7 BF8BA260 5 Bytes JMP EEACAE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 8A22 BF8BF7CB 5 Bytes JMP EEACBF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 3E8 BF8C333C 5 Bytes JMP EEACB03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8EB97D 5 Bytes JMP EEACB0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8EBBFD 5 Bytes JMP EEACB0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F9A43 5 Bytes JMP EEACAD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19C1 BF913245 5 Bytes JMP EEACAEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2595 BF913E19 5 Bytes JMP EEACB008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EF4 BF916778 5 Bytes JMP EEACB440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18EC BF94468A 5 Bytes JMP EEACBECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[412] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[412] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[412] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[412] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[412] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\spoolsv.exe[412] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\spoolsv.exe[412] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\spoolsv.exe[412] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\spoolsv.exe[412] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\spoolsv.exe[412] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\spoolsv.exe[412] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\spoolsv.exe[412] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\spoolsv.exe[412] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[412] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[412] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[412] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[412] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\smss.exe[524] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[572] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[572] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[596] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[596] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[596] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[596] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[596] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\winlogon.exe[596] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\winlogon.exe[596] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\winlogon.exe[596] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\winlogon.exe[596] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\winlogon.exe[596] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\winlogon.exe[596] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\winlogon.exe[596] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\winlogon.exe[596] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[596] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[596] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[596] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[596] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[640] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[640] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[640] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[640] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[640] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\services.exe[640] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\services.exe[640] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\services.exe[640] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\services.exe[640] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\services.exe[640] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\services.exe[640] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\services.exe[640] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\services.exe[640] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\services.exe[640] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\services.exe[640] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\services.exe[640] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\services.exe[640] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\lsass.exe[652] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[652] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[652] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[652] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[652] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\lsass.exe[652] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\lsass.exe[652] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\lsass.exe[652] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\lsass.exe[652] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\lsass.exe[652] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\lsass.exe[652] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\lsass.exe[652] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\lsass.exe[652] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[652] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[652] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[652] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[652] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\HPZipm12.exe[792] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\HPZipm12.exe[792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\HPZipm12.exe[792] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\HPZipm12.exe[792] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\HPZipm12.exe[792] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00371014
.text C:\WINDOWS\system32\HPZipm12.exe[792] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\HPZipm12.exe[792] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\HPZipm12.exe[792] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00370C0C
.text C:\WINDOWS\system32\HPZipm12.exe[792] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00370E10
.text C:\WINDOWS\system32\HPZipm12.exe[792] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\HPZipm12.exe[792] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\HPZipm12.exe[792] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\HPZipm12.exe[792] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\HPZipm12.exe[792] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\HPZipm12.exe[792] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\HPZipm12.exe[792] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\HPZipm12.exe[792] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[808] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[808] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[808] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[808] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[808] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[892] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[892] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[892] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[892] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[892] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[892] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[892] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[932] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[932] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[932] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[932] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[932] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[932] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[956] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[956] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[956] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[956] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[956] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002D1014
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[956] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002D0804
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[956] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002D0A08
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[956] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002D0C0C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[956] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002D0E10
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[956] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002D01F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[956] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002D03FC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[956] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002D0600
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[956] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002E0A08
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[956] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002E0804
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[956] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002E0600
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[956] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002E01F8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[956] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\svchost.exe[980] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[980] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[980] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[980] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[980] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[980] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[980] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[980] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[980] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[980] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[980] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[980] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[980] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[980] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[980] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[980] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1144] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1144] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1256] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1256] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1256] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1256] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1256] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003B1014
.text C:\WINDOWS\Explorer.EXE[1256] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003B0804
.text C:\WINDOWS\Explorer.EXE[1256] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003B0A08
.text C:\WINDOWS\Explorer.EXE[1256] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003B0C0C
.text C:\WINDOWS\Explorer.EXE[1256] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003B0E10
