Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

[SOLVED] Yet Another Antivira Av Virus :(

This is a discussion on [SOLVED] Yet Another Antivira Av Virus :( within the Resolved HJT Threads forums, part of the Tech Support Forum category. so I've gotten this virus Antivira Av that will pop up and say that I'm under attack... obviously fake. right


 
 
Thread Tools Search this Thread
Old 02-22-2011, 08:10 PM   #1
Registered Member
 
Join Date: Nov 2010
Posts: 33
OS: xp



so I've gotten this virus Antivira Av that will pop up and say that I'm under attack... obviously fake. right now I'm in safe mode as i can't open anything other than the internet without Antivira closing it out.
I couldn't find a save button for the Gmer log, so if necessary i can run it again and try to post it. here's the Dds's.
Thanks for your time.


DDS (Ver_10-11-26.01) - NTFSx86 NETWORK
Run by 3 at 19:37:30.89 on Tue 02/22/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2233 [GMT -8:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\3\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://flylineonline.org/search/index.php?said=dm&q=kitchen+under+counter+tv
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:18810
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1a0aadcd-3a72-4b5f-900f-e3bb5a838e2a} - SWEETIE Class
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [MKeufla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\windows\spoolsv.exe
uRun: [MKerbla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] c:\windows\taskmgr.exe
uRun: [MKerbla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\windows\taskmgr.exe
uRun: [MKerbla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] c:\windows\taskmgr.exe
uRun: [MKeufla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3] c:\windows\spoolsv.exe
uRun: [MKbtala/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\windows\install.exe
uRun: [MKbtala/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\windows\install.exe
uRun: [MKeufla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] c:\windows\spoolsv.exe
uRun: [MKerbla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] c:\windows\taskmgr.exe
uRun: [MKerbla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] c:\windows\taskmgr.exe
uRun: [MKerbla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\windows\taskmgr.exe
uRun: [MKevcla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\windows\setup.exe
uRun: [MKexela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0] c:\windows\system.exe
uRun: [HydraVisionMDEngine] "c:\program files\ati technologies\hydravision\HydraMD.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [flnasonn] c:\docume~1\3\locals~1\temp\pqhxpmtdc\treawvdsika.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MKerbla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] c:\windows\taskmgr.exe
mRun: [MKerbla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\windows\taskmgr.exe
mRun: [MKZScla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0] c:\windows\avp32.exe
mRun: [MKeufla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\windows\spoolsv.exe
mRun: [MKerbla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1] c:\windows\taskmgr.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [MKerbla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\windows\taskmgr.exe
mRun: [MKerbla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1] c:\windows\taskmgr.exe
mRun: [MKeufla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3] c:\windows\spoolsv.exe
mRun: [MKbtala/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\windows\install.exe
mRun: [MKbtala/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\windows\install.exe
mRun: [MKeufla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] c:\windows\spoolsv.exe
mRun: [MKerbla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5] c:\windows\taskmgr.exe
mRun: [MKevcla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\windows\setup.exe
mRun: [MKexela/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0] c:\windows\system.exe
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
dRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\documents and settings\3\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\docume~1\3\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\~\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab50997.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://crucial.com/controls/cpcScanner.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
Hosts: 127.0.0.1 SpywareInfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\3\applic~1\mozilla\firefox\profiles\lr4ibjb2.default\
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-11-30 28552]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-9-26 294608]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-26 17744]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-11 40384]
S2 DTNetService;DTNetService;c:\program files\daemon tools net\dtnetsrv.exe --> c:\program files\daemon tools net\DTNetSrv.exe [?]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 RegMumService;ActivePCOptimizer Service;c:\program files\active pc optimizer\activepcoptimizerservice.exe --> c:\program files\active pc optimizer\ActivePCOptimizerService.exe [?]

=============== Created Last 30 ================

2011-02-19 18:48:29 -------- d-----w- c:\docume~1\3\locals~1\applic~1\WMTools Downloaded Files
2011-02-19 18:45:23 -------- d-----w- c:\docume~1\3\applic~1\MOVAVI
2011-02-19 18:45:01 -------- d-----w- c:\program files\Ask.com
2011-02-19 18:44:51 87392 ----a-r- c:\docume~1\3\applic~1\microsoft\installer\{6e7d931f-a23d-4ad7-a107-fce9b6a47a42}\VideoConverter5_St_10EBE4A00F514DB49EA9B218A1E9D3F5.exe
2011-02-19 18:44:51 87392 ----a-r- c:\docume~1\3\applic~1\microsoft\installer\{6e7d931f-a23d-4ad7-a107-fce9b6a47a42}\NewShortcut4_941FA141AAB14924B185046EE8E1BDD9.exe
2011-02-19 18:44:51 71008 ----a-r- c:\docume~1\3\applic~1\microsoft\installer\{6e7d931f-a23d-4ad7-a107-fce9b6a47a42}\VideoConverter5_St_BF4E5749C8A942ACA48E229C02AC7D3D.exe
2011-02-19 18:44:51 71008 ----a-r- c:\docume~1\3\applic~1\microsoft\installer\{6e7d931f-a23d-4ad7-a107-fce9b6a47a42}\ARPPRODUCTICON.exe
2011-02-19 18:44:51 136544 ----a-r- c:\docume~1\3\applic~1\microsoft\installer\{6e7d931f-a23d-4ad7-a107-fce9b6a47a42}\VideoConverter5_St_4949825D36F8486CAED8D1FA37A2B641.exe
2011-02-19 18:44:05 -------- d-----w- c:\program files\Movavi Video Converter 10
2011-02-19 03:05:17 -------- d-----r- c:\program files\Skype
2011-02-14 23:27:35 -------- d-----w- c:\program files\SwitchVid.com
2011-02-14 21:34:48 -------- d-----w- c:\program files\iRip
2011-02-14 21:28:07 -------- d-----w- c:\docume~1\3\applic~1\BitTorrent
2011-02-14 21:21:11 -------- d-----w- c:\docume~1\3\locals~1\applic~1\The Little App Factory, LLC
2011-02-14 21:13:23 -------- d-----w- c:\docume~1\3\applic~1\BSD
2011-02-14 21:13:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\BSD
2011-02-14 21:13:11 -------- d-----w- c:\program files\common files\BSD
2011-02-14 21:13:09 2219008 ----a-w- c:\windows\bsdsetup.dll
2011-02-14 21:03:14 -------- d-----w- c:\program files\iPod
2011-02-14 21:03:07 -------- d-----w- c:\program files\iTunes
2011-02-14 20:57:10 -------- d-----w- c:\program files\Bonjour
2011-02-14 19:42:49 -------- d-----w- c:\docume~1\3\locals~1\applic~1\SwitchVid
2011-02-01 22:15:51 -------- d-----w- c:\docume~1\3\locals~1\applic~1\Apple

==================== Find3M ====================

2011-01-21 14:44:37 439296 ------w- c:\windows\system32\shimgvw.dll
2011-01-11 22:56:28 0 ----a-w- c:\windows\ativpsrm.bin
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 2036 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 13:10:33 1854976 ------w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 17:26:00 730112 ------w- c:\windows\system32\lsasrv.dll
2010-12-15 02:51:20 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-09 15:15:09 718336 ------w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ------w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ------w- c:\windows\system32\ntkrnlpa.exe
2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 19:39:28.73 ===============
Attached Files
File Type: zip Attach.zip (4.3 KB, 58 views)
chuckles3 is offline  
Sponsored Links
Advertisement
 
Old 02-25-2011, 11:35 AM   #2
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hello and welcome to TSF.
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning. It is ok, just ignore.
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
amateur is offline  
Old 03-01-2011, 07:59 AM   #3
Registered Member
 
Join Date: Nov 2010
Posts: 33
OS: xp



Hello, sorry that I took so long.
For some reason, Antivira stopped popping up.. I'm not exactly sure why though haha :)