.text C:\WINDOWS\Explorer.EXE[1256] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003B01F8
.text C:\WINDOWS\Explorer.EXE[1256] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003B03FC
.text C:\WINDOWS\Explorer.EXE[1256] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003B0600
.text C:\WINDOWS\Explorer.EXE[1256] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003C0A08
.text C:\WINDOWS\Explorer.EXE[1256] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003C0804
.text C:\WINDOWS\Explorer.EXE[1256] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003C0600
.text C:\WINDOWS\Explorer.EXE[1256] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003C01F8
.text C:\WINDOWS\Explorer.EXE[1256] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003C03FC
.text C:\WINDOWS\System32\hkcmd.exe[1416] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\hkcmd.exe[1416] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\hkcmd.exe[1416] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\hkcmd.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\hkcmd.exe[1416] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00371014
.text C:\WINDOWS\System32\hkcmd.exe[1416] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00370804
.text C:\WINDOWS\System32\hkcmd.exe[1416] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00370A08
.text C:\WINDOWS\System32\hkcmd.exe[1416] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00370C0C
.text C:\WINDOWS\System32\hkcmd.exe[1416] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00370E10
.text C:\WINDOWS\System32\hkcmd.exe[1416] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003701F8
.text C:\WINDOWS\System32\hkcmd.exe[1416] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003703FC
.text C:\WINDOWS\System32\hkcmd.exe[1416] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00370600
.text C:\WINDOWS\System32\hkcmd.exe[1416] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\hkcmd.exe[1416] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\hkcmd.exe[1416] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\hkcmd.exe[1416] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\hkcmd.exe[1416] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00B51014
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00B50804
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00B50A08
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00B50C0C
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00B50E10
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 00B501F8
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 00B503FC
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00B50600
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] USER32.dll!GetSysColor 7E418E78 5 Bytes JMP 004D9A90 C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe (O2 Connection Manager/O2)
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] USER32.dll!GetSysColorBrush 7E418EAB 5 Bytes JMP 004D9B00 C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe (O2 Connection Manager/O2)
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] USER32.dll!SetScrollInfo 7E419056 7 Bytes JMP 004D9980 C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe (O2 Connection Manager/O2)
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00B60A08
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] USER32.dll!GetScrollInfo 7E420DA2 7 Bytes JMP 004D98D0 C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe (O2 Connection Manager/O2)
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00B60804
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] USER32.dll!ShowScrollBar 7E42F2B3 5 Bytes JMP 004D9A50 C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe (O2 Connection Manager/O2)
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] USER32.dll!GetScrollPos 7E42F6C4 5 Bytes JMP 004D9910 C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe (O2 Connection Manager/O2)
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] USER32.dll!SetScrollPos 7E42F710 5 Bytes JMP 004D99C0 C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe (O2 Connection Manager/O2)
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] USER32.dll!GetScrollRange 7E42F747 5 Bytes JMP 004D9940 C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe (O2 Connection Manager/O2)
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] USER32.dll!SetScrollRange 7E42F95B 5 Bytes JMP 004D9A00 C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe (O2 Connection Manager/O2)
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00B60600
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 00B601F8
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 00B603FC
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[1424] USER32.dll!EnableScrollBar 7E467DDD 7 Bytes JMP 004D9890 C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe (O2 Connection Manager/O2)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1432] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1432] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1432] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1432] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1432] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003B0A08
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1432] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003B0804
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1432] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003B0600
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1432] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003B01F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1432] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003B03FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1432] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003C1014
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1432] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003C0804
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1432] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003C0A08
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1432] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003C0C0C
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1432] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003C0E10
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1432] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003C01F8
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1432] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003C03FC
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1432] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003C0600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1568] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1568] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1592] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[1592] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1592] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[1592] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1592] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\ctfmon.exe[1592] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\ctfmon.exe[1592] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\ctfmon.exe[1592] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\ctfmon.exe[1592] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\ctfmon.exe[1592] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\ctfmon.exe[1592] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\ctfmon.exe[1592] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\ctfmon.exe[1592] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[1592] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[1592] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[1592] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[1592] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002C03FC
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1600] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000A01F8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1600] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1600] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000A03FC
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1600] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1600] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00361014
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1600] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00360804
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1600] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00360A08
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1600] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00360C0C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1600] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00360E10
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1600] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003601F8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1600] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003603FC
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1600] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00360600
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1600] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00370A08
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1600] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00370804
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1600] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00370600
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1600] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003701F8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1600] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003703FC
.text C:\Program Files\Messenger\msmsgs.exe[1620] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\Program Files\Messenger\msmsgs.exe[1620] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[1620] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\Program Files\Messenger\msmsgs.exe[1620] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[1620] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002C1014
.text C:\Program Files\Messenger\msmsgs.exe[1620] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002C0804
.text C:\Program Files\Messenger\msmsgs.exe[1620] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002C0A08
.text C:\Program Files\Messenger\msmsgs.exe[1620] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002C0C0C
.text C:\Program Files\Messenger\msmsgs.exe[1620] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002C0E10
.text C:\Program Files\Messenger\msmsgs.exe[1620] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002C01F8
.text C:\Program Files\Messenger\msmsgs.exe[1620] ADVAPI32.dll!CreateServiceW 77E37251 3 Bytes JMP 002C03FC
.text C:\Program Files\Messenger\msmsgs.exe[1620] ADVAPI32.dll!CreateServiceW + 4 77E37255 1 Byte [88]
.text C:\Program Files\Messenger\msmsgs.exe[1620] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002C0600