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xB9734000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 4734976 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF1F7000 C:\WINDOWS\System32\ati3duag.dll 3284992 bytes (ATI Technologies Inc. , ati3duag.dll)
0xACB39000 C:\WINDOWS\system32\DRIVERS\lvsvf2.sys 2207744 bytes (Logitech Inc., SmoothVision filter)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF519000 C:\WINDOWS\System32\ativvaxx.dll 2056192 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF74BF000 PCI_PNP7236 1142784 bytes
0xF74BF000 sptd.sys 1142784 bytes
0xB95A6000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xACD54000 C:\WINDOWS\system32\DRIVERS\LV302AV.SYS 913408 bytes (Logitech Inc., Logitech QuickCam Driver)
0xB93AC000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xB94FF000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xBF0FE000 C:\WINDOWS\System32\atikvmag.dll 626688 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xBF068000 C:\WINDOWS\System32\ati2cqag.dll 614400 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBA69C000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB925B000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xACF92000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBF197000 C:\WINDOWS\System32\atiok3x2.dll 393216 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xB92D6000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAD0C5000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA9BD8000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 352256 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xACF4B000 C:\WINDOWS\System32\Drivers\aswSP.SYS 290816 bytes (AVAST Software, avast! self protection module)
0xBF70F000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA9DE8000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB9483000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xB96C8000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xF7479000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA9E51000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xBA66F000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAD002000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB94D7000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 163840 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0xAD04F000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAD077000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB945F000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB96FC000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB96A5000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAD02D000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xBA7E0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7868000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xBA655000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7850000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF74A7000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xAA5C9000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xBA729000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9395000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAA064000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB94C3000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9720000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAD11E000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7468000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9384000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB9203000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7697000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF76E7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76B7000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAA489000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB91E3000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xBA760000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7637000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7428000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xF7687000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7418000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB91F3000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA7A0000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF7887000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7657000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xB9CA8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF76C7000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7438000 C:\WINDOWS\system32\drivers\lvusbsta.sys 45056 bytes (Logitech Inc., USB Statistic Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7408000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB9CD8000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA790000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xA9D30000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xBA7C0000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA7B0000 C:\WINDOWS\system32\DRIVERS\zumbus.sys 40960 bytes (Microsoft Corporation, Zune User-Mode Bus Enumerator)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7677000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA7D0000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB9CB8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA969D000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7647000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB9CC8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF774F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF77C7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF77EF000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF781F000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF775F000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7797000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7807000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF7767000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB934C000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF778F000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF773F000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF776F000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7777000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7717000 pavboot.sys 24576 bytes (Panda Security, S.L., Panda Boot Driver)
0xF7817000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF779F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB936C000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF7757000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF77AF000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF77CF000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF77DF000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF77BF000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xACEE3000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAD0C1000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xBA5A8000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA5FD000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA619000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xAA900000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB9233000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA9E86000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xBA5BC000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA611000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5E9000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7995000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7991000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF798B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79D7000 C:\WINDOWS\system32\DRIVERS\lv302af.sys 8192 bytes (Logitech Inc., Audio filter for Express Plus)
0xF7999000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79FD000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF799D000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79ED000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A05000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7AAC000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB9F5D000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A5B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8AA951F8 unknown_irp_handler 3592 bytes
0x8AAC61F8 unknown_irp_handler 3592 bytes
0x8A849430 unknown_irp_handler 3024 bytes
0x8A7A8430 unknown_irp_handler 3024 bytes
0x8A828430 unknown_irp_handler 3024 bytes
0x8A7A4430 unknown_irp_handler 3024 bytes
0x8A7A6430 unknown_irp_handler 3024 bytes
0x8A877430 unknown_irp_handler 3024 bytes
0x8A862430 unknown_irp_handler 3024 bytes
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [bthpan.sys]
WARNING: Virus alike driver modification [sffp_mmc.sys]
0x00D30000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x89F62618 ] PID: 156, 102400 bytes
0x05390000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 102400 bytes
0x069E0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 102400 bytes
0x07920000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 102400 bytes
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
0x00CE0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x89F1F610 ] PID: 1872, 118784 bytes
0x03880000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x89F62618 ] PID: 156, 118784 bytes
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [usbvideo.sys]
0x074A0000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 1224704 bytes
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [mutohpen.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [usb8023x.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
0x04950000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 143360 bytes
WARNING: Virus alike driver modification [hdaudbus.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [usbintel.sys]
0x077E0000 Hidden Image-->CLI.Aspect.Grid.HydraVision.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 159744 bytes
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [bthenum.sys]
0x06D50000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 1740800 bytes
0x07810000 Hidden Image-->CLI.Aspect.DeskMan.HydraVision.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 176128 bytes
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [bthusb.sys]
WARNING: Virus alike driver modification [hidir.sys]
WARNING: Virus alike driver modification [rdpdr.sys]
WARNING: Virus alike driver modification [rmcast.sys]
0x06630000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 208896 bytes
WARNING: Virus alike driver modification [avgntmgr.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
0x06AC0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 217088 bytes
WARNING: Virus alike driver modification [LVSVF2.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [PnkBstrK.sys]
0x07840000 Hidden Image-->CLI.Aspect.MDProp.HydraVision.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 225280 bytes
WARNING: Virus alike driver modification [pciidex.sys]
0x07880000 Hidden Image-->CLI.Aspect.MultiDesk.HydraVision.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 249856 bytes
0x07DF0000 Hidden Image-->CLI.Aspect.SmartGart.Graphics.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 249856 bytes
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [hidbth.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [bthport.sys]
0x078D0000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 282624 bytes
0x00EB0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x89F1F610 ] PID: 1872, 28672 bytes
0x010D0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x89F1F610 ] PID: 1872, 28672 bytes
0x04010000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x00D20000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x00D50000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x03A20000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x03E90000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x03FE0000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x03EC0000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x04130000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x04140000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x04A90000 Hidden Image-->CLI.Aspect.Grid.HydraVision.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x04940000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x04930000 Hidden Image-->CLI.Caste.HydraVision.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x04990000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x049C0000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x04A20000 Hidden Image-->ResourceManagement.Foundation.Private.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x04A60000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x04AA0000 Hidden Image-->AEM.Plugin.REG.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x04AF0000 Hidden Image-->CLI.Aspect.MDProp.HydraVision.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x04B30000 Hidden Image-->CLI.Aspect.MultiDesk.HydraVision.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x04EF0000 Hidden Image-->DEM.Graphics.I0906.dll [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x05090000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x04F40000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x04FA0000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x04FB0000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x04FD0000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x05010000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x05050000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x050D0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x05120000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x05230000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x05370000 Hidden Image-->DEM.Graphics.I0703.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x052E0000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x052B0000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x05430000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x05730000 Hidden Image-->CLI.Caste.HydraVision.Wizard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x065D0000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x06600000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x06840000 Hidden Image-->Branding.dll [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x06830000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x06A90000 Hidden Image-->atixclib.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
0x077D0000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 28672 bytes
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [rndismpx.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
0x010F0000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x89F1F610 ] PID: 1872, 307200 bytes
0x00D90000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x89F62618 ] PID: 156, 307200 bytes
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [klim5.sys]
0x06C90000 Hidden Image-->CLI.Aspect.HydraVision.Wizard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 323584 bytes
WARNING: Virus alike driver modification [ati2mtaa.sys]
0x07CE0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 339968 bytes
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [bthprint.sys]
WARNING: Virus alike driver modification [crusoe.sys]
0x039C0000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x89F1F610 ] PID: 1872, 36864 bytes
0x038E0000 Hidden Image-->AxInterop.WBOCXLib.DLL [ EPROCESS 0x89F62618 ] PID: 156, 36864 bytes
0x038C0000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x89F62618 ] PID: 156, 36864 bytes
0x03AB0000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x89F62618 ] PID: 156, 36864 bytes
0x03C90000 Hidden Image-->Interop.WBOCXLib.DLL [ EPROCESS 0x89F62618 ] PID: 156, 36864 bytes
0x04910000 Hidden Image-->CLI.Caste.HydraVision.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 36864 bytes
0x04AD0000 Hidden Image-->CLI.Aspect.DeskMan.HydraVision.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 36864 bytes
0x05030000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 36864 bytes
0x05180000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 36864 bytes
0x05160000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 36864 bytes
0x051C0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 36864 bytes
0x05220000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 36864 bytes
0x052C0000 Hidden Image-->CLI.Aspect.SmartGart.Graphics.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 36864 bytes
0x05440000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x89F62618 ] PID: 156, 36864 bytes
0x05770000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 36864 bytes
WARNING: Virus alike driver modification [hidclass.sys]
0x04B50000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 372736 bytes
0x06B80000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Wizard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 372736 bytes
0x07C70000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 372736 bytes
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [bthmodem.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [slntamr.sys]
0x07940000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 405504 bytes
WARNING: Virus alike driver modification [avgntdd.sys]
WARNING: Virus alike driver modification [sisagp.sys]
0x06560000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 413696 bytes
0x06A20000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 421888 bytes
0x06CE0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 421888 bytes
WARNING: Virus alike driver modification [viaagp.sys]
WARNING: Virus alike driver modification [alim1541.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [amdagp.sys]
WARNING: Virus alike driver modification [uagp35.sys]
WARNING: Virus alike driver modification [agpcpq.sys]
0x00D10000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x89F1F610 ] PID: 1872, 45056 bytes
0x00D80000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x89F1F610 ] PID: 1872, 45056 bytes
0x01280000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x89F1F610 ] PID: 1872, 45056 bytes
0x00DF0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x89F62618 ] PID: 156, 45056 bytes
0x00CF0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x89F62618 ] PID: 156, 45056 bytes
0x00D10000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x89F62618 ] PID: 156, 45056 bytes
0x03A40000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x89F62618 ] PID: 156, 45056 bytes
0x04A80000 Hidden Image-->CLI.Aspect.Grid.HydraVision.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 45056 bytes
0x04AB0000 Hidden Image-->CLI.Aspect.DeskMan.HydraVision.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 45056 bytes
0x04AE0000 Hidden Image-->CLI.Aspect.MDProp.HydraVision.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 45056 bytes
0x04B10000 Hidden Image-->CLI.Aspect.MultiDesk.HydraVision.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 45056 bytes
0x05110000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 45056 bytes
0x050C0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 45056 bytes
0x051B0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 45056 bytes
0x052A0000 Hidden Image-->CLI.Aspect.SmartGart.Graphics.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 45056 bytes
WARNING: Virus alike driver modification [mtxparhm.sys]
0x04150000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x89F62618 ] PID: 156, 454656 bytes
WARNING: Virus alike driver modification [gagp30kx.sys]
WARNING: Virus alike driver modification [stream.sys]
0x06950000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 503808 bytes
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
0x03980000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x89F62618 ] PID: 156, 53248 bytes
0x03A10000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x89F62618 ] PID: 156, 53248 bytes
0x03AA0000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x89F62618 ] PID: 156, 53248 bytes
0x03EB0000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x89F62618 ] PID: 156, 53248 bytes
0x04120000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x89F62618 ] PID: 156, 53248 bytes
0x04FC0000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x89F62618 ] PID: 156, 53248 bytes
0x05020000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 53248 bytes
0x05140000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 53248 bytes
0x05170000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 53248 bytes
0x05190000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 53248 bytes
0x05450000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 53248 bytes
0x06620000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 53248 bytes
0x06A00000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 53248 bytes
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
0x063D0000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x89F62618 ] PID: 156, 561152 bytes
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
0x07D40000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 585728 bytes
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [rfcomm.sys]
WARNING: Virus alike driver modification [arp1394.sys]
0x05200000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 61440 bytes
0x051A0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 61440 bytes
0x05360000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 61440 bytes
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [mf.sys]
0x07A50000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 643072 bytes
0x08250000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 651264 bytes
0x06780000 Hidden Image-->ResourceManagement.Foundation.Implementation.DLL [ EPROCESS 0x89F62618 ] PID: 156, 659456 bytes
WARNING: Virus alike driver modification [hsfcxts2.sys]
0x038A0000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x89F62618 ] PID: 156, 69632 bytes
0x038F0000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 69632 bytes
0x04F10000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x89F62618 ] PID: 156, 69632 bytes
0x051D0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 69632 bytes
0x05280000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 69632 bytes
0x052F0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 69632 bytes
0x053E0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 69632 bytes
0x07E30000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 69632 bytes
0x06BE0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Wizard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 700416 bytes
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
0x07BB0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 757760 bytes
WARNING: Virus alike driver modification [mcd.sys]
0x00D90000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x89F1F610 ] PID: 1872, 77824 bytes
0x00D60000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x89F62618 ] PID: 156, 77824 bytes
0x03A70000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x89F62618 ] PID: 156, 77824 bytes
0x04FE0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 77824 bytes
0x050A0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x89F62618 ] PID: 156, 77824 bytes
WARNING: Virus alike driver modification [sdbus.sys]
0x07EB0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 806912 bytes
WARNING: Virus alike driver modification [VC4CB104.SYS]
0x05060000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 86016 bytes
0x05260000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.DLL [ EPROCESS 0x89F62618 ] PID: 156, 86016 bytes
0x065E0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x89F62618 ] PID: 156, 86016 bytes
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [slnthal.sys]
chuckles3 is offline  
Sponsored Links
Advertisement
 
Old 03-01-2011, 08:31 AM   #4
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hi,

Did you run any other tools since your first post?

====================

Please download ComboFix from one of these locations:

Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how, please look in here:

    How to disable your security applications

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

# Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: Please make sure that your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done that.
amateur is offline  
Old 03-01-2011, 03:12 PM   #5
Registered Member
 
Join Date: Nov 2010
Posts: 33
OS: xp



Yes i did do something. Avast found a virus or something and wanted to do a boot-time scan.. or something like that. It did a scan before windows started i believe. I deleted one or two files during that scan, but didn't have time to sit around and wait for it to finish so i exited it.


ComboFix 11-02-28.07 - 3 03/01/2011 12:07:51.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1969 [GMT -8:00]
Running from: c:\documents and settings\3\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bkEur05

.
((((((((((((((((((((((((( Files Created from 2011-02-01 to 2011-03-01 )))))))))))))))))))))))))))))))
.

2011-02-19 18:48 . 2011-02-19 18:48 -------- d-----w- c:\documents and settings\3\Local Settings\Application Data\WMTools Downloaded Files
2011-02-19 18:45 . 2011-02-19 18:45 -------- d-----w- c:\documents and settings\3\Application Data\MOVAVI
2011-02-19 18:45 . 2011-02-19 18:45 -------- d-----w- c:\program files\Ask.com
2011-02-19 18:44 . 2011-02-19 18:44 87392 ----a-r- c:\documents and settings\3\Application Data\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\VideoConverter5_St_10EBE4A00F514DB49EA9B218A1E9D3F5.exe
2011-02-19 18:44 . 2011-02-19 18:44 87392 ----a-r- c:\documents and settings\3\Application Data\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\NewShortcut4_941FA141AAB14924B185046EE8E1BDD9.exe
2011-02-19 18:44 . 2011-02-19 18:44 71008 ----a-r- c:\documents and settings\3\Application Data\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\VideoConverter5_St_BF4E5749C8A942ACA48E229C02AC7D3D.exe
2011-02-19 18:44 . 2011-02-19 18:44 71008 ----a-r- c:\documents and settings\3\Application Data\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\ARPPRODUCTICON.exe
2011-02-19 18:44 . 2011-02-19 18:44 136544 ----a-r- c:\documents and settings\3\Application Data\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\VideoConverter5_St_4949825D36F8486CAED8D1FA37A2B641.exe
2011-02-19 18:44 . 2011-02-19 18:44 -------- d-----w- c:\program files\Movavi Video Converter 10
2011-02-19 03:13 . 2011-03-01 06:04 -------- d-----w- c:\documents and settings\3\Application Data\skypePM
2011-02-19 03:05 . 2011-02-19 03:05 -------- d-----w- c:\program files\Common Files\Skype
2011-02-19 03:05 . 2011-02-19 03:05 -------- d-----r- c:\program files\Skype
2011-02-19 03:05 . 2011-03-01 06:05 -------- d-----w- c:\documents and settings\3\Application Data\Skype
2011-02-14 23:27 . 2011-02-14 23:27 -------- d-----w- c:\program files\SwitchVid.com
2011-02-14 21:34 . 2011-02-14 21:34 -------- d-----w- c:\program files\iRip
2011-02-14 21:28 . 2011-02-15 00:19 -------- d-----w- c:\documents and settings\3\Application Data\BitTorrent
2011-02-14 21:21 . 2011-02-14 21:21 -------- d-----w- c:\documents and settings\3\Local Settings\Application Data\The Little App Factory, LLC
2011-02-14 21:13 . 2011-02-14 21:13 -------- d-----w- c:\documents and settings\3\Application Data\BSD
2011-02-14 21:13 . 2011-02-14 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\BSD
2011-02-14 21:13 . 2011-02-14 21:19 -------- d-----w- c:\program files\Common Files\BSD
2011-02-14 21:13 . 2010-11-24 08:08 2219008 ----a-w- c:\windows\bsdsetup.dll
2011-02-14 21:03 . 2011-02-14 21:03 -------- d-----w- c:\program files\iPod
2011-02-14 21:03 . 2011-02-14 21:03 -------- d-----w- c:\program files\iTunes
2011-02-14 20:57 . 2011-02-14 20:57 -------- d-----w- c:\program files\Bonjour
2011-02-14 20:50 . 2011-02-19 18:45 -------- d-----w- c:\documents and settings\uidfgaslidufguailbgi
2011-02-14 19:42 . 2011-02-16 23:00 -------- d-----w- c:\documents and settings\3\Local Settings\Application Data\SwitchVid
2011-02-01 22:15 . 2011-02-01 22:15 -------- d-----w- c:\documents and settings\3\Local Settings\Application Data\Apple
2011-02-01 22:15 . 2011-02-19 18:41 -------- d-----w- c:\documents and settings\3\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-12 14:05 439296 ------w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2009-09-26 18:24 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-09-26 18:24 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-09-26 18:24 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2009-09-26 18:24 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2009-09-26 18:24 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2009-09-26 18:24 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-09-26 18:24 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2009-09-26 18:24 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2004-08-12 13:55 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 20:06 . 2011-01-12 01:35 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 13:10 . 2004-08-12 14:09 1854976 ------w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-12 13:58 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 17:26 . 2004-08-12 13:59 730112 ------w- c:\windows\system32\lsasrv.dll
2010-12-15 02:51 . 2009-11-26 23:30 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-15 02:51 . 2007-11-06 15:17 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-09 15:15 . 2004-08-12 14:02 718336 ------w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-12 13:56 33280 ------w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-12 14:02 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2069376 ------w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionMDEngine"="c:\program files\ATI Technologies\HydraVision\HydraMD.exe" [2009-04-29 569344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\3\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-1-16 0]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^M(_)M^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\M(_)M\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uidfgaslidufguailbgi^Start Menu^Programs^Startup^csrss.lnk]
path=c:\documents and settings\uidfgaslidufguailbgi\Start Menu\Programs\Startup\csrss.lnk
backup=c:\windows\pss\csrss.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 07:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 09:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-12 23:18 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]
2005-06-07 07:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-03-13 17:34 81920 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 23:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-05 05:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 11:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-08 04:27 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 03:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Image Zone Express\\HP_IZE.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Blizzard Downloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\3\\Local Settings\\Apps\\2.0\\65RZLJQW.OD8\\0MQ8C12B.T33\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5555:TCP"= 5555:TCP:Ehshell.exe
"7777:UDP"= 7777:UDP:Ehshell.exe
"3776:UDP"= 3776:UDP:Mcrdsvc.exe
"3390:TCP"= 3390:TCP:Svchost.exe
"3932:TCP"= 3932:TCP:Mcrmgr.exe
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/30/2010 3:49 PM 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/28/2009 2:32 AM 445936]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/26/2009 10:24 AM 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/26/2009 10:24 AM 17744]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]
S2 DTNetService;DTNetService;c:\program files\DAEMON Tools Net\DTNetSrv.exe --> c:\program files\DAEMON Tools Net\DTNetSrv.exe [?]
S2 RegMumService;ActivePCOptimizer Service;c:\program files\Active PC Optimizer\ActivePCOptimizerService.exe --> c:\program files\Active PC Optimizer\ActivePCOptimizerService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://flylineonline.org/search/index.php?said=dm&q=kitchen+under+counter+tv
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:18810
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\~\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\3\Application Data\Mozilla\Firefox\Profiles\lr4ibjb2.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-01 12:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(212)
c:\program files\ATI Technologies\HydraVision\HydraMDH.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-03-01 12:18:28
ComboFix-quarantined-files.txt 2011-03-01 20:18
ComboFix2.txt 2010-12-03 21:17

Pre-Run: 39,756,615,680 bytes free
Post-Run: 39,903,719,424 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - B094F452E2805B10E83DE5D6D6B4B838
chuckles3 is offline  
Old 03-01-2011, 11:39 PM   #6
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hi,

I see you have BitTorrent installed which is the likely source of your problems. This practice can make you vulnerable to data and identity theft. Please read this sticky:

Perils of P2P File Sharing

I would strongly urge you to remove it via Add or Remove Programs in Control Panel as suggested in our
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help page.

Quote:
  • p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues. See this link
=========================

CD emulators interfere with our tools. Please disable them as outlined below.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

==========================

Let's see if GMER will run now.

Download GMER Rootkit Scanner from here to your desktop.
  • Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


If you still have trouble, try running the scan in Safe Mode.

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

===============================
  • Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won’t work)
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Click Format and ensure Wordwrap is unchecked.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Code:
DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:18810

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=-
"c:\\WINDOWS\\system32\\rtcshare.exe"=-
"c:\\StubInstaller.exe"=-
"c:\\Program Files\\DNA\\btdna.exe"=-
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=-
"c:\\Documents and Settings\\3\\Local Settings\\Apps\\2.0\\65RZLJQW.OD8\\0MQ8C12B.T33\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"=-
Save this as CFScript.txt on your Desktop.



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • ComboFix may request an update; please allow it.
  • When finished, please post the log it produced in your next reply.
Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.
amateur is offline  
Old 03-03-2011, 04:06 PM   #7
Registered Member
 
Join Date: Nov 2010
Posts: 33
OS: xp



okay i deleted Bittorrent; i didn't know it was that dangerous, ha. Here's the First Part of the Gmer log
GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-03 16:01:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-75FJA1 rev.14.03G14
Running: gmer.exe; Driver: C:\DOCUME~1\3\LOCALS~1\Temp\uwlcapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAC845728]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xAC84C7EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xAC84C6A2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xAC84CCA8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xAC84CBBE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xAC84C276]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAC8457D8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xAC84C77E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xAC84C1B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xAC84C218]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAC845870]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xAC84C8C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAC84CD76]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xAC84C880]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xAC84CA04]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAC85982E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAC859652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAC85978C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + B0 804E271C 4 Bytes JMP C2AC84C7
PAGE ntoskrnl.exe!ObInsertObject 805650BA 5 Bytes JMP AC856C88 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!NtCreateSection 80565333 7 Bytes JMP AC859656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058124C 7 Bytes JMP AC859832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A038B 5 Bytes JMP AC8551EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A425D 7 Bytes JMP AC859790 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9026000, 0x230C17, 0xE8000020]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB8D21F80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\SpywareGuard\sgbhp.exe[420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgbhp.exe[420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgbhp.exe[420] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgbhp.exe[420] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgbhp.exe[420] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgbhp.exe[420] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgbhp.exe[420] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgbhp.exe[420] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgbhp.exe[420] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgbhp.exe[420] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgbhp.exe[420] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgbhp.exe[420] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgbhp.exe[420] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgbhp.exe[420] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgbhp.exe[420] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[672] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[672] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[672] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[672] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[672] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[672] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[672] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[672] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[672] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[672] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[672] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[672] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[716] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[716] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[716] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[716] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[716] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[716] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[716] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[896] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[896] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[896] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[896] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[896] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[896] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[896] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[896] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[896] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[896] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[896] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[896] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[896] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[896] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[896] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[916] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[916] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[916] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[916] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[916] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1124] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[1124] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[1188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[1188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[1188] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[1188] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[1188] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[1188] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[1188] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[1188] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[1188] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[1188] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[1188] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[1188] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[1188] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[1188] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\Ati2evxx.exe[1188] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1472] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1612] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1612] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1612] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1612] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1612] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1612] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1612] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1612] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1612] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1612] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1612] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1612] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1612] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1612] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\spoolsv.exe[1612] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[1736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[1736] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[1736] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[1736] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[1736] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[1736] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[1736] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[1736] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[1736] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[1736] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[1736] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[1736] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[1736] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[1736] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[1736] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1744] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1744] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1744] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1744] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1744] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1744] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1744] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1744] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1744] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1744] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1744] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1744] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[1744] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
chuckles3 is offline  
Old 03-03-2011, 04:08 PM   #8
Registered Member
 
Join Date: Nov 2010
Posts: 33
OS: xp



second part:

.text C:\Program Files\QuickTime\QTTask.exe[1776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\QTTask.exe[1776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\QTTask.exe[1776] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\QTTask.exe[1776] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\QTTask.exe[1776] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\QTTask.exe[1776] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\QTTask.exe[1776] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\QTTask.exe[1776] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\QTTask.exe[1776] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\QTTask.exe[1776] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\QTTask.exe[1776] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\QTTask.exe[1776] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\QTTask.exe[1776] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\QTTask.exe[1776] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\QuickTime\QTTask.exe[1776] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1788] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1788] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1788] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1788] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1788] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1788] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1788] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1788] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1788] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1788] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1788] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1788] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1788] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1788] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1788] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe[1800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe[1800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe[1800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe[1800] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe[1800] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe[1800] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe[1800] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe[1800] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe[1800] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe[1800] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe[1800] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe[1800] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe[1800] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe[1800] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\ATI Technologies\HydraVision\HydraMD.exe[1800] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgmain.exe[2028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgmain.exe[2028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgmain.exe[2028] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgmain.exe[2028] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgmain.exe[2028] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgmain.exe[2028] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgmain.exe[2028] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgmain.exe[2028] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgmain.exe[2028] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgmain.exe[2028] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgmain.exe[2028] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgmain.exe[2028] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgmain.exe[2028] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgmain.exe[2028] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\SpywareGuard\sgmain.exe[2028] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2136] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2136] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2136] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2136] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2136] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2136] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2136] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2136] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2136] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2136] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2136] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2136] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2136] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[2136] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\alg.exe[2396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2516] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2516] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2516] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2516] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2516] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2516] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2516] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2516] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2516] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2516] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2516] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2516] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2516] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2544] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2544] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2544] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2544] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2544] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2544] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2544] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2544] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2544] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2544] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2544] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2544] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2544] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2588] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2588] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2588] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2588] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2588] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2588] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2588] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2588] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2588] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2588] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2588] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2588] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\3\Desktop\gmer.exe[2600] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Documents and Settings\3\Desktop\gmer.exe[2600] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2720] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2720] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2720] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2720] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2720] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2720] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2720] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2720] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2720] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2720] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2720] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2720] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2720] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[2720] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2844] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2844] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2844] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2844] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2844] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2844] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2844] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2844] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2844] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2844] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2844] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2844] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2844] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2844] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2856] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2856] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2856] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2856] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2856] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2856] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2856] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2964] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2964] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2964] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2964] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2964] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2964] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2964] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2964] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[2964] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[3120] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[3120] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[3120] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[3120] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[3120] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[3120] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[3120] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[3120] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[3120] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[3120] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[3120] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[3120] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[3120] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[3120] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe[3120] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3152] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3152] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3152] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3152] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3152] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3152] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3152] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3152] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3152] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3152] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3152] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\System32\svchost.exe[3152] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3180] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3180] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3180] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3180] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3180] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3180] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3180] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3180] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3180] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3180] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3304] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3304] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3304] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3304] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3304] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3304] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3304] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3304] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3304] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3304] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3304] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\svchost.exe[3304] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3460] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3460] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3460] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3460] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3460] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3460] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3460] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3460] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3460] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3460] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3460] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3460] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3460] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3460] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3764] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3764] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3764] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3764] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3764] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3764] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3764] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3764] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3764] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3764] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3764] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3764] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\wuauclt.exe[3764] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat A8A6CD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x32 0x58 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x21 0x59 0x31 0xA0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Net\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x63 0x3B 0x45 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x24 0x82 0x58 0x32 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x10 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x7C 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xE1 0x72 0x2B 0x3E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\[email protected] 0x3B 0xD1 0xBF 0xA6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0x32 0x58 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0x21 0x59 0x31 0xA0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Net\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x63 0x3B 0x45 0x7C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x24 0x82 0x58 0x32 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x10 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x7C 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xE1 0x72 0x2B 0x3E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\[email protected] 0x3B 0xD1 0xBF 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x32 0x58 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x21 0x59 0x31 0xA0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Net\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x63 0x3B 0x45 0x7C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x24 0x82 0x58 0x32 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x10 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x7C 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xE1 0x72 0x2B 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\[email protected] 0x3B 0xD1 0xBF 0xA6 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] 0x32 0x58 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] 0x21 0x59 0x31 0xA0 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Net\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x63 0x3B 0x45 0x7C ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x24 0x82 0x58 0x32 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x10 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x7C 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xE1 0x72 0x2B 0x3E ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\[email protected] 0x3B 0xD1 0xBF 0xA6 ...
chuckles3 is offline  
Old 03-03-2011, 04:09 PM   #9
Registered Member
 
Join Date: Nov 2010
Posts: 33
OS: xp



Last part:

Reg HKLM\SOFTWARE\Classes\[email protected] Curse Wow UI Compilation
Reg HKLM\SOFTWARE\Classes\.cwui\shell
Reg HKLM\SOFTWARE\Classes\.cwui\shell\open
Reg HKLM\SOFTWARE\Classes\.cwui\shell\open\command
Reg HKLM\SOFTWARE\Classes\[email protected] Citrix.ICAClient.2.5
Reg HKLM\SOFTWARE\Classes\[email protected] Type application/x-ica
Reg HKLM\SOFTWARE\Classes\[email protected] Type video/mpeg
Reg HKLM\SOFTWARE\Classes\[email protected] video
Reg HKLM\SOFTWARE\Classes\[email protected] mpegfile
Reg HKLM\SOFTWARE\Classes\.m2v\OpenWithList
Reg HKLM\SOFTWARE\Classes\.m2v\OpenWithList\wmplayer.exe
Reg HKLM\SOFTWARE\Classes\.m2v\OpenWithProgIds
Reg HKLM\SOFTWARE\Classes\.m2v\[email protected]
Reg HKLM\SOFTWARE\Classes\[email protected] Type video/mpeg
Reg HKLM\SOFTWARE\Classes\[email protected] video
Reg HKLM\SOFTWARE\Classes\[email protected] mpegfile
Reg HKLM\SOFTWARE\Classes\.mod\OpenWithList
Reg HKLM\SOFTWARE\Classes\.mod\OpenWithList\wmplayer.exe
Reg HKLM\SOFTWARE\Classes\.mod\OpenWithProgIds
Reg HKLM\SOFTWARE\Classes\.mod\[email protected]
Reg HKLM\SOFTWARE\Classes\[email protected] ShockwaveFlash.ShockwaveFlash
Reg HKLM\SOFTWARE\Classes\[email protected] Type application/futuresplash
Reg HKLM\SOFTWARE\Classes\[email protected] FirefoxHTML
Reg HKLM\SOFTWARE\Classes\[email protected] Type application/xhtml+xml
Reg HKLM\SOFTWARE\Classes\.xht\OpenWithList
Reg HKLM\SOFTWARE\Classes\[email protected] FirefoxHTML
Reg HKLM\SOFTWARE\Classes\[email protected] Type application/xhtml+xml
Reg HKLM\SOFTWARE\Classes\.xhtml\OpenWithList
Reg HKLM\SOFTWARE\Classes\[email protected] adbanner Class
Reg HKLM\SOFTWARE\Classes\adbanner.adbanner\CurVer
Reg HKLM\SOFTWARE\Classes\adbanner.adbanner\[email protected] adbanner.adbanner.1
Reg HKLM\SOFTWARE\Classes\[email protected] adbanner Class
Reg HKLM\SOFTWARE\Classes\adbanner.adbanner.1\CLSID
Reg HKLM\SOFTWARE\Classes\adbanner.adbanner.1\[email protected] {89643D21-7B2A-11d1-8271-00A0C91F9CA0}
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovie [email protected] ActiveMovie Control Object
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovie Control\CurVer
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovie Control\[email protected] AMOVIE.ActiveMovie Control.2
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovie [email protected] ActiveMovie Control Object
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovie [email protected] 65536
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovie Control.2\CLSID
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovie Control.2\[email protected] {05589FA1-C356-11CE-BF01-00AA0055595A}
Reg HKLM\SOFTWARE\Classes\[email protected] ActiveMovie Control Object
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovieControl\CurVer
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovieControl\[email protected] AMOVIE.ActiveMovie Control.2
Reg HKLM\SOFTWARE\Classes\[email protected] ActiveMovie Control Object
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovieControl.2\CLSID
Reg HKLM\SOFTWARE\Classes\AMOVIE.ActiveMovieControl.2\[email protected] {05589FA1-C356-11CE-BF01-00AA0055595A}
Reg HKLM\SOFTWARE\Classes\[email protected] AMtoolbar Class
Reg HKLM\SOFTWARE\Classes\AMtoolbar.AMtoolbar\CurVer
Reg HKLM\SOFTWARE\Classes\AMtoolbar.AMtoolbar\[email protected] AMtoolbar.AMtoolbar.1
Reg HKLM\SOFTWARE\Classes\[email protected] AMtoolbar Class
Reg HKLM\SOFTWARE\Classes\AMtoolbar.AMtoolbar.1\CLSID
Reg HKLM\SOFTWARE\Classes\AMtoolbar.AMtoolbar.1\[email protected] {0368BFF0-9870-11D0-94AB-0080C74C7E95}
Reg HKLM\SOFTWARE\Classes\[email protected] AuthorInfo Class
Reg HKLM\SOFTWARE\Classes\AuthorInfo.AuthorInfo\CurVer
Reg HKLM\SOFTWARE\Classes\AuthorInfo.AuthorInfo\[email protected] AuthorInfo.AuthorInfo.1
Reg HKLM\SOFTWARE\Classes\[email protected] AuthorInfo Class
Reg HKLM\SOFTWARE\Classes\AuthorInfo.AuthorInfo.1\CLSID
Reg HKLM\SOFTWARE\Classes\AuthorInfo.AuthorInfo.1\[email protected] {78EE0B33-2D96-45D7-8E13-6FE41B51EE2F}
Reg HKLM\SOFTWARE\Classes\[email protected] Kodak Gallery Easy Upload Manager Class
Reg HKLM\SOFTWARE\Classes\axofupld.OFDesktopUploadMgr\CLSID
Reg HKLM\SOFTWARE\Classes\axofupld.OFDesktopUploadMgr\[email protected] {6f750202-1362-4815-a476-88533de61d0c}
Reg HKLM\SOFTWARE\Classes\axofupld.OFDesktopUploadMgr\CurVer
Reg HKLM\SOFTWARE\Classes\axofupld.OFDesktopUploadMgr\[email protected] axofupld.OFDesktopUploadMgr.3
Reg HKLM\SOFTWARE\Classes\[email protected] Kodak Gallery Easy Upload Manager Class
Reg HKLM\SOFTWARE\Classes\axofupld.OFDesktopUploadMgr.3\CLSID
Reg HKLM\SOFTWARE\Classes\axofupld.OFDesktopUploadMgr.3\[email protected] {6f750202-1362-4815-a476-88533de61d0c}
Reg HKLM\SOFTWARE\Classes\[email protected] Citrix ICA Client
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient\CLSID
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient\[email protected] {238F6F83-B8B4-11CF-8771-00A024541EE3}
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient\CurVer
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient\[email protected] Citrix.ICAClient.2.5
Reg HKLM\SOFTWARE\Classes\[email protected] Citrix ICA Client
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2\CLSID
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2\[email protected] {238F6F83-B8B4-11CF-8771-00A024541EE3}
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2\CurVer
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2\[email protected] Citrix.ICAClient.2.5
Reg HKLM\SOFTWARE\Classes\[email protected] Citrix ICA Client
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.1\CLSID
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.1\[email protected] {238F6F83-B8B4-11CF-8771-00A024541EE3}
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.1\CurVer
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.1\[email protected] Citrix.ICAClient.2.5
Reg HKLM\SOFTWARE\Classes\[email protected] Citrix ICA Client
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.2\CLSID
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.2\[email protected] {238F6F83-B8B4-11CF-8771-00A024541EE3}
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.2\CurVer
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.2\[email protected] Citrix.ICAClient.2.5
Reg HKLM\SOFTWARE\Classes\[email protected] Citrix ICA Client
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.3\CLSID
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.3\[email protected] {238F6F83-B8B4-11CF-8771-00A024541EE3}
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.3\CurVer
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.3\[email protected] Citrix.ICAClient.2.5
Reg HKLM\SOFTWARE\Classes\[email protected] Citrix ICA Client
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.4\CLSID
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.4\[email protected] {238F6F83-B8B4-11CF-8771-00A024541EE3}
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.4\CurVer
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.4\[email protected] Citrix.ICAClient.2.5
Reg HKLM\SOFTWARE\Classes\[email protected] Citrix ICA Client
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.5\CLSID
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.5\[email protected] {238F6F83-B8B4-11CF-8771-00A024541EE3}
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.5\DefaultIcon
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.5\[email protected] C:\Progra~1\Citrix\icaweb32\wfica32.exe,1
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.5\Insertable
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.5\[email protected]
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.5\shell
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.5\[email protected]
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.5\shell\open
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.5\shell\[email protected]
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.5\shell\open\command
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClient.2.5\shell\open\[email protected] C:\Progra~1\Citrix\icaweb32\wfica32.exe "%1"
Reg HKLM\SOFTWARE\Classes\Citrix.I[email protected] Citrix ICA Client Properties
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp\CLSID
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp\[email protected] {238F6F85-B8B4-11CF-8771-00A024541EE3}
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp\CurVer
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp\[email protected] Citrix.ICAClientProp.2.4
Reg HKLM\SOFTWARE\Classes\[email protected] Citrix ICA Client Properties
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp.2\CLSID
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp.2\[email protected] {238F6F85-B8B4-11CF-8771-00A024541EE3}
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp.2\CurVer
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp.2\[email protected] Citrix.ICAClientProp.2.4
Reg HKLM\SOFTWARE\Classes\[email protected] Citrix ICA Client Properties
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp.2.1\CLSID
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp.2.1\[email protected] {238F6F85-B8B4-11CF-8771-00A024541EE3}
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp.2.1\CurVer
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp.2.1\[email protected] Citrix.ICAClientProp.2.4
Reg HKLM\SOFTWARE\Classes\[email protected] Citrix ICA Client Properties
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp.2.2\CLSID
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp.2.2\[email protected] {238F6F85-B8B4-11CF-8771-00A024541EE3}
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp.2.2\CurVer
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp.2.2\[email protected] Citrix.ICAClientProp.2.4
Reg HKLM\SOFTWARE\Classes\[email protected] Citrix ICA Client Properties
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp.2.3\CLSID
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp.2.3\[email protected] {238F6F85-B8B4-11CF-8771-00A024541EE3}
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp.2.3\CurVer
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp.2.3\[email protected] Citrix.ICAClientProp.2.4
Reg HKLM\SOFTWARE\Classes\[email protected] Citrix ICA Client Properties
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp.2.4\CLSID
Reg HKLM\SOFTWARE\Classes\Citrix.ICAClientProp.2.4\[email protected] {238F6F85-B8B4-11CF-8771-00A024541EE3}
Reg HKLM\SOFTWARE\Classes\[email protected] DescriptionData Class
Reg HKLM\SOFTWARE\Classes\DescriptionData.DescriptionData\CurVer
Reg HKLM\SOFTWARE\Classes\DescriptionData.DescriptionData\[email protected] DescriptionData.DescriptionData.1
Reg HKLM\SOFTWARE\Classes\[email protected] DescriptionData Class
Reg HKLM\SOFTWARE\Classes\DescriptionData.DescriptionData.1\CLSID
Reg HKLM\SOFTWARE\Classes\DescriptionData.DescriptionData.1\[email protected] {8925CA71-5B2A-45B9-B214-A63C715D15FB}
Reg HKLM\SOFTWARE\Classes\[email protected] DirectContainer Class
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectContainer\CLSID
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectContainer\[email protected] {39A2C2A9-4778-11D2-9BDB-204C4F4F5020}
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectContainer\CurVer
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectContainer\[email protected] DirectFrame.DirectContainer.1
Reg HKLM\SOFTWARE\Classes\[email protected] DirectContainer Class
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectContainer.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectContainer.1\[email protected] {39A2C2A9-4778-11D2-9BDB-204C4F4F5020}
Reg HKLM\SOFTWARE\Classes\[email protected] DirectControl Class
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectControl\CLSID
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectControl\[email protected] {39A2C2A6-4778-11D2-9BDB-204C4F4F5020}
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectControl\CurVer
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectControl\[email protected] DirectFrame.DirectControl.1
Reg HKLM\SOFTWARE\Classes\[email protected] DirectControl Class
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectControl.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectFrame.DirectControl.1\[email protected] {39A2C2A6-4778-11D2-9BDB-204C4F4F5020}
Reg HKLM\SOFTWARE\Classes\[email protected] RadioView Class
Reg HKLM\SOFTWARE\Classes\DirectFrame.RadioView\CLSID
Reg HKLM\SOFTWARE\Classes\DirectFrame.RadioView\[email protected] {847B4DF5-4B61-11D2-9BDB-204C4F4F5020}
Reg HKLM\SOFTWARE\Classes\DirectFrame.RadioView\CurVer
Reg HKLM\SOFTWARE\Classes\DirectFrame.RadioView\[email protected] DirectFrame.RadioView.1
Reg HKLM\SOFTWARE\Classes\[email protected] RadioView Class
Reg HKLM\SOFTWARE\Classes\DirectFrame.RadioView.1\CLSID
Reg HKLM\SOFTWARE\Classes\DirectFrame.RadioView.1\[email protected] {847B4DF5-4B61-11D2-9BDB-204C4F4F5020}
Reg HKLM\SOFTWARE\Classes\[email protected] DSDisplayPanel Class
Reg HKLM\SOFTWARE\Classes\DSDisplayPanel.DSDisplayPanel\CurVer
Reg HKLM\SOFTWARE\Classes\DSDisplayPanel.DSDisplayPanel\[email protected] DSDisplayPanel.DSDisplayPanel.1
Reg HKLM\SOFTWARE\Classes\[email protected] DSDisplayPanel Class
Reg HKLM\SOFTWARE\Classes\DSDisplayPanel.DSDisplayPanel.1\CLSID
Reg HKLM\SOFTWARE\Classes\DSDisplayPanel.DSDisplayPanel.1\[email protected] {49FC0185-4B32-11d1-A40E-00600831F336}
Reg HKLM\SOFTWARE\Classes\[email protected] DSStatusBar Class
Reg HKLM\SOFTWARE\Classes\DSStatusBar.DSStatusBar\CurVer
Reg HKLM\SOFTWARE\Classes\DSStatusBar.DSStatusBar\[email protected] DSStatusBar.DSStatusBar.1
Reg HKLM\SOFTWARE\Classes\[email protected] DSStatusBar Class
Reg HKLM\SOFTWARE\Classes\DSStatusBar.DSStatusBar.1\CLSID
Reg HKLM\SOFTWARE\Classes\DSStatusBar.DSStatusBar.1\[email protected] {8A3F59E1-4994-11D1-A40D-00600831F336}
Reg HKLM\SOFTWARE\Classes\FinePixViewer.ShowPictures\Shell
Reg HKLM\SOFTWARE\Classes\FinePixViewer.ShowPictures\Shell\Play
Reg HKLM\SOFTWARE\Classes\FinePixViewer.ShowPictures\Shell\Play\Command
Reg HKLM\SOFTWARE\Classes\FinePixViewer.ShowPictures\Shell\Play\[email protected] C:\Program Files\FinePixViewer\FinePixViewer.exe /d %1
Reg HKLM\SOFTWARE\Classes\[email protected] Firefox Document
Reg HKLM\SOFTWARE\Classes\[email protected] Firefox Document
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\DefaultIcon
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\[email protected] C:\Program Files\Mozilla Firefox\firefox.exe,1
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\[email protected] open
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\Edit
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\[email protected] &Edit
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\Edit\command
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\Edit\[email protected] "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\command
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\[email protected] "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\[email protected] "%1",,0,0,,,,
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\[email protected]
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeexec\[email protected] Firefox
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeexec\[email protected] WWW_OpenURL
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\Print
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\[email protected] &Print
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\Print\command
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\Print\[email protected] "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1
Reg HKLM\SOFTWARE\Classes\[email protected] gotobar Class
Reg HKLM\SOFTWARE\Classes\gotobar.gotobar\CurVer
Reg HKLM\SOFTWARE\Classes\gotobar.gotobar\[email protected] gotobar.gotobar.1
Reg HKLM\SOFTWARE\Classes\[email protected] gotobar Class
Reg HKLM\SOFTWARE\Classes\gotobar.gotobar.1\CLSID
Reg HKLM\SOFTWARE\Classes\gotobar.gotobar.1\[email protected] {9F4D2FA2-54A1-11d1-8267-00A0C91F9CA0}
Reg HKLM\SOFTWARE\Classes\[email protected] Microsoft Internet Transfer Control 6.0 (SP4)
Reg HKLM\SOFTWARE\Classes\InetCtls.Inet\CLSID
Reg HKLM\SOFTWARE\Classes\InetCtls.Inet\[email protected] {48E59293-9880-11CF-9754-00AA00C00908}
Reg HKLM\SOFTWARE\Classes\InetCtls.Inet\CurVer
Reg HKLM\SOFTWARE\Classes\InetCtls.Inet\[email protected] InetCtls.Inet.1
Reg HKLM\SOFTWARE\Classes\[email protected] Microsoft Internet Transfer Control 6.0 (SP4)
Reg HKLM\SOFTWARE\Classes\InetCtls.Inet.1\CLSID
Reg HKLM\SOFTWARE\Classes\InetCtls.Inet.1\[email protected] {48E59293-9880-11CF-9754-00AA00C00908}
Reg HKLM\SOFTWARE\Classes\[email protected] Windows Media Player