.text C:\Program Files\Messenger\msmsgs.exe[1620] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002D0A08
.text C:\Program Files\Messenger\msmsgs.exe[1620] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002D0804
.text C:\Program Files\Messenger\msmsgs.exe[1620] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002D0600
.text C:\Program Files\Messenger\msmsgs.exe[1620] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002D01F8
.text C:\Program Files\Messenger\msmsgs.exe[1620] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002D03FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1700] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1700] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1700] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1700] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1700] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00380A08
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1700] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00380804
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1700] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00380600
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1700] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003801F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1700] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003803FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1700] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 008B1014
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1700] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 008B0804
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1700] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 008B0A08
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1700] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 008B0C0C
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1700] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 008B0E10
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1700] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 008B01F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1700] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 008B03FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1700] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 008B0600
.text C:\WINDOWS\System32\svchost.exe[2260] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[2260] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2260] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[2260] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[2260] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\System32\svchost.exe[2260] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\svchost.exe[2260] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\svchost.exe[2260] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\System32\svchost.exe[2260] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\System32\svchost.exe[2260] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\svchost.exe[2260] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\svchost.exe[2260] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\svchost.exe[2260] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[2260] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[2260] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[2260] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[2260] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[2440] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2440] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2440] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2440] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2440] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002A0A08
.text C:\WINDOWS\System32\alg.exe[2440] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002A0804
.text C:\WINDOWS\System32\alg.exe[2440] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002A0600
.text C:\WINDOWS\System32\alg.exe[2440] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002A01F8
.text C:\WINDOWS\System32\alg.exe[2440] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002A03FC
.text C:\WINDOWS\System32\alg.exe[2440] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\alg.exe[2440] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[2440] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[2440] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\alg.exe[2440] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\alg.exe[2440] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[2440] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[2440] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wscntfy.exe[2576] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[2576] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2956] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[2956] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2956] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[2956] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[2956] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\wuauclt.exe[2956] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wuauclt.exe[2956] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wuauclt.exe[2956] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\wuauclt.exe[2956] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\wuauclt.exe[2956] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wuauclt.exe[2956] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wuauclt.exe[2956] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wuauclt.exe[2956] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wuauclt.exe[2956] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wuauclt.exe[2956] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wuauclt.exe[2956] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wuauclt.exe[2956] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 002C03FC
.text C:\Documents and Settings\Steve & Aimee\Desktop\4e1bf3ym.exe[3168] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Documents and Settings\Steve & Aimee\Desktop\4e1bf3ym.exe[3168] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3476] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000A01F8
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3476] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3476] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000A03FC
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3476] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3476] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00451014
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3476] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00450804
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3476] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00450A08
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3476] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00450C0C
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3476] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00450E10
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3476] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 004501F8
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3476] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 004503FC
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3476] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00450600
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3476] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 00460A08
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3476] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00460804
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3476] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00460600
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3476] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 004601F8
.text C:\Program Files\Windows Live\Toolbar\wltuser.exe[3476] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 004603FC
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003E1014
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003E0804
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003E0A08
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003E0C0C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003E0E10
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003E01F8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003E03FC
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003E0600
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 003F0A08
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 003F0804
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003F0600
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003F01F8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003F03FC
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] WININET.dll!HttpAddRequestHeadersA 3D94CF46 5 Bytes JMP 00B76811
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B76A1C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00CF000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00BA000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] WS2_32.dll!send 71AB428A 5 Bytes JMP 00CD000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 00CE000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0059000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3656] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00BB000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003E1014
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003E0804
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003E0A08
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003E0C0C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003E0E10
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003E01F8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003E03FC
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003E0600
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 003F0600
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 003F01F8
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 003F03FC
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] WININET.dll!HttpAddRequestHeadersA 3D94CF46 5 Bytes JMP 00B76811
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B76A1C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00D0000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00BB000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] WS2_32.dll!send 71AB428A 5 Bytes JMP 00CE000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 00CF000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00BA000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00CD000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[640] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00660002
IAT C:\WINDOWS\system32\services.exe[640] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00660000
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3752] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat EC536C8A

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Threads - GMER 1.0.15 ----

Thread System [4:200] 822F4E7A
Thread System [4:204] 822F7008

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Steve & Aimee\Local Settings\Temporary Internet Files\Content.IE5\IIF7B1SV\bullet[2] 0 bytes
File C:\Documents and Settings\Steve & Aimee\Local Settings\Temporary Internet Files\Content.IE5\LIV4FUQQ\httpErrorPagesScripts[1] 8601 bytes

---- EOF - GMER 1.0.15 ----


Thanks ever so much for your help, I look forward to your response! I'm keen to know what you understand from all this!! :-)

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:43 PM

Posted 18 July 2011 - 11:18 AM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 aimeeme-t

aimeeme-t
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 26 July 2011 - 01:51 AM

Sorry for the delay I've been on holiday for the last week. I've just downloaded tdsskiller and will post back the log once complete.

Thanks!

#8 aimeeme-t

aimeeme-t
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 26 July 2011 - 02:10 AM

Right here's the log from TDSSkiller:

2011/07/26 07:53:28.0984 4092 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/26 07:53:30.0296 4092 ================================================================================
2011/07/26 07:53:30.0296 4092 SystemInfo:
2011/07/26 07:53:30.0296 4092
2011/07/26 07:53:30.0296 4092 OS Version: 5.1.2600 ServicePack: 2.0
2011/07/26 07:53:30.0296 4092 Product type: Workstation
2011/07/26 07:53:30.0296 4092 ComputerName: HOMEPC
2011/07/26 07:53:30.0296 4092 UserName: Steve & Aimee
2011/07/26 07:53:30.0296 4092 Windows directory: C:\WINDOWS
2011/07/26 07:53:30.0296 4092 System windows directory: C:\WINDOWS
2011/07/26 07:53:30.0296 4092 Processor architecture: Intel x86
2011/07/26 07:53:30.0296 4092 Number of processors: 1
2011/07/26 07:53:30.0296 4092 Page size: 0x1000
2011/07/26 07:53:30.0296 4092 Boot type: Normal boot
2011/07/26 07:53:30.0296 4092 ================================================================================
2011/07/26 07:53:32.0656 4092 Initialize success
2011/07/26 07:53:41.0296 0720 ================================================================================
2011/07/26 07:53:41.0296 0720 Scan started
2011/07/26 07:53:41.0296 0720 Mode: Manual;
2011/07/26 07:53:41.0296 0720 ================================================================================
2011/07/26 07:53:41.0968 0720 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/07/26 07:53:42.0812 0720 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/26 07:53:43.0171 0720 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/26 07:53:44.0000 0720 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/07/26 07:53:44.0406 0720 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/07/26 07:53:46.0718 0720 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/07/26 07:53:47.0078 0720 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/07/26 07:53:47.0421 0720 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/07/26 07:53:47.0906 0720 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/07/26 07:53:48.0453 0720 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/07/26 07:53:48.0875 0720 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/07/26 07:53:49.0218 0720 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/26 07:53:49.0562 0720 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/26 07:53:50.0140 0720 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/26 07:53:50.0484 0720 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/26 07:53:50.0796 0720 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/26 07:53:51.0109 0720 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/26 07:53:51.0656 0720 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/26 07:53:51.0968 0720 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/26 07:53:52.0296 0720 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/26 07:53:53.0968 0720 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/26 07:53:54.0593 0720 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/26 07:53:55.0359 0720 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/26 07:53:55.0734 0720 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/26 07:53:56.0093 0720 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/26 07:53:56.0687 0720 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/26 07:53:57.0109 0720 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/26 07:53:57.0484 0720 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/26 07:53:57.0812 0720 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/26 07:53:58.0156 0720 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/26 07:53:58.0531 0720 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/26 07:53:58.0906 0720 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/07/26 07:53:59.0203 0720 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/26 07:53:59.0484 0720 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/26 07:53:59.0781 0720 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/26 07:54:00.0375 0720 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/07/26 07:54:00.0687 0720 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/07/26 07:54:01.0031 0720 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/07/26 07:54:01.0500 0720 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/26 07:54:01.0937 0720 hwdatacard (53f1160666435151b6fcf89d015fe620) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/07/26 07:54:02.0828 0720 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/26 07:54:03.0453 0720 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/26 07:54:04.0078 0720 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/26 07:54:04.0671 0720 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/26 07:54:04.0984 0720 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/26 07:54:05.0437 0720 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/26 07:54:05.0765 0720 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/26 07:54:06.0156 0720 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/26 07:54:06.0546 0720 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/26 07:54:06.0859 0720 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/26 07:54:07.0171 0720 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/26 07:54:07.0500 0720 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/26 07:54:07.0890 0720 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/26 07:54:08.0296 0720 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/26 07:54:08.0921 0720 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/07/26 07:54:09.0296 0720 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/26 07:54:09.0625 0720 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/26 07:54:09.0953 0720 