Reg HKLM\SOFTWARE\Classes\MediaPlayer.MediaPlayer\CurVer
Reg HKLM\SOFTWARE\Classes\MediaPlayer.MediaPlayer\[email protected] MediaPlayer.MediaPlayer.1
Reg HKLM\SOFTWARE\Classes\[email protected] Windows Media Player
Reg HKLM\SOFTWARE\Classes\[email protected] 65536
Reg HKLM\SOFTWARE\Classes\MediaPlayer.MediaPlayer.1\CLSID
Reg HKLM\SOFTWARE\Classes\MediaPlayer.MediaPlayer.1\[email protected] {22D6F312-B0F6-11D0-94AB-0080C74C7E95}
Reg HKLM\SOFTWARE\Classes\Microsoft.Aspnet.Snapin.AspNetManagementUtility.2\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.Aspnet.Snapin.AspNetManagementUtility.2\[email protected] {FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E}
Reg HKLM\SOFTWARE\Classes\[email protected] RadioBand Class
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioBand\CLSID
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioBand\[email protected] {8E718888-423F-11D2-876E-00A0C9082467}
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioBand\CurVer
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioBand\[email protected] Mmedia.RadioBand.1
Reg HKLM\SOFTWARE\Classes\[email protected] RadioBand Class
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioBand.1\CLSID
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioBand.1\[email protected] {8E718888-423F-11D2-876E-00A0C9082467}
Reg HKLM\SOFTWARE\Classes\[email protected] RadioPlayer Class
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioPlayer\CLSID
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioPlayer\[email protected] {9C2263B0-3E3C-11D2-9BD3-204C4F4F5020}
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioPlayer\CurVer
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioPlayer\[email protected] Mmedia.RadioPlayer.1
Reg HKLM\SOFTWARE\Classes\[email protected] RadioPlayer Class
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioPlayer.1\CLSID
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioPlayer.1\[email protected] {9C2263B0-3E3C-11D2-9BD3-204C4F4F5020}
Reg HKLM\SOFTWARE\Classes\[email protected] RadioServer Class
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioServer\CLSID
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioServer\[email protected] {8E71888A-423F-11D2-876E-00A0C9082467}
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioServer\CurVer
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioServer\[email protected] Mmedia.RadioServer.1
Reg HKLM\SOFTWARE\Classes\[email protected] RadioServer Class
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioServer.1\CLSID
Reg HKLM\SOFTWARE\Classes\Mmedia.RadioServer.1\[email protected] {8E71888A-423F-11D2-876E-00A0C9082467}
Reg HKLM\SOFTWARE\Classes\[email protected] SCPTRANS Class
Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS\CLSID
Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS\[email protected] {5C140836-43DE-11d3-847D-00C04F79DBC0}
Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS\CurVer
Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS\[email protected] MsScp.SCPTRANS.1
Reg HKLM\SOFTWARE\Classes\[email protected] SCPTRANS Class
Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS.1\CLSID
Reg HKLM\SOFTWARE\Classes\MsScp.SCPTRANS.1\[email protected] {5C140836-43DE-11d3-847D-00C04F79DBC0}
Reg HKLM\SOFTWARE\Classes\[email protected] MySpace Uploader PaneItems Control
Reg HKLM\SOFTWARE\Classes\MySpace.PaneItems.4\CLSID
Reg HKLM\SOFTWARE\Classes\MySpace.PaneItems.4\[email protected] {7746874F-26C2-4E52-A26A-F22A15DD42B3}
Reg HKLM\SOFTWARE\Classes\MySpace.PaneItems.4\CurVer
Reg HKLM\SOFTWARE\Classes\MySpace.PaneItems.4\[email protected] MySpace.PaneItems.4.1
Reg HKLM\SOFTWARE\Classes\[email protected] MySpace Uploader PaneItems Control
Reg HKLM\SOFTWARE\Classes\MySpace.PaneItems.4.1\CLSID
Reg HKLM\SOFTWARE\Classes\MySpace.PaneItems.4.1\[email protected] {7746874F-26C2-4E52-A26A-F22A15DD42B3}
Reg HKLM\SOFTWARE\Classes\[email protected] MySpace Uploader Combo Control
Reg HKLM\SOFTWARE\Classes\MySpace.ShellCombo.4\CLSID
Reg HKLM\SOFTWARE\Classes\MySpace.ShellCombo.4\[email protected] {69D797FE-62A0-4A86-9027-5C79634BA7F6}
Reg HKLM\SOFTWARE\Classes\MySpace.ShellCombo.4\CurVer
Reg HKLM\SOFTWARE\Classes\MySpace.ShellCombo.4\[email protected] MySpace.ShellCombo.4.1
Reg HKLM\SOFTWARE\Classes\[email protected] MySpace Uploader Combo Control
Reg HKLM\SOFTWARE\Classes\MySpace.ShellCombo.4.1\CLSID
Reg HKLM\SOFTWARE\Classes\MySpace.ShellCombo.4.1\[email protected] {69D797FE-62A0-4A86-9027-5C79634BA7F6}
Reg HKLM\SOFTWARE\Classes\[email protected] MySpace Uploader Thumbnail Control
Reg HKLM\SOFTWARE\Classes\MySpace.Thumbnail.4\CLSID
Reg HKLM\SOFTWARE\Classes\MySpace.Thumbnail.4\[email protected] {CB5AB6FE-43E4-4C12-86F1-8F9444C6DA34}
Reg HKLM\SOFTWARE\Classes\MySpace.Thumbnail.4\CurVer
Reg HKLM\SOFTWARE\Classes\MySpace.Thumbnail.4\[email protected] MySpace.Thumbnail.4.1
Reg HKLM\SOFTWARE\Classes\[email protected] MySpace Uploader Thumbnail Control
Reg HKLM\SOFTWARE\Classes\MySpace.Thumbnail.4.1\CLSID
Reg HKLM\SOFTWARE\Classes\MySpace.Thumbnail.4.1\[email protected] {CB5AB6FE-43E4-4C12-86F1-8F9444C6DA34}
Reg HKLM\SOFTWARE\Classes\[email protected] MySpace Uploader Control
Reg HKLM\SOFTWARE\Classes\MySpace.Uploader.4\CLSID
Reg HKLM\SOFTWARE\Classes\MySpace.Uploader.4\[email protected] {48DD0448-9209-4F81-9F6D-D83562940134}
Reg HKLM\SOFTWARE\Classes\MySpace.Uploader.4\CurVer
Reg HKLM\SOFTWARE\Classes\MySpace.Uploader.4\[email protected] MySpace.Uploader.4.1
Reg HKLM\SOFTWARE\Classes\[email protected] MySpace Uploader Control
Reg HKLM\SOFTWARE\Classes\MySpace.Uploader.4.1\CLSID
Reg HKLM\SOFTWARE\Classes\MySpace.Uploader.4.1\[email protected] {48DD0448-9209-4F81-9F6D-D83562940134}
Reg HKLM\SOFTWARE\Classes\MySpace.Uploader.4.1\Insertable
Reg HKLM\SOFTWARE\Classes\[email protected] MySpace Uploader UploadItems Control
Reg HKLM\SOFTWARE\Classes\MySpace.UploadItems.4\CLSID
Reg HKLM\SOFTWARE\Classes\MySpace.UploadItems.4\[email protected] {84BD32BE-61DC-45EF-997B-71127537D330}
Reg HKLM\SOFTWARE\Classes\MySpace.UploadItems.4\CurVer
Reg HKLM\SOFTWARE\Classes\MySpace.UploadItems.4\[email protected] MySpace.UploadItems.4.1
Reg HKLM\SOFTWARE\Classes\[email protected] MySpace Uploader UploadItems Control
Reg HKLM\SOFTWARE\Classes\MySpace.UploadItems.4.1\CLSID
Reg HKLM\SOFTWARE\Classes\MySpace.UploadItems.4.1\[email protected] {84BD32BE-61DC-45EF-997B-71127537D330}
Reg HKLM\SOFTWARE\Classes\[email protected] MySpace Uploader UploadPane Control
Reg HKLM\SOFTWARE\Classes\MySpace.UploadPane.4\CLSID
Reg HKLM\SOFTWARE\Classes\MySpace.UploadPane.4\[email protected] {33F9C869-A43A-4138-B7A1-1E9598466EC5}
Reg HKLM\SOFTWARE\Classes\MySpace.UploadPane.4\CurVer
Reg HKLM\SOFTWARE\Classes\MySpace.UploadPane.4\[email protected] MySpace.UploadPane.4.1
Reg HKLM\SOFTWARE\Classes\[email protected] MySpace Uploader UploadPane Control
Reg HKLM\SOFTWARE\Classes\MySpace.UploadPane.4.1\CLSID
Reg HKLM\SOFTWARE\Classes\MySpace.UploadPane.4.1\[email protected] {33F9C869-A43A-4138-B7A1-1E9598466EC5}
Reg HKLM\SOFTWARE\Classes\[email protected] Microsoft NetShow Player
Reg HKLM\SOFTWARE\Classes\NSPlay.NSPlayCtl\CurVer
Reg HKLM\SOFTWARE\Classes\NSPlay.NSPlayCtl\[email protected] NSPlay.NSPlayCtl.1
Reg HKLM\SOFTWARE\Classes\[email protected] Microsoft NetShow Player
Reg HKLM\SOFTWARE\Classes\[email protected] 65536
Reg HKLM\SOFTWARE\Classes\NSPlay.NSPlayCtl.1\CLSID
Reg HKLM\SOFTWARE\Classes\NSPlay.NSPlayCtl.1\[email protected] {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
Reg HKLM\SOFTWARE\Classes\[email protected] Microsoft Office Template and Media Control
Reg HKLM\SOFTWARE\Classes\Office.awsdc\CLSID
Reg HKLM\SOFTWARE\Classes\Office.awsdc\[email protected] {02BCC737-B171-4746-94C9-0D8A0B2C0089}
Reg HKLM\SOFTWARE\Classes\Office.awsdc\CurVer
Reg HKLM\SOFTWARE\Classes\Office.awsdc\[email protected] Office.awsdc.1
Reg HKLM\SOFTWARE\Classes\[email protected] Microsoft Office Template and Media Control
Reg HKLM\SOFTWARE\Classes\Office.awsdc.1\CLSID
Reg HKLM\SOFTWARE\Classes\Office.awsdc.1\[email protected] {02BCC737-B171-4746-94C9-0D8A0B2C0089}
Reg HKLM\SOFTWARE\Classes\Office.awsdc.1\Insertable
Reg HKLM\SOFTWARE\Classes\[email protected] ppDSApp Class
Reg HKLM\SOFTWARE\Classes\ppDSApp.ppDSApp\CurVer
Reg HKLM\SOFTWARE\Classes\ppDSApp.ppDSApp\[email protected] ppDSApp.ppDSApp.1
Reg HKLM\SOFTWARE\Classes\[email protected] ppDSApp Class
Reg HKLM\SOFTWARE\Classes\ppDSApp.ppDSApp.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDSApp.ppDSApp.1\[email protected] {2AFA62E2-5548-11D1-A6E1-006097C4E476}
Reg HKLM\SOFTWARE\Classes\[email protected] ppDSClip Class
Reg HKLM\SOFTWARE\Classes\ppDSClip.ppDSClip\CurVer
Reg HKLM\SOFTWARE\Classes\ppDSClip.ppDSClip\[email protected] ppDSClip.ppDSClip.1
Reg HKLM\SOFTWARE\Classes\[email protected] ppDSClip Class
Reg HKLM\SOFTWARE\Classes\ppDSClip.ppDSClip.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDSClip.ppDSClip.1\[email protected] {31C48C31-70B0-11d1-A708-006097C4E476}
Reg HKLM\SOFTWARE\Classes\[email protected] ppDSDetl Class
Reg HKLM\SOFTWARE\Classes\ppDSDetl.ppDSDetl\CurVer
Reg HKLM\SOFTWARE\Classes\ppDSDetl.ppDSDetl\[email protected] ppDSDetl.ppDSDetl.1
Reg HKLM\SOFTWARE\Classes\[email protected] ppDSDetl Class
Reg HKLM\SOFTWARE\Classes\ppDSDetl.ppDSDetl.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDSDetl.ppDSDetl.1\[email protected] {31C48C32-70B0-11d1-A708-006097C4E476}
Reg HKLM\SOFTWARE\Classes\[email protected] ppDSFile Class
Reg HKLM\SOFTWARE\Classes\ppDSFile.ppDSFile\CurVer
Reg HKLM\SOFTWARE\Classes\ppDSFile.ppDSFile\[email protected] ppDSFile.ppDSFile.1
Reg HKLM\SOFTWARE\Classes\[email protected] ppDSFile Class
Reg HKLM\SOFTWARE\Classes\ppDSFile.ppDSFile.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDSFile.ppDSFile.1\[email protected] {1D1237A0-6CD6-11d2-96BA-00104B242E64}
Reg HKLM\SOFTWARE\Classes\[email protected] ppDShowNet Class
Reg HKLM\SOFTWARE\Classes\ppDShowNet.ppDShowNet\CurVer
Reg HKLM\SOFTWARE\Classes\ppDShowNet.ppDShowNet\[email protected] ppDShowNet.ppDShowNet.1
Reg HKLM\SOFTWARE\Classes\[email protected] ppDShowNet Class
Reg HKLM\SOFTWARE\Classes\ppDShowNet.ppDShowNet.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDShowNet.ppDShowNet.1\[email protected] {5C85DCB0-F967-11D0-81ED-00C04FC99D4C}
Reg HKLM\SOFTWARE\Classes\[email protected] ppDShowPlay Class
Reg HKLM\SOFTWARE\Classes\ppDShowPlay.ppDShowPlay\CurVer
Reg HKLM\SOFTWARE\Classes\ppDShowPlay.ppDShowPlay\[email protected] ppDShowPlay.ppDShowPlay.1
Reg HKLM\SOFTWARE\Classes\[email protected] ppDShowPlay Class
Reg HKLM\SOFTWARE\Classes\ppDShowPlay.ppDShowPlay.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDShowPlay.ppDShowPlay.1\[email protected] {C0CD59AE-020D-11d1-81F2-00C04FC99D4C}
Reg HKLM\SOFTWARE\Classes\[email protected] ppDSMeta Class
Reg HKLM\SOFTWARE\Classes\ppDSMeta.ppDSMeta\CurVer
Reg HKLM\SOFTWARE\Classes\ppDSMeta.ppDSMeta\[email protected] ppDSMeta.ppDSMeta.1
Reg HKLM\SOFTWARE\Classes\[email protected] ppDSMeta Class
Reg HKLM\SOFTWARE\Classes\ppDSMeta.ppDSMeta.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDSMeta.ppDSMeta.1\[email protected] {BB314F91-A010-11d1-A75A-006097C4E476}
Reg HKLM\SOFTWARE\Classes\[email protected] ppDSOAdv Class
Reg HKLM\SOFTWARE\Classes\ppDSOAdv.ppDSOAdv\CurVer
Reg HKLM\SOFTWARE\Classes\ppDSOAdv.ppDSOAdv\[email protected] ppDSOAdv.ppDSOAdv.1
Reg HKLM\SOFTWARE\Classes\[email protected] ppDSOAdv Class
Reg HKLM\SOFTWARE\Classes\ppDSOAdv.ppDSOAdv.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDSOAdv.ppDSOAdv.1\[email protected] {AE1A5813-5230-11D1-A6E0-006097C4E476}
Reg HKLM\SOFTWARE\Classes\[email protected] ppDSPropAdv Class
Reg HKLM\SOFTWARE\Classes\ppDSPropAdv.ppDSPropAdv\CurVer
Reg HKLM\SOFTWARE\Classes\ppDSPropAdv.ppDSPropAdv\[email protected] ppDSPropAdv.ppDSPropAdv.1
Reg HKLM\SOFTWARE\Classes\[email protected] ppDSPropAdv Class
Reg HKLM\SOFTWARE\Classes\ppDSPropAdv.ppDSPropAdv.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDSPropAdv.ppDSPropAdv.1\[email protected] {8C4EB103-516F-11D1-A6DF-006097C4E476}
Reg HKLM\SOFTWARE\Classes\[email protected] ppDSView Class
Reg HKLM\SOFTWARE\Classes\ppDSView.ppDSView\CurVer
Reg HKLM\SOFTWARE\Classes\ppDSView.ppDSView\[email protected] ppDSView.ppDSView.1
Reg HKLM\SOFTWARE\Classes\[email protected] ppDSView Class
Reg HKLM\SOFTWARE\Classes\ppDSView.ppDSView.1\CLSID
Reg HKLM\SOFTWARE\Classes\ppDSView.ppDSView.1\[email protected] {AE1A5812-5230-11D1-A6E0-006097C4E476}
Reg HKLM\SOFTWARE\Classes\[email protected] URL:Curse.com Project Synchronization
Reg HKLM\SOFTWARE\Classes\[email protected] Protocol
Reg HKLM\SOFTWARE\Classes\psyn\shell
Reg HKLM\SOFTWARE\Classes\psyn\shell\open
Reg HKLM\SOFTWARE\Classes\psyn\shell\open\command
Reg HKLM\SOFTWARE\Classes\[email protected] SwHelper Class
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CLSID
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\[email protected] {1F3CB77D-D339-49e0-B8E4-FECD6D6F8CB8}
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\CurVer
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper\[email protected] SwBroker.SwHelper.1
Reg HKLM\SOFTWARE\Classes\[email protected] SwHelper Class
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper.1\CLSID
Reg HKLM\SOFTWARE\Classes\SwBroker.SwHelper.1\[email protected] {1F3CB77D-D339-49e0-B8E4-FECD6D6F8CB8}
Reg HKLM\SOFTWARE\Classes\[email protected] Shockwave ActiveX Control
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.11\CLSID
Reg HKLM\SOFTWARE\Classes\SWCtl.SWCtl.11\[email protected] {233C1507-6A77-46A4-9443-F871F945D258}
Reg HKLM\SOFTWARE\Classes\[email protected] SwInstallerCtl Class
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\CLSID
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\[email protected] {4DB2E429-B905-479A-9EFF-F7CBD9FD52DE}
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\CurVer
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl\[email protected] Swdir.SwInstallerCtl.1
Reg HKLM\SOFTWARE\Classes\[email protected] SwInstallerCtl Class
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl.1\CLSID
Reg HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl.1\[email protected] {4DB2E429-B905-479A-9EFF-F7CBD9FD52DE}
Reg HKLM\SOFTWARE\Classes\[email protected] Citrix ICA Connection
Reg HKLM\SOFTWARE\Classes\WinFrameICA\CLSID
Reg HKLM\SOFTWARE\Classes\WinFrameICA\[email protected] {238F6F83-B8B4-11CF-8771-00A024541EE3}
Reg HKLM\SOFTWARE\Classes\WinFrameICA\DefaultIcon
Reg HKLM\SOFTWARE\Classes\WinFrameICA\[email protected] C:\Progra~1\Citrix\icaweb32\wfica32.exe,1
Reg HKLM\SOFTWARE\Classes\WinFrameICA\shell
Reg HKLM\SOFTWARE\Classes\WinFrameICA\[email protected]
Reg HKLM\SOFTWARE\Classes\WinFrameICA\shell\open
Reg HKLM\SOFTWARE\Classes\WinFrameICA\shell\[email protected]
Reg HKLM\SOFTWARE\Classes\WinFrameICA\shell\open\command
Reg HKLM\SOFTWARE\Classes\WinFrameICA\shell\open\[email protected] C:\Progra~1\Citrix\icaweb32\wfica32.exe "%1"
Reg HKLM\SOFTWARE\Classes\[email protected] Windows Media Player Device Autoplay
Reg HKLM\SOFTWARE\Classes\WMP.Device\CLSID
Reg HKLM\SOFTWARE\Classes\WMP.Device\[email protected] {94E03510-31B9-47a0-A44E-E932AC86BB17}
Reg HKLM\SOFTWARE\Classes\WMP.Device\CurVer
Reg HKLM\SOFTWARE\Classes\WMP.Device\[email protected] WMP.Device.1
Reg HKLM\SOFTWARE\Classes\[email protected] Windows Media Player Device Autoplay
Reg HKLM\SOFTWARE\Classes\WMP.Device.1\CLSID
Reg HKLM\SOFTWARE\Classes\WMP.Device.1\[email protected] {94E03510-31B9-47a0-A44E-E932AC86BB17}
Reg HKLM\SOFTWARE\Classes\[email protected] NSSManager Class
Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager\CLSID
Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager\[email protected] {92498132-4d1a-4297-9b78-9e2e4ba99c07}
Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager\CurVer
Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager\[email protected] WMPNSSCI.NSSManager.1
Reg HKLM\SOFTWARE\Classes\[email protected] NSSManager Class
Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager.1\CLSID
Reg HKLM\SOFTWARE\Classes\WMPNSSCI.NSSManager.1\[email protected] {92498132-4d1a-4297-9b78-9e2e4ba99c07}
Reg HKLM\SOFTWARE\Classes\[email protected] WPDServiceProvider Class
Reg HKLM\SOFTWARE\Classes\WPDSp.WPDServiceProvider\CLSID
Reg HKLM\SOFTWARE\Classes\WPDSp.WPDServiceProvider\[email protected] {77F7F122-20B0-4117-A2FB-059D1FC88256}
Reg HKLM\SOFTWARE\Classes\WPDSp.WPDServiceProvider\CurVer
Reg HKLM\SOFTWARE\Classes\WPDSp.WPDServiceProvider\[email protected] WPDSp.WPDServiceProvider.1
Reg HKLM\SOFTWARE\Classes\[email protected] WPDServiceProvider Class
Reg HKLM\SOFTWARE\Classes\WPDSp.WPDServiceProvider.1\CLSID
Reg HKLM\SOFTWARE\Classes\WPDSp.WPDServiceProvider.1\[email protected] {77F7F122-20B0-4117-A2FB-059D1FC88256}

---- EOF - GMER 1.0.15 ----
chuckles3 is offline  
Old 03-03-2011, 04:33 PM   #10
Registered Member
 
Join Date: Nov 2010
Posts: 33
OS: xp



so i ran Combofix with that script. here's the log.
by the way, thanks for the help. you guys are seriously amazing for doing this

ComboFix 11-03-03.02 - 3 03/03/2011 16:18:08.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2031 [GMT -8:00]
Running from: c:\documents and settings\3\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\3\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2011-02-04 to 2011-03-04 )))))))))))))))))))))))))))))))
.

2011-02-19 18:48 . 2011-02-19 18:48 -------- d-----w- c:\documents and settings\3\Local Settings\Application Data\WMTools Downloaded Files
2011-02-19 18:45 . 2011-02-19 18:45 -------- d-----w- c:\documents and settings\3\Application Data\MOVAVI
2011-02-19 18:44 . 2011-02-19 18:44 87392 ----a-r- c:\documents and settings\3\Application Data\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\VideoConverter5_St_10EBE4A00F514DB49EA9B218A1E9D3F5.exe
2011-02-19 18:44 . 2011-02-19 18:44 87392 ----a-r- c:\documents and settings\3\Application Data\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\NewShortcut4_941FA141AAB14924B185046EE8E1BDD9.exe
2011-02-19 18:44 . 2011-02-19 18:44 71008 ----a-r- c:\documents and settings\3\Application Data\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\VideoConverter5_St_BF4E5749C8A942ACA48E229C02AC7D3D.exe
2011-02-19 18:44 . 2011-02-19 18:44 71008 ----a-r- c:\documents and settings\3\Application Data\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\ARPPRODUCTICON.exe
2011-02-19 18:44 . 2011-02-19 18:44 136544 ----a-r- c:\documents and settings\3\Application Data\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\VideoConverter5_St_4949825D36F8486CAED8D1FA37A2B641.exe
2011-02-19 18:44 . 2011-02-19 18:44 -------- d-----w- c:\program files\Movavi Video Converter 10
2011-02-19 03:13 . 2011-03-01 06:04 -------- d-----w- c:\documents and settings\3\Application Data\skypePM
2011-02-19 03:05 . 2011-02-19 03:05 -------- d-----w- c:\program files\Common Files\Skype
2011-02-19 03:05 . 2011-02-19 03:05 -------- d-----r- c:\program files\Skype
2011-02-19 03:05 . 2011-03-01 06:05 -------- d-----w- c:\documents and settings\3\Application Data\Skype
2011-02-14 23:27 . 2011-02-14 23:27 -------- d-----w- c:\program files\SwitchVid.com
2011-02-14 21:34 . 2011-02-14 21:34 -------- d-----w- c:\program files\iRip
2011-02-14 21:21 . 2011-02-14 21:21 -------- d-----w- c:\documents and settings\3\Local Settings\Application Data\The Little App Factory, LLC
2011-02-14 21:13 . 2011-02-14 21:13 -------- d-----w- c:\documents and settings\3\Application Data\BSD
2011-02-14 21:13 . 2011-02-14 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\BSD
2011-02-14 21:13 . 2011-02-14 21:19 -------- d-----w- c:\program files\Common Files\BSD
2011-02-14 21:13 . 2010-11-24 08:08 2219008 ----a-w- c:\windows\bsdsetup.dll
2011-02-14 21:03 . 2011-02-14 21:03 -------- d-----w- c:\program files\iPod
2011-02-14 21:03 . 2011-02-14 21:03 -------- d-----w- c:\program files\iTunes
2011-02-14 20:57 . 2011-02-14 20:57 -------- d-----w- c:\program files\Bonjour
2011-02-14 20:50 . 2011-03-03 23:29 -------- d-----w- c:\documents and settings\uidfgaslidufguailbgi
2011-02-14 19:42 . 2011-02-16 23:00 -------- d-----w- c:\documents and settings\3\Local Settings\Application Data\SwitchVid

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-12 14:05 439296 ------w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2009-09-26 18:24 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-09-26 18:24 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-09-26 18:24 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2009-09-26 18:24 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2009-09-26 18:24 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2009-09-26 18:24 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-09-26 18:24 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2009-09-26 18:24 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2004-08-12 13:55 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 20:06 . 2011-01-12 01:35 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 13:10 . 2004-08-12 14:09 1854976 ------w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-12 13:58 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 17:26 . 2004-08-12 13:59 730112 ------w- c:\windows\system32\lsasrv.dll
2010-12-15 02:51 . 2009-11-26 23:30 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-15 02:51 . 2007-11-06 15:17 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-09 15:15 . 2004-08-12 14:02 718336 ------w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-12 13:56 33280 ------w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-12 14:02 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2069376 ------w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( [email protected]_20.14.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-03 23:45 . 2011-03-03 23:45 16384 c:\windows\Temp\Perflib_Perfdata_b28.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionMDEngine"="c:\program files\ATI Technologies\HydraVision\HydraMD.exe" [2009-04-29 569344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\3\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-1-16 0]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^M(_)M^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\M(_)M\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^uidfgaslidufguailbgi^Start Menu^Programs^Startup^csrss.lnk]
path=c:\documents and settings\uidfgaslidufguailbgi\Start Menu\Programs\Startup\csrss.lnk
backup=c:\windows\pss\csrss.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 07:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 09:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-12 23:18 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]
2005-06-07 07:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-03-13 17:34 81920 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 23:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-05 05:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 11:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-08 04:27 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 03:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Image Zone Express\\HP_IZE.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Blizzard Downloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5555:TCP"= 5555:TCP:Ehshell.exe
"7777:UDP"= 7777:UDP:Ehshell.exe
"3776:UDP"= 3776:UDP:Mcrdsvc.exe
"3390:TCP"= 3390:TCP:Svchost.exe
"3932:TCP"= 3932:TCP:Mcrmgr.exe
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/30/2010 3:49 PM 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/26/2009 10:24 AM 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/26/2009 10:24 AM 17744]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]
S2 DTNetService;DTNetService;c:\program files\DAEMON Tools Net\DTNetSrv.exe --> c:\program files\DAEMON Tools Net\DTNetSrv.exe [?]
S2 RegMumService;ActivePCOptimizer Service;c:\program files\Active PC Optimizer\ActivePCOptimizerService.exe --> c:\program files\Active PC Optimizer\ActivePCOptimizerService.exe [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/28/2009 2:32 AM 445936]

--- Other Services/Drivers In Memory ---

*Deregistered* - uwlcapod

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://flylineonline.org/search/index.php?said=dm&q=kitchen+under+counter+tv
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\~\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\3\Application Data\Mozilla\Firefox\Profiles\lr4ibjb2.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-03 16:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1316)
c:\program files\ATI Technologies\HydraVision\HydraMDH.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-03-03 16:31:25
ComboFix-quarantined-files.txt 2011-03-04 00:31
ComboFix2.txt 2011-03-01 20:18
ComboFix3.txt 2010-12-03 21:17

Pre-Run: 39,585,959,936 bytes free
Post-Run: 39,561,752,576 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - D9E3CDC6670D6E3B7E0D887FE283DBA9
chuckles3 is offline  
Old 03-03-2011, 09:46 PM   #11
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Uninstall the following via the Add/Remove Panel (Start->Control Panel->Add or Remove Programs):

J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1


These are all outdated, and security risks by having them installed still. Unfortunately, Java does not uninstall these older versions when you update, nor tell you that you should. Java(TM) 6 Update 15 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

=============================

I am also concerned about some globally open ports on your system. Even if they are used for legitimate activities, configuring Windows Firewall by opening ports is not recommended, allowing applications access is better. You can visit here to test your firewall and make sure that it's working properly.

========================

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Launch Malwarebyte's, and select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.
Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

========================

Next, go to here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.
amateur is offline  
Old 03-04-2011, 09:02 AM   #12
Registered Member
 
Join Date: Nov 2010
Posts: 33
OS: xp



hello again. i only have time to do the first malwarebyte scan. After school i will finish up with the second.