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/26 07:54:10.0281 0720 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/26 07:54:10.0921 0720 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/26 07:54:11.0453 0720 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/26 07:54:11.0937 0720 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/26 07:54:12.0265 0720 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/26 07:54:12.0578 0720 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/26 07:54:12.0906 0720 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/26 07:54:13.0218 0720 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/26 07:54:13.0562 0720 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/26 07:54:13.0906 0720 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/26 07:54:14.0234 0720 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/26 07:54:14.0531 0720 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/26 07:54:14.0843 0720 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/26 07:54:15.0171 0720 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/26 07:54:15.0484 0720 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/26 07:54:15.0875 0720 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/26 07:54:16.0328 0720 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/26 07:54:16.0843 0720 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/26 07:54:17.0421 0720 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/26 07:54:17.0734 0720 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/26 07:54:18.0062 0720 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/26 07:54:18.0421 0720 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/07/26 07:54:18.0812 0720 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/26 07:54:19.0156 0720 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/26 07:54:19.0500 0720 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/26 07:54:19.0828 0720 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/26 07:54:20.0406 0720 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/07/26 07:54:20.0750 0720 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/26 07:54:22.0656 0720 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/26 07:54:22.0953 0720 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/26 07:54:23.0265 0720 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/26 07:54:23.0593 0720 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/26 07:54:25.0031 0720 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/26 07:54:25.0359 0720 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/26 07:54:25.0734 0720 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/26 07:54:26.0062 0720 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/26 07:54:26.0421 0720 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/26 07:54:26.0781 0720 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/26 07:54:27.0156 0720 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/26 07:54:27.0546 0720 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/26 07:54:28.0343 0720 SDTHelper (22e7af3fd13c98b34d1ba0e320c830f4) C:\Documents and Settings\Steve & Aimee\Local Settings\Temporary Internet Files\Content.IE5\VDK4WBP2\radix_installer_trial[1]\sdthlpr.sys
2011/07/26 07:54:28.0687 0720 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/26 07:54:29.0062 0720 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/26 07:54:29.0390 0720 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/26 07:54:29.0765 0720 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/26 07:54:30.0796 0720 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/26 07:54:31.0156 0720 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/26 07:54:31.0609 0720 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/26 07:54:32.0171 0720 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/26 07:54:32.0578 0720 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/26 07:54:34.0187 0720 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/26 07:54:34.0703 0720 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/26 07:54:35.0281 0720 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/26 07:54:35.0609 0720 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/26 07:54:35.0890 0720 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/26 07:54:36.0625 0720 TSWLAN (61b5cae97b96dee31d8b24fb800364b3) C:\WINDOWS\system32\drivers\TsWlan.sys
2011/07/26 07:54:37.0375 0720 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/26 07:54:38.0046 0720 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/26 07:54:38.0671 0720 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/26 07:54:38.0984 0720 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/26 07:54:39.0453 0720 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/26 07:54:39.0796 0720 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/26 07:54:40.0093 0720 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/26 07:54:40.0578 0720 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/26 07:54:40.0859 0720 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/26 07:54:41.0140 0720 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/07/26 07:54:41.0843 0720 VolSnap (e33edbb864a22f7474d2b297e44ee0b6) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/26 07:54:41.0859 0720 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: e33edbb864a22f7474d2b297e44ee0b6, Fake md5: ee4660083deba849ff6c485d944b379b
2011/07/26 07:54:41.0875 0720 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/07/26 07:54:42.0203 0720 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/26 07:54:42.0984 0720 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/26 07:54:43.0234 0720 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/26 07:54:43.0671 0720 Boot (0x1200) (9bbbb2c4fff342bbd264d6e7553161f5) \Device\Harddisk0\DR0\Partition0
2011/07/26 07:54:43.0687 0720 ================================================================================
2011/07/26 07:54:43.0687 0720 Scan finished
2011/07/26 07:54:43.0687 0720 ================================================================================
2011/07/26 07:54:43.0703 1140 Detected object count: 1
2011/07/26 07:54:43.0703 1140 Actual detected object count: 1
2011/07/26 07:54:54.0484 1140 VolSnap (e33edbb864a22f7474d2b297e44ee0b6) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/26 07:54:54.0484 1140 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: e33edbb864a22f7474d2b297e44ee0b6, Fake md5: ee4660083deba849ff6c485d944b379b
2011/07/26 07:55:04.0156 1140 Backup copy found, using it..
2011/07/26 07:55:04.0250 1140 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/07/26 07:55:04.0250 1140 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/07/26 07:55:12.0140 3544 Deinitialize success