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 5952

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.2180

3/4/2011 9:00:25 AM
mbam-log-2011-03-04 (09-00-25).txt

Scan type: Quick scan
Objects scanned: 175144
Time elapsed: 11 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 18
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{418D86BE-7386-4F1A-83E0-53604ADBDA74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\g043oqxanu (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKeufla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Downloader) -> Value: MKeufla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKerbla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 (Trojan.Downloader) -> Value: MKerbla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKerbla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Downloader) -> Value: MKerbla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKerbla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 (Trojan.Downloader) -> Value: MKerbla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKeufla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 (Trojan.Downloader) -> Value: MKeufla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKeufla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (Trojan.Downloader) -> Value: MKeufla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKerbla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5 (Trojan.Downloader) -> Value: MKerbla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKerbla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (Trojan.Downloader) -> Value: MKerbla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKerbla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Downloader) -> Value: MKerbla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKerbla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5 (Trojan.Downloader) -> Value: MKerbla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKerbla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Downloader) -> Value: MKerbla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKeufla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Downloader) -> Value: MKeufla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKerbla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 (Trojan.Downloader) -> Value: MKerbla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKerbla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (Trojan.Downloader) -> Value: MKerbla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKerbla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 (Trojan.Downloader) -> Value: MKerbla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKeufla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 (Trojan.Downloader) -> Value: MKeufla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKeufla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (Trojan.Downloader) -> Value: MKeufla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MKerbla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (Trojan.Downloader) -> Value: MKerbla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
chuckles3 is offline  
Old 03-04-2011, 10:38 AM   #13
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



OK. I'll be waiting for the ESET results. Let me know how the system is running now.
amateur is offline  
Old 03-04-2011, 02:10 PM   #14
Registered Member
 
Join Date: Nov 2010
Posts: 33
OS: xp



The computer is running much, much better now. No annoying popups on startup or anything like that

Here's the log:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=49fbbdd2bf4e4e47b5d199dd9dddc565
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-04 08:42:17
# local_time=2011-03-04 12:42:17 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 4305942 4305942 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=68382
# found=5
# cleaned=0
# scan_time=6542
C:\Documents and Settings\3\Application Data\Sun\Java\Deployment\cache\6.0\55\242fc677-496e190c multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\nk1ha120.default\Cache\6C059782d01 a variant of Win32/Adware.RegistryMum application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\nk1ha120.default\Cache\78783B98d01 probably a variant of Win32/HackTool.Patcher.A application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\My Documents\Downloads\ActivePcOptimizer.exe a variant of Win32/Adware.RegistryMum application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\PSCS\pscs.exe a variant of Win32/PowerSpy application (unable to clean) 00000000000000000000000000000000 I
chuckles3 is offline  
Old 03-04-2011, 06:40 PM   #15
Registered Member
 
Join Date: Nov 2010
Posts: 33
OS: xp



i'm not sure if we caused this, but When i booted my computer it took about five minutes to turn on. much longer than usual. and it's been lagging when i play music..about every 1.5 seconds it will lag a small bit.
chuckles3 is offline  
Old 03-05-2011, 12:51 AM   #16
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hi,

Uninstall of the following programs via Add or Remove Programs in Control Panel is advised:

Ask Toolbar ====>This program is not malware, but it may report on your surfing behavior and is considered undesirable, see here for more information.

BitTorrent =======>This practice can make you vulnerable to data and identity theft. Please read this sticky:

Perils of P2P File Sharing

I would strongly urge you to remove it via Add or Remove Programs in Control Panel as suggested in our
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help page.

Quote:
  • p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues. See this link
=============

Your Adobe Reader is out of date and can be exploited. Please download the latest version, here.

Uncheck Google Toolbar or Free McAfee® Security Scan Plus,, or any other offers they may have. during the installation, unless you want it.

=============
  • Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won’t work)
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Click Format and ensure Wordwrap is unchecked.
Code:
File::
C:\Program Files\PSCS\pscs.exe
C:\Documents and Settings\3\Application Data\Sun\Java\Deployment\cache\6.0\55\242fc677-496e190c 
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\nk1ha120.default\Cache\6C059782d01
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\nk1ha120.default\Cache\78783B98d01 
C:\Documents and Settings\Administrator\My Documents\Downloads\ActivePcOptimizer.exe 
C:\Program Files\PSCS\pscs.exe 

FixCSet::
Save this as CFScript.txt on your Desktop.



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • ComboFix may request an update; please allow it.
  • When finished, please post the log it produced in your next reply.
Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.


====================

Please run RootkitUnhooker one more time and post its log along with the Combofix.txt.
amateur is offline  
Old 03-05-2011, 11:28 AM   #17
Registered Member
 
Join Date: Nov 2010
Posts: 33
OS: xp



i couldn't find the Bittorrent or ask toolbar i'm pretty sure i got rid of them the other day. Here's the CF log

ComboFix 11-03-04.06 - 3 03/05/2011 10:55:08.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1999 [GMT -8:00]
Running from: c:\documents and settings\3\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\3\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\3\Application Data\Sun\Java\Deployment\cache\6.0\55\242fc677-496e190c"
"c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\nk1ha120.default\Cache\6C059782d01"
"c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\nk1ha120.default\Cache\78783B98d01"
"c:\documents and settings\Administrator\My Documents\Downloads\ActivePcOptimizer.exe"
"c:\program files\PSCS\pscs.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\3\Application Data\Sun\Java\Deployment\cache\6.0\55\242fc677-496e190c
c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\nk1ha120.default\Cache\6C059782d01
c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\nk1ha120.default\Cache\78783B98d01
c:\documents and settings\Administrator\My Documents\Downloads\ActivePcOptimizer.exe
c:\program files\PSCS\pscs.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-05 to 2011-03-05 )))))))))))))))))))))))))))))))
.
.
2011-03-05 18:33 . 2011-03-05 18:33 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-03-05 18:32 . 2011-03-05 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-03-05 18:32 . 2011-03-05 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-03-05 18:32 . 2011-03-05 18:32 -------- d-----w- c:\program files\McAfee Security Scan
2011-03-04 18:49 . 2011-03-04 18:49 -------- d-----w- c:\program files\ESET
2011-03-04 16:39 . 2011-03-04 16:39 -------- d-----w- c:\documents and settings\3\Application Data\Malwarebytes
2011-03-04 16:39 . 2011-03-04 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-04 16:39 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-04 16:39 . 2011-03-04 16:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-04 16:39 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-19 18:48 . 2011-02-19 18:48 -------- d-----w- c:\documents and settings\3\Local Settings\Application Data\WMTools Downloaded Files
2011-02-19 18:45 . 2011-02-19 18:45 -------- d-----w- c:\documents and settings\3\Application Data\MOVAVI
2011-02-19 18:44 . 2011-02-19 18:44 87392 ----a-r- c:\documents and settings\3\Application Data\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\VideoConverter5_St_10EBE4A00F514DB49EA9B218A1E9D3F5.exe
2011-02-19 18:44 . 2011-02-19 18:44 87392 ----a-r- c:\documents and settings\3\Application Data\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\NewShortcut4_941FA141AAB14924B185046EE8E1BDD9.exe
2011-02-19 18:44 . 2011-02-19 18:44 71008 ----a-r- c:\documents and settings\3\Application Data\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\VideoConverter5_St_BF4E5749C8A942ACA48E229C02AC7D3D.exe
2011-02-19 18:44 . 2011-02-19 18:44 71008 ----a-r- c:\documents and settings\3\Application Data\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\ARPPRODUCTICON.exe
2011-02-19 18:44 . 2011-02-19 18:44 136544 ----a-r- c:\documents and settings\3\Application Data\Microsoft\Installer\{6E7D931F-A23D-4AD7-A107-FCE9B6A47A42}\VideoConverter5_St_4949825D36F8486CAED8D1FA37A2B641.exe
2011-02-19 18:44 . 2011-02-19 18:44 -------- d-----w- c:\program files\Movavi Video Converter 10
2011-02-19 03:13 . 2011-03-01 06:04 -------- d-----w- c:\documents and settings\3\Application Data\skypePM
2011-02-19 03:05 . 2011-02-19 03:05 -------- d-----w- c:\program files\Common Files\Skype
2011-02-19 03:05 . 2011-02-19 03:05 -------- d-----r- c:\program files\Skype
2011-02-19 03:05 . 2011-03-01 06:05 -------- d-----w- c:\documents and settings\3\Application Data\Skype
2011-02-14 23:27 . 2011-02-14 23:27 -------- d-----w- c:\program files\SwitchVid.com
2011-02-14 21:34 . 2011-02-14 21:34 -------- d-----w- c:\program files\iRip
2011-02-14 21:21 . 2011-02-14 21:21 -------- d-----w- c:\documents and settings\3\Local Settings\Application Data\The Little App Factory, LLC
2011-02-14 21:13 . 2011-02-14 21:13 -------- d-----w- c:\documents and settings\3\Application Data\BSD
2011-02-14 21:13 . 2011-02-14 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\BSD
2011-02-14 21:13 . 2011-02-14 21:19 -------- d-----w- c:\program files\Common Files\BSD
2011-02-14 21:13 . 2010-11-24 08:08 2219008 ----a-w- c:\windows\bsdsetup.dll
2011-02-14 21:03 . 2011-02-14 21:03 -------- d-----w- c:\program files\iPod
2011-02-14 21:03 . 2011-02-14 21:03 -------- d-----w- c:\program files\iTunes
2011-02-14 20:57 . 2011-02-14 20:57 -------- d-----w- c:\program files\Bonjour
2011-02-14 20:50 . 2011-03-03 23:29 -------- d-----w- c:\documents and settings\uidfgaslidufguailbgi
2011-02-14 19:42 . 2011-02-16 23:00 -------- d-----w- c:\documents and settings\3\Local Settings\Application Data\SwitchVid
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-12 14:05 439296 ------w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2009-09-26 18:24 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-09-26 18:24 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-09-26 18:24 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2009-09-26 18:24 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2009-09-26 18:24 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2009-09-26 18:24 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-09-26 18:24 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2009-09-26 18:24 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2004-08-12 13:55 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 20:06 . 2011-01-12 01:35 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 13:10 . 2004-08-12 14:09 1854976 ------w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-12 13:58 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 17:26 . 2004-08-12 13:59 730112 ------w- c:\windows\system32\lsasrv.dll
2010-12-15 02:51 . 2009-11-26 23:30 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-12-15 02:51 . 2007-11-06 15:17 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-12-09 15:15 . 2004-08-12 14:02 718336 ------w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-12 13:56 33280 ------w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-12 14:02 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2069376 ------w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionMDEngine"="c:\program files\ATI Technologies\HydraVision\HydraMD.exe" [2009-04-29 569344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\3\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^M(_)M^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\M(_)M\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^uidfgaslidufguailbgi^Start Menu^Programs^Startup^csrss.lnk]
path=c:\documents and settings\uidfgaslidufguailbgi\Start Menu\Programs\Startup\csrss.lnk
backup=c:\windows\pss\csrss.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 07:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-12 23:18 323392 ----a-w- c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]
2005-06-07 07:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-03-13 17:34 81920 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 23:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-05 05:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-08 04:27 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 03:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Image Zone Express\\HP_IZE.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Blizzard Downloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5555:TCP"= 5555:TCP:Ehshell.exe
"7777:UDP"= 7777:UDP:Ehshell.exe
"3776:UDP"= 3776:UDP:Mcrdsvc.exe
"3390:TCP"= 3390:TCP:Svchost.exe
"3932:TCP"= 3932:TCP:*:Disabled:Mcrmgr.exe
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/30/2010 3:49 PM 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/26/2009 10:24 AM 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/26/2009 10:24 AM 17744]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]
S2 DTNetService;DTNetService;c:\program files\DAEMON Tools Net\DTNetSrv.exe --> c:\program files\DAEMON Tools Net\DTNetSrv.exe [?]
S2 RegMumService;ActivePCOptimizer Service;c:\program files\Active PC Optimizer\ActivePCOptimizerService.exe --> c:\program files\Active PC Optimizer\ActivePCOptimizerService.exe [?]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\3\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\3\LOCALS~1\Temp\CFcatchme.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/28/2009 2:32 AM 445936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://flylineonline.org/search/index.php?said=dm&q=kitchen+under+counter+tv
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\~\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\3\Application Data\Mozilla\Firefox\Profiles\lr4ibjb2.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-05 11:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2348)
c:\program files\ATI Technologies\HydraVision\HydraMDH.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-03-05 11:17:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-05 19:17
ComboFix2.txt 2011-03-04 00:31
ComboFix3.txt 2011-03-01 20:18
ComboFix4.txt 2010-12-03 21:17
.
Pre-Run: 38,652,760,064 bytes free
Post-Run: 38,633,525,248 bytes free
.
- - End Of File - - 4A9F90DEC250E7225EC541B7AC2B7BA0
chuckles3 is offline  
Old 03-05-2011, 11:44 AM   #18
Registered Member
 