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:43 PM

Posted 26 July 2011 - 06:29 PM

Good :)

How is redirection?

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 aimeeme-t

aimeeme-t
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 31 July 2011 - 03:04 PM

Hi again sorry for the slow reply my husbands been on holiday for the last 2 weeks and its impossible to get on the computer when hes around!

Redirection seems to have stopped now and avast has stopped having a fit every 5 secs about volsnap so all seems to be going well!

Heres the report from rotkit unhooker:
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2181376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2181376 bytes
0x804D7000 RAW 2181376 bytes
0x804D7000 WMIxWDM 2181376 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF06B000 C:\WINDOWS\System32\ialmdd5.DLL 905216 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF8215000 C:\WINDOWS\System32\DRIVERS\ialmnt5.sys 806912 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF83CB000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEF355000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0xEF6CE000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF8126000 C:\WINDOWS\System32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xEF852000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEC02A000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xEF3C5000 C:\WINDOWS\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xEBCD1000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF84E9000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF839E000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBF03F000 C:\WINDOWS\System32\ialmdev5.DLL 180224 bytes (Intel Corporation, Component GHAL Driver)
0xEF73D000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEF78A000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF81A7000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF81DE000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xEF768000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xEF6AD000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806EC000 ACPI_HAL 131968 bytes
0x806EC000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF8481000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF84B9000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 126976 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF8383000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xEF2A2000 C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys 102400 bytes (Huawei Technologies Co., Ltd., USB Modem/Serial Device Driver)
0xF84A1000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEBC16000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xEBBAF000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF8458000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF8190000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF81CA000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF8201000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEF8AA000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF846F000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF84D8000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF817F000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEC40A000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8718000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF8748000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF8658000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF8738000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8578000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8708000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8758000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8558000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xEDF02000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))
0xF8778000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8728000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8548000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8768000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8628000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8798000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8688000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 36864 bytes (AVAST Software, avast! TDI Filter Driver)
0xEC672000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF8568000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF86A8000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF86F8000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8538000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF8788000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF86B8000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF86C8000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF88F0000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF88C8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8928000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF8838000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF87B8000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8830000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF8920000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF8940000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF8840000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF8848000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF88B8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF88D0000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF88A8000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF88C0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF87C0000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8858000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8860000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF8850000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8828000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xECB46000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xEC0C8000 C:\WINDOWS\System32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF831B000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEBC3A000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF835F000 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 16384 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF8337000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xEF8C9000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF8948000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEDFBC000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF832F000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8A1C000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8A82000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xED4CF000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8A80000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8A3C000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8A38000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8A84000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8A9E000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8A86000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8A6A000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8A70000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8A3A000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8BD7000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8C34000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8C31000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8B00000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

Thanks

Aimee x

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:43 PM

Posted 31 July 2011 - 03:10 PM

Good news :)

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 aimeeme-t

aimeeme-t
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 16 August 2011 - 07:12 AM

hi there

sorry its been a while again, life just always seems to get in the way of the best laid plans!!

This reports only a short one:

C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\arpot\9a646-dc-0.dat Win32/Olmasco.E trojan unable to clean

Thanks x

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:43 PM

Posted 16 August 2011 - 05:40 PM

See if you can manually delete that file:
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\arpot\9a646-dc-0.dat
You may need to use Safe Mode to do it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 aimeeme-t

aimeeme-t
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 17 August 2011 - 03:28 AM

Deleted that file now, had to do it in safe mode.

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:43 PM

Posted 17 August 2011 - 06:44 PM

Very well :)

Re-run MiniToolbox.

Checkmark following boxes:
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users