Join Date: Nov 2010
Posts: 33
OS: xp



and here's the rootkit report. i only scanned the drivers and stealth like you asked me before.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xB43D7000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 4734976 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF1F7000 C:\WINDOWS\System32\ati3duag.dll 3284992 bytes (ATI Technologies Inc. , ati3duag.dll)
0xA7A34000 C:\WINDOWS\system32\DRIVERS\lvsvf2.sys 2207744 bytes (Logitech Inc., SmoothVision filter)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF519000 C:\WINDOWS\System32\ativvaxx.dll 2056192 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB4249000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xA7C4F000 C:\WINDOWS\system32\DRIVERS\LV302AV.SYS 913408 bytes (Logitech Inc., Logitech QuickCam Driver)
0xB404F000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xB41A2000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xBF0FE000 C:\WINDOWS\System32\atikvmag.dll 626688 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xBF068000 C:\WINDOWS\System32\ati2cqag.dll 614400 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB3F4E000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xA7D75000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBF197000 C:\WINDOWS\System32\atiok3x2.dll 393216 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xB3FC9000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA7E80000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA50EB000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 352256 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xA7D2E000 C:\WINDOWS\System32\Drivers\aswSP.SYS 290816 bytes (AVAST Software, avast! self protection module)
0xBF70F000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA525B000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB4126000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xB436B000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA5364000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF744A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA471A000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA7DE5000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB417A000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 163840 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0xA7E32000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA7E5A000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB4102000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB439F000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB4348000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA7E10000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF74A0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7430000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF74C0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA56F4000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF7477000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB4038000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA54FF000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB4166000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB43C3000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA7ED9000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF748E000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB4027000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA780000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB6983000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB6993000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB6933000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB6973000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB658E000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA770000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xB5B6F000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7637000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7677000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xB69A3000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB64FE000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA790000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB6461000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB64A1000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7657000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xB5B0F000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB6963000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB5AEF000 C:\WINDOWS\system32\drivers\lvusbsta.sys 45056 bytes (Logitech Inc., USB Statistic Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB64B1000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB5B3F000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB6441000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB6B1E000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xB6481000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB6471000 C:\WINDOWS\system32\DRIVERS\zumbus.sys 40960 bytes (Microsoft Corporation, Zune User-Mode Bus Enumerator)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB6AAE000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB6491000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB5B1F000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA4F43000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7647000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB5B2F000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB6B3E000 C:\ComboFix\catchme.sys 32768 bytes
0xB6B66000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB4946000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7787000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF775F000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB6A55000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB4976000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77E7000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF772F000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF77CF000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xB6B5E000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7817000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xB6A35000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB6A25000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7717000 pavboot.sys 24576 bytes (Panda Security, S.L., Panda Boot Driver)
0xB65C8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB4966000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB6B76000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xB4BF3000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB4956000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB6CBD000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB6CAD000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7747000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB65F8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB69DF000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xB6C61000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB59F8000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB6C79000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xB59DC000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB5F5A000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA520F000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xB59D8000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9C77000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF792B000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xB4B85000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB4B89000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF798B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7997000 C:\WINDOWS\system32\DRIVERS\lv302af.sys 8192 bytes (Logitech Inc., Audio filter for Express Plus)
0xB4B81000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB63D3000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xB4B7F000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
0xB4B7D000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB4E3A000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB4E2C000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB4BC6000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB9C97000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A83000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [bthpan.sys]
WARNING: Virus alike driver modification [sffp_mmc.sys]
0x00D30000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x898634A0 ] PID: 3520, 102400 bytes
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
0x00CE0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x89C98DA0 ] PID: 3652, 118784 bytes
0x03880000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x898634A0 ] PID: 3520, 118784 bytes
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [usbvideo.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [mutohpen.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [usb8023x.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [hdaudbus.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [bthenum.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [bthusb.sys]
WARNING: Virus alike driver modification [hidir.sys]
WARNING: Virus alike driver modification [rdpdr.sys]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [avgntmgr.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [LVSVF2.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [PnkBstrK.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [hidbth.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [bthport.sys]
0x00EB0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x89C98DA0 ] PID: 3652, 28672 bytes
0x010E0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x89C98DA0 ] PID: 3652, 28672 bytes
0x00D20000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x898634A0 ] PID: 3520, 28672 bytes
0x00D50000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x898634A0 ] PID: 3520, 28672 bytes
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [rndismpx.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
0x01100000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x89C98DA0 ] PID: 3652, 307200 bytes
0x00D90000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x898634A0 ] PID: 3520, 307200 bytes
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [klim5.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [bthprint.sys]
WARNING: Virus alike driver modification [crusoe.sys]
0x039D0000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x89C98DA0 ] PID: 3652, 36864 bytes
0x03920000 Hidden Image-->AxInterop.WBOCXLib.DLL [ EPROCESS 0x898634A0 ] PID: 3520, 36864 bytes
0x03B50000 Hidden Image-->Interop.WBOCXLib.DLL [ EPROCESS 0x898634A0 ] PID: 3520, 36864 bytes
WARNING: Virus alike driver modification [hidclass.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [bthmodem.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [avgntdd.sys]
WARNING: Virus alike driver modification [sisagp.sys]
WARNING: Virus alike driver modification [viaagp.sys]
WARNING: Virus alike driver modification [alim1541.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [amdagp.sys]
WARNING: Virus alike driver modification [uagp35.sys]
WARNING: Virus alike driver modification [agpcpq.sys]
0x00D10000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x89C98DA0 ] PID: 3652, 45056 bytes
0x00D80000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x89C98DA0 ] PID: 3652, 45056 bytes
0x01290000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x89C98DA0 ] PID: 3652, 45056 bytes
0x00CF0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x898634A0 ] PID: 3520, 45056 bytes
0x00D10000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x898634A0 ] PID: 3520, 45056 bytes
0x00DF0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x898634A0 ] PID: 3520, 45056 bytes
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [gagp30kx.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [rfcomm.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
0x038A0000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x898634A0 ] PID: 3520, 69632 bytes
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [mcd.sys]
0x00D90000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x89C98DA0 ] PID: 3652, 77824 bytes
0x00D60000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x898634A0 ] PID: 3520, 77824 bytes
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [VC4CB104.SYS]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [slnthal.sys]
chuckles3 is offline  
Old 03-05-2011, 11:56 AM   #19
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



  • Download TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, ensure Cure is selected (it should be by default) NOTE: If Cure is not an option, please select Skip.
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\
    For example, C:\TDSSKiller.2.4.17.0_date_time_log.txt
  • Attach that log, please.
amateur is offline  
Old 03-05-2011, 12:29 PM   #20
Registered Member
 
Join Date: Nov 2010
Posts: 33
OS: xp



I don't think it found anything. However my computer is running somewhat slow even without having many processes open. not sure if that is something we did


2011/03/05 12:24:20.0437 3556 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/05 12:24:20.0656 3556 ================================================================================
2011/03/05 12:24:20.0656 3556 SystemInfo:
2011/03/05 12:24:20.0656 3556
2011/03/05 12:24:20.0656 3556 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/05 12:24:20.0656 3556 Product type: Workstation
2011/03/05 12:24:20.0656 3556 ComputerName: SHEREE-48FC9397
2011/03/05 12:24:20.0656 3556 UserName: 3
2011/03/05 12:24:20.0656 3556 Windows directory: C:\WINDOWS
2011/03/05 12:24:20.0656 3556 System windows directory: C:\WINDOWS
2011/03/05 12:24:20.0656 3556 Processor architecture: Intel x86
2011/03/05 12:24:20.0656 3556 Number of processors: 1
2011/03/05 12:24:20.0656 3556 Page size: 0x1000
2011/03/05 12:24:20.0656 3556 Boot type: Normal boot
2011/03/05 12:24:20.0656 3556 ================================================================================
2011/03/05 12:24:21.0296 3556 Initialize success
2011/03/05 12:24:31.0203 3076 ================================================================================
2011/03/05 12:24:31.0203 3076 Scan started
2011/03/05 12:24:31.0203 3076 Mode: Manual;
2011/03/05 12:24:31.0203 3076 ================================================================================
2011/03/05 12:24:33.0906 3076 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/03/05 12:24:35.0296 3076 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/05 12:24:35.0843 3076 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/05 12:24:36.0812 3076 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/05 12:24:37.0406 3076 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/05 12:24:37.0984 3076 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/05 12:24:41.0937 3076 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/03/05 12:24:42.0453 3076 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/03/05 12:24:42.0968 3076 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/03/05 12:24:43.0593 3076 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/03/05 12:24:44.0109 3076 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/03/05 12:24:44.0609 3076 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/05 12:24:45.0171 3076 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/05 12:24:47.0718 3076 ati2mtag (f06cfd54ad49c0621b40ebf063c46b08) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/03/05 12:24:48.0281 3076 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/05 12:24:48.0796 3076 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/05 12:24:49.0312 3076 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/05 12:24:49.0828 3076 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/05 12:24:50.0328 3076 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/05 12:24:51.0281 3076 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/05 12:24:51.0812 3076 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/05 12:24:52.0343 3076 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/05 12:24:55.0250 3076 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/05 12:24:56.0078 3076 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/05 12:24:56.0843 3076 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/05 12:24:57.0437 3076 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/05 12:24:57.0984 3076 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/05 12:24:58.0953 3076 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/05 12:24:59.0515 3076 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/03/05 12:25:00.0062 3076 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/05 12:25:00.0531 3076 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/05 12:25:01.0031 3076 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/05 12:25:01.0546 3076 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/05 12:25:02.0093 3076 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/05 12:25:02.0609 3076 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/05 12:25:03.0171 3076 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/05 12:25:03.0718 3076 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/03/05 12:25:04.0218 3076 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/05 12:25:04.0734 3076 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/05 12:25:05.0750 3076 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/05 12:25:06.0250 3076 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/05 12:25:06.0750 3076 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/05 12:25:07.0328 3076 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/03/05 12:25:08.0203 3076 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/03/05 12:25:08.0765 3076 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/05 12:25:10.0187 3076 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/05 12:25:11.0171 3076 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/03/05 12:25:12.0125 3076 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/05 12:25:13.0046 3076 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/05 12:25:13.0593 3076 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/05 12:25:14.0109 3076 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/05 12:25:14.0640 3076 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/05 12:25:15.0187 3076 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/05 12:25:15.0734 3076 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/05 12:25:16.0312 3076 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/05 12:25:16.0812 3076 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/05 12:25:17.0437 3076 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/05 12:25:17.0953 3076 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/05 12:25:18.0531 3076 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/05 12:25:19.0203 3076 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/05 12:25:19.0796 3076 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/05 12:25:20.0734 3076 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/03/05 12:25:21.0218 3076 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/05 12:25:21.0718 3076 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/05 12:25:22.0234 3076 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/05 12:25:22.0750 3076 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/03/05 12:25:23.0281 3076 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/05 12:25:23.0812 3076 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/05 12:25:24.0312 3076 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/05 12:25:24.0859 3076 MR97310_USB_DUAL_CAMERA (1aae79a4176a957bf2bb679812f04655) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
2011/03/05 12:25:25.0843 3076 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/05 12:25:26.0546 3076 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/05 12:25:27.0156 3076 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/05 12:25:27.0656 3076 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/05 12:25:28.0203 3076 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/05 12:25:29.0031 3076 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/05 12:25:29.0859 3076 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/05 12:25:30.0703 3076 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/05 12:25:31.0578 3076 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/05 12:25:32.0421 3076 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/05 12:25:33.0375 3076 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/05 12:25:34.0296 3076 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/05 12:25:35.0296 3076 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/05 12:25:36.0562 3076 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/05 12:25:37.0750 3076 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/05 12:25:38.0984 3076 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/05 12:25:40.0421 3076 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/05 12:25:41.0890 3076 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/05 12:25:43.0562 3076 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/05 12:25:45.0406 3076 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/05 12:25:46.0718 3076 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/05 12:25:49.0203 3076 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/05 12:25:50.0890 3076 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/05 12:25:51.0546 3076 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/05 12:25:52.0234 3076 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/05 12:25:53.0156 3076 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/05 12:25:54.0109 3076 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/05 12:25:55.0187 3076 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
2011/03/05 12:25:55.0734 3076 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/05 12:25:56.0750 3076 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/05 12:25:57.0359 3076 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/05 12:26:00.0609 3076 pepifilter (2a3efd6c3f116675d149da5e36a010a4) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2011/03/05 12:26:02.0546 3076 PID_08A0 (cebefeae6156f4fee41f56be89ea9c96) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
2011/03/05 12:26:03.0218 3076 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/05 12:26:03.0765 3076 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/05 12:26:04.0406 3076 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/05 12:26:04.0968 3076 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/05 12:26:05.0796 3076 QCMerced (a5d52c11eff8b133432d98b2c2a4aee6) C:\WINDOWS\system32\DRIVERS\LVCM.sys
2011/03/05 12:26:09.0625 3076 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/05 12:26:10.0250 3076 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/05 12:26:10.0921 3076 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/05 12:26:11.0437 3076 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/05 12:26:12.0031 3076 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/05 12:26:12.0578 3076 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/05 12:26:13.0125 3076 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/05 12:26:13.0687 3076 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/05 12:26:14.0250 3076 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/05 12:26:15.0078 3076 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/03/05 12:26:15.0593 3076 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/05 12:26:16.0125 3076 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/05 12:26:16.0687 3076 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/05 12:26:17.0671 3076 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/05 12:26:18.0250 3076 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/03/05 12:26:18.0765 3076 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/03/05 12:26:19.0890 3076 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/05 12:26:20.0765 3076 sptd (ef4e4e1775db542c767dd0c7b46db926) C:\WINDOWS\System32\Drivers\sptd.sys
2011/03/05 12:26:21.0437 3076 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/05 12:26:22.0093 3076 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/05 12:26:22.0703 3076 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/05 12:26:23.0187 3076 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/05 12:26:23.0718 3076 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/05 12:26:25.0875 3076 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/05 12:26:26.0500 3076 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/05 12:26:26.0968 3076 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/05 12:26:27.0468 3076 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/05 12:26:28.0015 3076 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/05 12:26:29.0000 3076 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/05 12:26:30.0234 3076 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/05 12:26:30.0890 3076 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/05 12:26:31.0484 3076 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/03/05 12:26:32.0000 3076 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/05 12:26:32.0484 3076 usbcm (a31c1f4b2448eeeff7c0d4e4d58bd9b3) C:\WINDOWS\system32\DRIVERS\usbcm.sys
2011/03/05 12:26:33.0000 3076 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/05 12:26:33.0500 3076 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/05 12:26:34.0015 3076 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/05 12:26:34.0546 3076 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/05 12:26:35.0093 3076 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/05 12:26:35.0593 3076 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/05 12:26:36.0109 3076 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/05 12:26:37.0046 3076 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/05 12:26:37.0546 3076 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/05 12:26:38.0250 3076 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/03/05 12:26:39.0187 3076 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/05 12:26:39.0968 3076 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/05 12:26:40.0468 3076 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/05 12:26:41.0000 3076 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/05 12:26:41.0531 3076 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/05 12:26:42.0078 3076 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/05 12:26:42.0609 3076 zumbus (763ac56e714907e9d420b9ab694f7b18) C:\WINDOWS\system32\DRIVERS\zumbus.sys
2011/03/05 12:26:44.0515 3076 ================================================================================
2011/03/05 12:26:44.0515 3076 Scan finished
2011/03/05 12:26:44.0515 3076 ================================================================================
chuckles3 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
computer freezes redirects to different sites on google
Please help. My computer has been running slow and many times when I upload a page it says it is not responding. The other issue is that when I do a search on google and click on the correct search,it directs me to another soliciting site. I have tried to run GMER both ways and it just will not...
lubo1 Inactive Malware Help Topics 8 02-21-2011 09:28 PM
Browser Redirect Issue
I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3 entries) were the only...
bob2881 Resolved HJT Threads 21 02-21-2011 06:48 PM
Please check my post for bob2881 [resolved]
Link to thread. I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3...
Skiingguru1611 Resolved Back Me Up Threads 32 02-21-2011 06:41 PM
Help!!!!! Antivira AV.. Losing my mind!!!
Hello, Somehow Antivira AV has gotten into my system and I can't get rid of it. I have went online and did a google search which told me to start my computer in Safemode with networking. I did that then as instructed opened internet explorer went to tools, internet options, connections, LAN...
Ohoopee Resolved HJT Threads 16 02-14-2011 09:05 PM
Troubleshoot! A Virus. OH, NO!
:wave: Hello, This first time I have ever gotten a virus on my labtop since I've gotten it. Ugh, very fustrating, also, I'm the type of person whose a do it herself person, plus I literally have no money to spend on professional help or professional programs. I've spend quite a bit of...
Lishy Inactive Malware Help Topics 0 01-25-2011 11:57 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:04 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts