1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Blue screen virus

Discussion in 'Malware and Virus Removal Archive' started by rpicon, 2012/02/06.

Page 1 of 3
  1. 2012/02/06
    rpicon

    rpicon Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    198
    Likes Received:
    0
    [Resolved] Blue screen virus

    For the last few days I've been getting the "Blue Screen ". Turn off pc and restart. Ususally after 2 hours or so the blue screen poops up and i have start all over.

    I updated and ran Malwarebytes Anti-Malware and nothing was found
    I ran GMER and DDS, but couldn't run aswMBR. I have aswMBR saved on my desktop but everytime i would click to open it the dreaded blue screen will pop up and shot me down. i tried while in "Safe Mode" but the same thing happened.

    I need your expertise and help me find the problem.

    Here are my reports:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.03.08

    Windows XP Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.18702
    rpicon :: GLB-RPICON-02 [limited]

    2012-02-03 12:54
    mbam-log-2012-02-03 (12-54-09).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 234844
    Time elapsed: 9 minute(s), 1 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
    rpicon,
    #1
  2. 2012/02/06
    rpicon

    rpicon Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    198
    Likes Received:
    0
    Blue screen virus

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-02-06 11:54:57
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 rev.
    Running: hic3f4fy.exe; Driver: C:\DOCUME~1\RICKPI~1\LOCALS~1\Temp\kxtcrpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAF06E728]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xAF0757EA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xAF0756A2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xAF075CA8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xAF075BBE]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xAF075276]
    SSDT sptd.sys ZwEnumerateKey [0xB9EDBD48]
    SSDT sptd.sys ZwEnumerateValueKey [0xB9EDC0C0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAF06E7D8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xAF07577E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xAF0751B2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xAF075218]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAF06E870]
    SSDT sptd.sys ZwQueryKey [0xB9EDC18A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xAF0758C2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAF075D76]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xAF075880]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xAF075A04]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAF08282E]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAF082652]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAF08278C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2BF8 80503AD4 4 Bytes JMP C4AF0757
    .text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80503C94 4 Bytes [70, E8, 06, AF] {JO 0xffffffffffffffea; PUSH ES; SCASD }
    PAGE ntkrnlpa.exe!ZwLoadDriver 80582F22 7 Bytes JMP AF082790 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!NtCreateSection 805A9FE4 7 Bytes JMP AF082656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BB0D0 5 Bytes JMP AF07E1EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C1A06 5 Bytes JMP AF07FC88 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CFBDA 7 Bytes JMP AF082832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    ? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
    ? C:\WINDOWS\System32\Drivers\SPTD3197.SYS The process cannot access the file because it is being used by another process.
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8AA8360, 0x1DE5ED, 0xE8000020]
    .text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 B89B44D0 16 Bytes [C1, 0A, 03, CE, B7, CF, FA, ...]
    .text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 B89B44E1 7 Bytes [30, 9B, B8, 32, D2, 9B, 73]
    .text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 19 B89B44E9 23 Bytes [FC, E4, 89, 99, B4, 30, 84, ...]
    ? C:\WINDOWS\System32\Drivers\vaxscsi.sys The process cannot access the file because it is being used by another process.
    init C:\Program Files\GameTap\bin\Release\X4HSX32.Sys entry point in "init" section [0xB80D2D80]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[256] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[256] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[256] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[256] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[256] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[256] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[256] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\Explorer.EXE[256] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[416] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[416] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[416] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[416] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[416] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[416] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[416] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[416] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[416] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[416] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[416] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[416] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[416] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[416] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[416] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[620] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[620] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[620] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[620] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[620] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[620] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[620] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[620] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[620] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[620] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[620] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[620] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[620] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[620] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[620] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[684] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[684] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[684] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[684] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[684] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[684] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[684] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[684] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[684] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[684] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[684] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[684] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[684] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[684] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[684] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\RaMaint.exe[728] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\RaMaint.exe[728] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\RaMaint.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\RaMaint.exe[728] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\RaMaint.exe[728] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\RaMaint.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\RaMaint.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\RaMaint.exe[728] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\RaMaint.exe[728] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\RaMaint.exe[728] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\RaMaint.exe[728] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\RaMaint.exe[728] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\RaMaint.exe[728] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\RaMaint.exe[728] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\RaMaint.exe[728] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[792] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[792] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[792] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[792] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[792] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[792] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[792] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[792] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[792] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[792] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[792] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[792] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[792] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[792] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[792] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[816] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[816] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[816] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[816] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[816] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[816] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\winlogon.exe[816] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[864] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[864] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[864] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[864] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[864] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[864] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\services.exe[864] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[900] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[900] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[900] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[900] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[900] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[900] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[900] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\lsass.exe[900] USER32.dll!UnhookWinEvent
     
    rpicon,
    #2


  3. to hide this advert.

  4. 2012/02/06
    rpicon

    rpicon Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    198
    Likes Received:
    0
    Blue screen virus

    .text C:\WINDOWS\system32\svchost.exe[924] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[924] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[924] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[924] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[924] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[924] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[924] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[924] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1132] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1132] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1132] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1132] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1132] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1216] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1216] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1256] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1256] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1256] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1256] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1256] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1256] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1256] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1256] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1256] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1256] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1256] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1256] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1256] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1256] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1256] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1296] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1296] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1296] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1296] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1296] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1296] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1296] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1296] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1296] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1296] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1296] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1296] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1296] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1296] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1296] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1312] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1312] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1312] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1312] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1312] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1312] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1312] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1312] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\svchost.exe[1312] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1384] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1384] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1384] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1384] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1384] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\nvsvc32.exe[1416] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\nvsvc32.exe[1416] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\nvsvc32.exe[1416] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\nvsvc32.exe[1416] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\nvsvc32.exe[1416] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\nvsvc32.exe[1416] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\nvsvc32.exe[1416] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\nvsvc32.exe[1416] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\nvsvc32.exe[1416] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\nvsvc32.exe[1416] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\nvsvc32.exe[1416] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\nvsvc32.exe[1416] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\nvsvc32.exe[1416] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\nvsvc32.exe[1416] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\nvsvc32.exe[1416] ADVAPI32.dll!DeleteService
     
    rpicon,
    #3
  5. 2012/02/06
    rpicon

    rpicon Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    198
    Likes Received:
    0
    Blue screen virus

    .text C:\Program Files\Secunia\PSI\PSIA.exe[1460] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1460] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1460] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1460] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1460] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1460] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1460] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1460] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1460] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1460] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1460] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1460] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1460] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1460] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\PSIA.exe[1460] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\taskmgr.exe[1476] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\taskmgr.exe[1476] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\taskmgr.exe[1476] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\taskmgr.exe[1476] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\taskmgr.exe[1476] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\taskmgr.exe[1476] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\taskmgr.exe[1476] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\taskmgr.exe[1476] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\taskmgr.exe[1476] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\taskmgr.exe[1476] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\taskmgr.exe[1476] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\taskmgr.exe[1476] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\taskmgr.exe[1476] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\taskmgr.exe[1476] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\taskmgr.exe[1476] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\svchost.exe[1512] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1644] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1876] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1876] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1876] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1876] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1876] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1876] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1876] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1876] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1876] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1876] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1876] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1876] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1876] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1876] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe[1876] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[2020] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[2020] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[2020] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[2020] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[2020] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[2020] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[2020] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[2020] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[2020] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[2020] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\spoolsv.exe[2020] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2168] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2168] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2168] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2168] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2168] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2168] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2168] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2168] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2168] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2168] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2168] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2168] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2168] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2168] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2168] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2660] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2660] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2660] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2660] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2660] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2660] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2660] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2660] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2660] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2660] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2660] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2660] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2660] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2660] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2660] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\QuickTime\qttask.exe[2768] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\QuickTime\qttask.exe[2768] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\QuickTime\qttask.exe[2768] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\QuickTime\qttask.exe[2768] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\QuickTime\qttask.exe[2768] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\QuickTime\qttask.exe[2768] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\QuickTime\qttask.exe[2768] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\QuickTime\qttask.exe[2768] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\QuickTime\qttask.exe[2768] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\QuickTime\qttask.exe[2768] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\QuickTime\qttask.exe[2768] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\QuickTime\qttask.exe[2768] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\QuickTime\qttask.exe[2768] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\QuickTime\qttask.exe[2768] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\QuickTime\qttask.exe[2768] ADVAPI32.dll!DeleteService
     
    rpicon,
    #4
  6. 2012/02/06
    rpicon

    rpicon Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    198
    Likes Received:
    0
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2796] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2832] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2832] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2832] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2832] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2832] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2832] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2832] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2832] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2832] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2832] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2832] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2832] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2832] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2832] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2832] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2928] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2928] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2928] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2928] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2928] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2928] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2928] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2928] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2928] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2928] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[3076] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[3076] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[3076] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[3076] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[3076] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[3076] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[3076] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[3076] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[3076] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[3076] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[3076] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[3076] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\System32\alg.exe[3076] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\MSN Messenger\msnmsgr.exe[3108] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\MSN Messenger\msnmsgr.exe[3108] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\MSN Messenger\msnmsgr.exe[3108] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)
    .text C:\Program Files\MSN Messenger\msnmsgr.exe[3108] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\MSN Messenger\msnmsgr.exe[3108] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\MSN Messenger\msnmsgr.exe[3108] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\MSN Messenger\msnmsgr.exe[3108] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\MSN Messenger\msnmsgr.exe[3108] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\MSN Messenger\msnmsgr.exe[3108] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\MSN Messenger\msnmsgr.exe[3108] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\MSN Messenger\msnmsgr.exe[3108] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\MSN Messenger\msnmsgr.exe[3108] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\MSN Messenger\msnmsgr.exe[3108] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\MSN Messenger\msnmsgr.exe[3108] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\MSN Messenger\msnmsgr.exe[3108] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\MSN Messenger\msnmsgr.exe[3108] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3180] USER32.dll!MessageBoxIndirectW
     
    rpicon,
    #5
  7. 2012/02/06
    rpicon

    rpicon Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    198
    Likes Received:
    0
    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3328] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3328] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3328] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3328] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3328] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3328] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3328] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3328] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3328] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3328] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3472] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3472] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3472] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3472] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3472] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3472] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3472] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3472] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3472] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3472] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3472] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3472] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3472] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3472] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[3472] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[3572] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[3572] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[3572] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[3572] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[3572] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[3572] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[3572] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[3572] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[3572] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[3572] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[3572] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[3572] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[3572] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[3572] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\ctfmon.exe[3572] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe[3636] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe[3636] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe[3636] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe[3636] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe[3636] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe[3636] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe[3636] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe[3636] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe[3636] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe[3636] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe[3636] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe[3636] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe[3636] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe[3636] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe[3636] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3660] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3660] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3660] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3660] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3660] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3660] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3660] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[3840] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[3840] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[3840] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[3840] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[3840] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[3840] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[3840] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[3840] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[3840] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[3840] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[3840] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[3840] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[3840] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[3840] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Secunia\PSI\psi_tray.exe[3840] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\WINDOWS\system32\wuauclt.exe[4040] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[4040] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[4040] ADVAPI32.dll!SetServiceObjectSecurity 77E36BE1 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[4040] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[4040] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[4040] ADVAPI32.dll!ChangeServiceConfig2A 77E36F61 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[4040] ADVAPI32.dll!ChangeServiceConfig2W 77E36FE9 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[4040] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[4040] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[4040] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[4040] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[4040] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[4040] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[4040] USER32.dll!SetWinEventHook 7E4317B7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\WINDOWS\system32\wuauclt.exe[4040] USER32.dll!UnhookWinEvent 7E43186C 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Rick Picon\Desktop\hic3f4fy.exe[4076] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
    .text C:\Documents and Settings\Rick Picon\Desktop\hic3f4fy.exe[4076] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9ED7A32] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9ED7B6E] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9ED7AF6] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9ED86CC] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9ED85A2] sptd.sys

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[656] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\WINDOWS\system32\services.exe[864] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 006D0002
    IAT C:\WINDOWS\system32\services.exe[864] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 006D0000
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3084] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[4016] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----
     
    rpicon,
    #6
  8. 2012/02/06
    rpicon

    rpicon Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    198
    Likes Received:
    0
    aswMBR report:

    Unable to run. Blue Screen in every attemp
     
    rpicon,
    #7
  9. 2012/02/06
    rpicon

    rpicon Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    198
    Likes Received:
    0
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by rpicon at 12:06:18 on 2012-02-06
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1433 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\savedump.exe
    "C:\WINDOWS\system32\svchost.exe "
    "C:\WINDOWS\system32\svchost.exe "
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\userinit.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\program files\airset\airset.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe "
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [CompanionLink] "c:\program files\airset\airset.exe" -Icon
    uRun: [Google Update] "c:\documents and settings\rick picon\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe "
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    StartupFolder: c:\docume~1\rickpi~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\rick picon\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\salesf~1.lnk - c:\program files\salesforce.com\salesforce for outlook\SfdcMsOl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
    DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} - hxxp://www1.skillground.com/cab1831/SkillGround.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {25D9AA40-ED39-11D2-A038-009027078284} - hxxps://www.advisorservices.com/content/advisor/files/UrlDownloader.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249928285454
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260546108330
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} - hxxps://vex.advisorservices.com/Views/VeoExpress/AdoView/Pages/veoExpress.CAB
    TCP: DhcpNameServer = 192.168.1.113
    TCP: Interfaces\{849CB337-DE20-421B-AC9E-B4F750CB1F7B} : DhcpNameServer = 192.168.1.113
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: LMIinit - LMIinit.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\rick picon\application data\mozilla\firefox\profiles\cu58ft3k.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
    FF - component: c:\documents and settings\rick picon\application data\mozilla\firefox\profiles\cu58ft3k.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\documents and settings\rick picon\application data\mozilla\firefox\profiles\cu58ft3k.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\documents and settings\rick picon\application data\mozilla\firefox\profiles\cu58ft3k.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
    FF - component: c:\documents and settings\rick picon\application data\mozilla\firefox\profiles\cu58ft3k.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
    FF - component: c:\documents and settings\rick picon\application data\mozilla\firefox\profiles\cu58ft3k.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - plugin: c:\documents and settings\rick picon\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPSFDMGR.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    FF - Ext: Default Full Zoom Level: {D9A7CBEC-DE1A-444f-A092-844461596C4D} - %profile%\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-14 294608]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 74480]
    R2 APC Data Service;APC Data Service;c:\program files\apc\apc powerchute personal edition\dataserv.exe [2010-9-14 21880]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-14 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-14 40384]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-4-10 3712]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-27 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-27 47640]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
    R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
    R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2007-1-30 223128]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-24 40776]
    S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-2-17 34760]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    =============== Created Last 30 ================
    .
    2012-02-06 16:52:53 -------- d-----w- c:\documents and settings\rick picon\application data\MSNInstaller
    2012-01-25 20:44:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ==================== Find3M ====================
    .
    2012-02-06 16:56:06 98304 ----a-w- c:\windows\DUMP4e4e.tmp
    2012-02-03 17:53:21 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600
    .
    CreateFile( "\\.\PHYSICALDRIVE0 "): The process cannot access the file because it is being used by another process.
    device: opened successfully
    user: error reading MBR
    .
    Disk trace:
    called modules: ntkrnlpa.exe >>UNKNOWN [0x88AB6A2E]<<
    _asm { MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; MOV EAX, [EBX+0x60]; PUSH ESI; MOV ESI, [EBP+0x8]; CMP ESI, [0x88ab9180]; JZ 0x25; PUSH EBX; PUSH ESI; CALL [0x88ab9178]; }
    1 ntkrnlpa!IofCallDriver[0x804EF16A] -> \Device\Harddisk0\DR0[0x89DDDAB8]
    \Driver\Disk[0x89D69A08] -> IRP_MJ_CREATE -> 0x89E4B708
    kernel: MBR read successfully
    _asm { XOR EAX, EAX; NOP ; MOV DS, AX; MOV ES, AX; NOP ; MOV SS, AX; MOV SP, 0x7c00; CLD ; MOV SI, 0x7c00; MOV DI, 0x600; NOP ; MOV CX, 0x80; NOP ; REP MOVSD ; NOP ; JMP FAR 0x0:0x624; }
    detected disk devices:
    detected hooks:
    \Driver\Disk -> 0x89e4b708
    \Driver\iaStor DriverStartIo -> 0x88AB70AE
    \Driver\iaStor -> 0x88ab6f76
    IoDeviceObjectType -> ParseProcedure -> 0x88ab620e
    \Device\Harddisk0\DR0 -> ParseProcedure -> 0x88ab620e
    user != kernel MBR !!!
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
    .
    ============= FINISH: 12:07:12.20 ===============
     
    rpicon,
    #8
  10. 2012/02/06
    rpicon

    rpicon Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    198
    Likes Received:
    0
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2006-03-31 13:54:53
    System Uptime: 2012-02-06 12:03:28 (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0YC523
    Processor: Intel(R) Pentium(R) D CPU 3.20GHz | Microprocessor | 3192/800mhz
    Processor: Intel(R) Pentium(R) D CPU 3.20GHz | Microprocessor | 3192/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 109 GiB total, 34.11 GiB free.
    D: is FIXED (NTFS) - 37 GiB total, 6.035 GiB free.
    E: is CDROM (CDFS)
    F: is CDROM ()
    G: is CDROM (CDFS)
    P: is NetworkDisk (NTFS) - 136 GiB total, 43.811 GiB free.
    T: is NetworkDisk (NTFS) - 136 GiB total, 43.811 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP751: 2011-12-05 13:35:27 - Removed Stamps.com Address Book Support for Microsoft Outlook 97-2007
    RP752: 2011-12-05 13:35:53 - Removed Stamps.com
    RP753: 2011-12-05 13:37:21 - Removed Dell Support 3.1
    RP754: 2011-12-05 13:38:42 - Removed QuickBooks
    RP755: 2011-12-05 13:42:37 - Removed NaviPlan Standard Offline
    RP756: 2011-12-05 13:50:12 - Removed Apple Software Update
    RP757: 2011-12-05 14:00:48 - Removed Avery Wizard 4.0.
    RP758: 2011-12-06 14:38:24 - System Checkpoint
    RP759: 2011-12-07 14:44:45 - System Checkpoint
    RP760: 2011-12-08 15:03:09 - System Checkpoint
    RP761: 2011-12-09 15:15:06 - System Checkpoint
    RP762: 2011-12-10 16:03:14 - System Checkpoint
    RP763: 2011-12-11 17:03:12 - System Checkpoint
    RP764: 2011-12-12 18:03:10 - System Checkpoint
    RP765: 2011-12-13 19:03:01 - System Checkpoint
    RP766: 2011-12-14 20:02:58 - System Checkpoint
    RP767: 2011-12-15 21:02:51 - System Checkpoint
    RP768: 2011-12-16 22:02:48 - System Checkpoint
    RP769: 2011-12-17 23:02:47 - System Checkpoint
    RP770: 2011-12-19 00:02:46 - System Checkpoint
    RP771: 2011-12-20 01:02:45 - System Checkpoint
    RP772: 2011-12-21 02:02:41 - System Checkpoint
    RP773: 2011-12-22 02:34:28 - System Checkpoint
    RP774: 2011-12-23 03:33:50 - System Checkpoint
    RP775: 2011-12-24 03:34:08 - System Checkpoint
    RP776: 2011-12-25 03:35:25 - System Checkpoint
    RP777: 2011-12-26 04:34:43 - System Checkpoint
    RP778: 2011-12-27 05:34:35 - System Checkpoint
    RP779: 2011-12-28 06:34:18 - System Checkpoint
    RP780: 2011-12-29 07:34:11 - System Checkpoint
    RP781: 2011-12-30 08:32:02 - System Checkpoint
    RP782: 2011-12-31 08:33:14 - System Checkpoint
    RP783: 2012-01-01 08:33:50 - System Checkpoint
    RP784: 2012-01-02 09:33:49 - System Checkpoint
    RP785: 2012-01-03 10:33:47 - System Checkpoint
    RP786: 2012-01-04 13:41:25 - System Checkpoint
    RP787: 2012-01-05 14:56:38 - System Checkpoint
    RP788: 2012-01-06 15:31:43 - System Checkpoint
    RP789: 2012-01-07 15:32:02 - System Checkpoint
    RP790: 2012-01-08 15:33:05 - System Checkpoint
    RP791: 2012-01-09 17:24:49 - System Checkpoint
    RP792: 2012-01-10 17:57:00 - System Checkpoint
    RP793: 2012-01-11 18:32:57 - System Checkpoint
    RP794: 2012-01-12 19:07:43 - System Checkpoint
    RP795: 2012-01-13 19:32:47 - System Checkpoint
    RP796: 2012-01-14 20:32:45 - System Checkpoint
    RP797: 2012-01-15 21:32:44 - System Checkpoint
    RP798: 2012-01-16 22:32:42 - System Checkpoint
    RP799: 2012-01-17 23:32:41 - System Checkpoint
    RP800: 2012-01-19 00:32:33 - System Checkpoint
    RP801: 2012-01-20 01:32:30 - System Checkpoint
    RP802: 2012-01-21 02:33:08 - System Checkpoint
    RP803: 2012-01-22 03:32:23 - System Checkpoint
    RP804: 2012-01-23 04:32:21 - System Checkpoint
    RP805: 2012-01-24 05:32:20 - System Checkpoint
    RP806: 2012-01-25 06:32:10 - System Checkpoint
    RP807: 2012-01-26 06:32:52 - System Checkpoint
    RP808: 2012-01-27 07:32:09 - System Checkpoint
    RP809: 2012-01-28 08:31:57 - System Checkpoint
    RP810: 2012-01-29 09:31:55 - System Checkpoint
    RP811: 2012-01-30 10:31:53 - System Checkpoint
    RP812: 2012-01-31 11:32:55 - System Checkpoint
    RP813: 2012-02-01 12:31:58 - System Checkpoint
    RP814: 2012-02-02 14:14:06 - System Checkpoint
    RP815: 2012-02-03 14:49:09 - System Checkpoint
    RP816: 2012-02-06 09:43:10 - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    Adobe Acrobat 8 Professional - English, Français, Deutsch
    Adobe Acrobat 8.1.0 Professional
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Shockwave Player 11.6
    AIM Pro
    AirSet Desktop Sync
    AOL Uninstaller (Choose which Products to Remove)
    APC PowerChute Personal Edition 3.0
    avast! Free Antivirus
    Avery Wizard 4.0
    BearShare
    CCleaner
    Classic Menu for Office
    Dell CinePlayer
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Digital Content Portal
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    Dropbox
    ESET Online Scanner v3
    GameTap
    Google
    Google Calendar Sync
    Google Chrome
    Google Desktop
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Updater
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Intel Matrix Storage Manager
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    IrfanView (remove only)
    iTunes
    Java(TM) 6 Update 26
    KhalSetup
    Logitech SetPoint
    LogMeIn
    Macromedia Flash Player
    Malwarebytes Anti-Malware version 1.60.1.1000
    MCU
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync 4.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Math Add-in for Word 2007
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Access 2003 Runtime
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual J# .NET Redistributable Package 1.1
    Microsoft Visual J# 2.0 Redistributable Package
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox (3.6.25)
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 6.0 Parser (KB933579)
    Network Assistant
    NVIDIA Drivers
    Plaxo Toolbar for Windows
    PokerStars.net
    PortfolioCenter
    PortfolioCenter Management Console
    QBFC3.0
    Qualxserve Service Agreement
    QuickBooks Pro 2006
    QuickTime
    RealPlayer Basic
    Relationship Manager
    RetCalc 2.0
    Roxio DLA
    Roxio MyDVD LE
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    RSSRadio
    Salesforce for Outlook
    Secunia PSI (2.0.0.3003)
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB896688)
    SkillGround Game Manager
    SUPERAntiSpyware Free Edition
    swMSM
    TD AMERITRADE Statements/Confirmations Manager
    Total Access Memo 2003 Runtime
    TurboTax 2010
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax 2010 wvaiper
    UnHackMe 5.00 release
    Update for Outlook 2007 Junk Email Filter (KB934655)
    URL Assistant
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual Studio 2005 Tools for Office Second Edition Runtime
    VLC media player 1.0.2
    WebFldrs XP
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    WinRAR archiver
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2012-02-06 12:05:46, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 88e922d1, parameter3 b982da58, parameter4 00000000.
    2012-02-06 12:02:33, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2012-02-06 11:08:55, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
    2012-02-03 12:30:12, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
    2012-02-03 10:57:12, error: System Error [1003] - Error code 00000006, parameter1 00000000, parameter2 00000000, parameter3 00000000, parameter4 00000000.
    2012-02-02 17:54:00, error: sptd [4] - Driver detected an internal error in its data structures for .
    2012-02-02 17:39:52, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
    rpicon,
    #9
  11. 2012/02/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================================

    Leave aswMBR alone for now.

    Run this...

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ...and DDS logs.
     
    broni,
    #10
  12. 2012/02/06
    rpicon

    rpicon Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    198
    Likes Received:
    0
    Thank you

    Rick
     
    rpicon,
    #11
  13. 2012/02/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Don't forget Attach.txt part of DDS.
     
    broni,
    #12
  14. 2012/02/06
    rpicon

    rpicon Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    198
    Likes Received:
    0
    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02738a00
    ATA_Read(): DeviceIoControl() ERROR 87
    Boot sector MD5 is: d151c79dcec0bf1ec983bea63558a0ef

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
     
    rpicon,
    #13
  15. 2012/02/06
    rpicon

    rpicon Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    198
    Likes Received:
    0
    here's the Attach.txt part of DDS:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2006-03-31 13:54:53
    System Uptime: 2012-02-06 12:03:28 (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0YC523
    Processor: Intel(R) Pentium(R) D CPU 3.20GHz | Microprocessor | 3192/800mhz
    Processor: Intel(R) Pentium(R) D CPU 3.20GHz | Microprocessor | 3192/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 109 GiB total, 34.11 GiB free.
    D: is FIXED (NTFS) - 37 GiB total, 6.035 GiB free.
    E: is CDROM (CDFS)
    F: is CDROM ()
    G: is CDROM (CDFS)
    P: is NetworkDisk (NTFS) - 136 GiB total, 43.811 GiB free.
    T: is NetworkDisk (NTFS) - 136 GiB total, 43.811 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP751: 2011-12-05 13:35:27 - Removed Stamps.com Address Book Support for Microsoft Outlook 97-2007
    RP752: 2011-12-05 13:35:53 - Removed Stamps.com
    RP753: 2011-12-05 13:37:21 - Removed Dell Support 3.1
    RP754: 2011-12-05 13:38:42 - Removed QuickBooks
    RP755: 2011-12-05 13:42:37 - Removed NaviPlan Standard Offline
    RP756: 2011-12-05 13:50:12 - Removed Apple Software Update
    RP757: 2011-12-05 14:00:48 - Removed Avery Wizard 4.0.
    RP758: 2011-12-06 14:38:24 - System Checkpoint
    RP759: 2011-12-07 14:44:45 - System Checkpoint
    RP760: 2011-12-08 15:03:09 - System Checkpoint
    RP761: 2011-12-09 15:15:06 - System Checkpoint
    RP762: 2011-12-10 16:03:14 - System Checkpoint
    RP763: 2011-12-11 17:03:12 - System Checkpoint
    RP764: 2011-12-12 18:03:10 - System Checkpoint
    RP765: 2011-12-13 19:03:01 - System Checkpoint
    RP766: 2011-12-14 20:02:58 - System Checkpoint
    RP767: 2011-12-15 21:02:51 - System Checkpoint
    RP768: 2011-12-16 22:02:48 - System Checkpoint
    RP769: 2011-12-17 23:02:47 - System Checkpoint
    RP770: 2011-12-19 00:02:46 - System Checkpoint
    RP771: 2011-12-20 01:02:45 - System Checkpoint
    RP772: 2011-12-21 02:02:41 - System Checkpoint
    RP773: 2011-12-22 02:34:28 - System Checkpoint
    RP774: 2011-12-23 03:33:50 - System Checkpoint
    RP775: 2011-12-24 03:34:08 - System Checkpoint
    RP776: 2011-12-25 03:35:25 - System Checkpoint
    RP777: 2011-12-26 04:34:43 - System Checkpoint
    RP778: 2011-12-27 05:34:35 - System Checkpoint
    RP779: 2011-12-28 06:34:18 - System Checkpoint
    RP780: 2011-12-29 07:34:11 - System Checkpoint
    RP781: 2011-12-30 08:32:02 - System Checkpoint
    RP782: 2011-12-31 08:33:14 - System Checkpoint
    RP783: 2012-01-01 08:33:50 - System Checkpoint
    RP784: 2012-01-02 09:33:49 - System Checkpoint
    RP785: 2012-01-03 10:33:47 - System Checkpoint
    RP786: 2012-01-04 13:41:25 - System Checkpoint
    RP787: 2012-01-05 14:56:38 - System Checkpoint
    RP788: 2012-01-06 15:31:43 - System Checkpoint
    RP789: 2012-01-07 15:32:02 - System Checkpoint
    RP790: 2012-01-08 15:33:05 - System Checkpoint
    RP791: 2012-01-09 17:24:49 - System Checkpoint
    RP792: 2012-01-10 17:57:00 - System Checkpoint
    RP793: 2012-01-11 18:32:57 - System Checkpoint
    RP794: 2012-01-12 19:07:43 - System Checkpoint
    RP795: 2012-01-13 19:32:47 - System Checkpoint
    RP796: 2012-01-14 20:32:45 - System Checkpoint
    RP797: 2012-01-15 21:32:44 - System Checkpoint
    RP798: 2012-01-16 22:32:42 - System Checkpoint
    RP799: 2012-01-17 23:32:41 - System Checkpoint
    RP800: 2012-01-19 00:32:33 - System Checkpoint
    RP801: 2012-01-20 01:32:30 - System Checkpoint
    RP802: 2012-01-21 02:33:08 - System Checkpoint
    RP803: 2012-01-22 03:32:23 - System Checkpoint
    RP804: 2012-01-23 04:32:21 - System Checkpoint
    RP805: 2012-01-24 05:32:20 - System Checkpoint
    RP806: 2012-01-25 06:32:10 - System Checkpoint
    RP807: 2012-01-26 06:32:52 - System Checkpoint
    RP808: 2012-01-27 07:32:09 - System Checkpoint
    RP809: 2012-01-28 08:31:57 - System Checkpoint
    RP810: 2012-01-29 09:31:55 - System Checkpoint
    RP811: 2012-01-30 10:31:53 - System Checkpoint
    RP812: 2012-01-31 11:32:55 - System Checkpoint
    RP813: 2012-02-01 12:31:58 - System Checkpoint
    RP814: 2012-02-02 14:14:06 - System Checkpoint
    RP815: 2012-02-03 14:49:09 - System Checkpoint
    RP816: 2012-02-06 09:43:10 - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    Adobe Acrobat 8 Professional - English, Français, Deutsch
    Adobe Acrobat 8.1.0 Professional
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Shockwave Player 11.6
    AIM Pro
    AirSet Desktop Sync
    AOL Uninstaller (Choose which Products to Remove)
    APC PowerChute Personal Edition 3.0
    avast! Free Antivirus
    Avery Wizard 4.0
    BearShare
    CCleaner
    Classic Menu for Office
    Dell CinePlayer
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Digital Content Portal
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    Dropbox
    ESET Online Scanner v3
    GameTap
    Google
    Google Calendar Sync
    Google Chrome
    Google Desktop
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Updater
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Intel Matrix Storage Manager
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    IrfanView (remove only)
    iTunes
    Java(TM) 6 Update 26
    KhalSetup
    Logitech SetPoint
    LogMeIn
    Macromedia Flash Player
    Malwarebytes Anti-Malware version 1.60.1.1000
    MCU
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync 4.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Math Add-in for Word 2007
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Access 2003 Runtime
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual J# .NET Redistributable Package 1.1
    Microsoft Visual J# 2.0 Redistributable Package
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox (3.6.25)
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 6.0 Parser (KB933579)
    Network Assistant
    NVIDIA Drivers
    Plaxo Toolbar for Windows
    PokerStars.net
    PortfolioCenter
    PortfolioCenter Management Console
    QBFC3.0
    Qualxserve Service Agreement
    QuickBooks Pro 2006
    QuickTime
    RealPlayer Basic
    Relationship Manager
    RetCalc 2.0
    Roxio DLA
    Roxio MyDVD LE
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    RSSRadio
    Salesforce for Outlook
    Secunia PSI (2.0.0.3003)
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB896688)
    SkillGround Game Manager
    SUPERAntiSpyware Free Edition
    swMSM
    TD AMERITRADE Statements/Confirmations Manager
    Total Access Memo 2003 Runtime
    TurboTax 2010
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax 2010 wvaiper
    UnHackMe 5.00 release
    Update for Outlook 2007 Junk Email Filter (KB934655)
    URL Assistant
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual Studio 2005 Tools for Office Second Edition Runtime
    VLC media player 1.0.2
    WebFldrs XP
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    WinRAR archiver
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2012-02-06 12:05:46, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 88e922d1, parameter3 b982da58, parameter4 00000000.
    2012-02-06 12:02:33, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2012-02-06 11:08:55, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
    2012-02-03 12:30:12, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
    2012-02-03 10:57:12, error: System Error [1003] - Error code 00000006, parameter1 00000000, parameter2 00000000, parameter3 00000000, parameter4 00000000.
    2012-02-02 17:54:00, error: sptd [4] - Driver detected an internal error in its data structures for .
    2012-02-02 17:39:52, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
    rpicon,
    #14
  16. 2012/02/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
    broni,
    #15
  17. 2012/02/06
    rpicon

    rpicon Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    198
    Likes Received:
    0
    Blue screen virus

    ListParts by Farbar
    Ran by rpicon on 06-02-2012 at 12:59:09
    Windows XP (X86)
    Running From: C:\Documents and Settings\Rick Picon\Desktop
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 31%
    Total physical RAM: 2046.08 MB
    Available physical RAM: 1404.46 MB
    Total Pagefile: 3937.59 MB
    Available Pagefile: 3459.72 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2001.34 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:108.59 GB) (Free:34.1 GB) NTFS ==>[Drive with boot components (Windows XP)]
    2 Drive d: (Backup) (Fixed) (Total:36.96 GB) (Free:6.03 GB) NTFS
    5 Drive g: (ACROPRO80_EFG) (CDROM) (Total:0.9 GB) (Free:0 GB) CDFS
    6 Drive p: () (Network) (Total:136.02 GB) (Free:43.81 GB) NTFS
    7 Drive t: () (Network) (Total:136.02 GB) (Free:43.81 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 149 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 32 KB
    Partition 2 Primary 109 GB 39 MB
    Partition 3 Primary 37 GB 109 GB
    Partition 4 Unknown 3499 MB 146 GB

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NTFS Partition 109 GB Healthy System (partition with boot components)

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 D Backup NTFS Partition 37 GB Healthy

    Disk: 0
    Partition 4
    Type : DB
    Hidden: Yes
    Active: No
    There is no volume associated with this partition.


    ****** End Of Log ******
     
    rpicon,
    #16
  18. 2012/02/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    That looks normal.

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #17
  19. 2012/02/06
    rpicon

    rpicon Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    198
    Likes Received:
    0
    having issues running combofix. blue screen keeps showing
     
    rpicon,
    #18
  20. 2012/02/06
    rpicon

    rpicon Inactive Thread Starter

    Joined:
    2006/12/29
    Messages:
    198
    Likes Received:
    0
    ok reinstalled combofix, renameit and ran rkill

    here's the report:
    ComboFix 12-02-06.02 - rpicon 2012-02-06 13:57:19.15.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1407 [GMT -5:00]
    Running from: c:\documents and settings\Rick Picon\Desktop\rpicon.exe
    AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-06 16:52 . 2012-02-06 16:52 -------- d-----w- c:\documents and settings\Rick Picon\Application Data\MSNInstaller
    2012-02-03 14:15 . 2012-02-03 14:15 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Yahoo
    2012-02-02 22:36 . 2012-02-02 22:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
    2012-02-02 22:36 . 2012-02-02 22:36 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
    2012-02-02 22:36 . 2012-02-02 22:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2012-01-25 20:44 . 2012-01-26 19:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-06 16:56 . 2006-03-07 12:51 98304 ----a-w- c:\windows\DUMP4e4e.tmp
    2011-12-10 20:24 . 2009-03-24 16:47 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-02-06_18.15.39 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2012-02-02 22:36 . 2012-02-06 18:08 16384 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
    + 2012-02-02 22:36 . 2012-02-06 18:56 16384 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
    + 2012-02-02 22:35 . 2012-02-06 18:56 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2012-02-02 22:35 . 2012-02-06 18:08 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2006-03-31 17:48 . 2012-02-06 18:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2006-03-31 17:48 . 2012-02-06 18:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2012-02-02 22:36 . 2012-02-06 18:56 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    - 2012-02-02 22:36 . 2012-02-06 18:08 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    + 2012-02-02 22:35 . 2012-02-06 18:56 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2012-02-02 22:35 . 2012-02-06 18:08 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2012-02-06 18:47 . 2012-02-06 18:47 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F7F2714E-50F2-11E1-B768-0013720D9C8E}.dat
    + 2012-02-06 18:50 . 2012-02-06 18:56 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{6A414448-50F3-11E1-B768-0013720D9C8E}.dat
    + 2012-02-06 18:20 . 2012-02-06 18:20 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{3C548BC0-50EF-11E1-B767-0013720D9C8E}.dat
    + 2012-02-06 18:50 . 2012-02-06 18:56 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6A414449-50F3-11E1-B768-0013720D9C8E}.dat
    + 2012-02-06 18:56 . 2012-02-06 18:56 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{53556670-50F4-11E1-B768-0013720D9C8E}.dat
    + 2012-02-06 18:56 . 2012-02-06 18:56 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5355666F-50F4-11E1-B768-0013720D9C8E}.dat
    + 2012-02-06 18:56 . 2012-02-06 18:56 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4CF4D143-50F4-11E1-B768-0013720D9C8E}.dat
    + 2012-02-06 18:56 . 2012-02-06 18:56 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4CF4D142-50F4-11E1-B768-0013720D9C8E}.dat
    + 2012-02-06 18:56 . 2012-02-06 18:56 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4CF4D140-50F4-11E1-B768-0013720D9C8E}.dat
    + 2012-02-06 18:20 . 2012-02-06 18:20 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{43FF01D8-50EF-11E1-B767-0013720D9C8E}.dat
    + 2012-02-06 18:47 . 2012-02-06 18:48 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{132866AD-50F3-11E1-B768-0013720D9C8E}.dat
    + 2012-02-06 18:47 . 2012-02-06 18:47 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{132866AC-50F3-11E1-B768-0013720D9C8E}.dat
    + 2012-02-06 18:47 . 2012-02-06 18:47 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0CE64D1C-50F3-11E1-B768-0013720D9C8E}.dat
    + 2012-02-06 18:47 . 2012-02-06 18:47 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0CE64D1B-50F3-11E1-B768-0013720D9C8E}.dat
    + 2012-02-06 18:47 . 2012-02-06 18:47 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{00BDDA06-50F3-11E1-B768-0013720D9C8E}.dat
    + 2012-02-06 18:47 . 2012-02-06 18:47 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{00BDDA04-50F3-11E1-B768-0013720D9C8E}.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Rick Picon\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Rick Picon\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Rick Picon\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @= "{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Rick Picon\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]
    "AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-06-11 2321600]
    "H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
    "CompanionLink "= "c:\program files\airset\airset.exe" [2007-12-05 11866112]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-07-09 7110656]
    "LogMeIn GUI "= "c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    c:\documents and settings\Rick Picon\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Rick Picon\Application Data\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-9-14 271736]
    Salesforce for Outlook.lnk - c:\program files\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe [2011-7-29 468384]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-25 21:44 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2009-10-01 18:30 87352 ----a-w- c:\windows\system32\LMIinit.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @= "Service "
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
    backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Rick Picon^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
    backup=c:\windows\pss\Microsoft Office Groove.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Rick Picon^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2007-05-11 02:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    2007-06-11 21:17 2321600 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-04 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
    2005-09-08 11:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2005-10-05 09:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2006-03-07 13:15 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2007-08-24 12:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    2006-06-21 02:36 1207080 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2005-06-17 13:56 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    2006-05-10 13:48 94208 ----a-w- c:\windows\KHALMNPR.Exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2007-01-19 17:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2005-07-09 05:57 7110656 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
    2011-01-05 23:19 15752 ----a-w- c:\documents and settings\Rick Picon\Local Settings\Application Data\Plaxo\3.25.0.87\plaxosystray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
    2011-01-05 23:19 813448 ----a-w- c:\documents and settings\Rick Picon\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2007-04-27 13:41 282624 ----a-w- c:\program files\QuickTime\qttask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aolsoftware.exe "=
    "c:\\Program Files\\Common Files\\AOL\\1144767884\\ee\\aim6.exe "=
    "c:\\Program Files\\Network Assistant\\Nassi.exe "=
    "c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\SPTServer.exe "=
    "c:\\Program Files\\Schwab Performance Technologies\\PortfolioCenter\\PortfolioCenter.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe "=
    "c:\\StubInstaller.exe "=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
    "c:\\Program Files\\Xolox\\mldonkey\\mlnet.exe "=
    "c:\\Program Files\\Xolox\\XoloxEXE.exe "=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\MSN Messenger\\livecall.exe "=
    "c:\\Program Files\\AIM\\AIM Pro\\aimpro.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe "=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "135:TCP "= 135:TCP:DCOM
    "3389:TCP "= 3389:TCP:mad:xpsp2res.dll,-22009
    "3393:TCP "= 3393:TCP:RD-Rick
    "26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-01-30 643072]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-02-14 294608]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-06-23 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-06-23 74480]
    R2 APC Data Service;APC Data Service;c:\program files\APC\APC PowerChute Personal Edition\dataserv.exe [2010-09-14 21880]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-02-14 17744]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-04-10 3712]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-06-27 12856]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [2011-04-19 993848]
    R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2007-01-30 223128]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2009-02-17 34760]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-09-01 15544]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-06 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-07 13:00]
    .
    2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500089258-3802542852-2463999137-1115Core.job
    - c:\documents and settings\Rick Picon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 14:20]
    .
    2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500089258-3802542852-2463999137-1115UA.job
    - c:\documents and settings\Rick Picon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-24 14:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TCP: DhcpNameServer = 192.168.1.113
    DPF: {25D9AA40-ED39-11D2-A038-009027078284} - hxxps://www.advisorservices.com/content/advisor/files/UrlDownloader.cab
    DPF: {FF0F7B6E-D733-11D7-8088-0001024743E4} - hxxps://vex.advisorservices.com/Views/VeoExpress/AdoView/Pages/veoExpress.CAB
    FF - ProfilePath - c:\documents and settings\Rick Picon\Application Data\Mozilla\Firefox\Profiles\cu58ft3k.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    FF - Ext: Default Full Zoom Level: {D9A7CBEC-DE1A-444f-A092-844461596C4D} - %profile%\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-06 14:03
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    c:\program files\Internet Explorer\iexplore.exe [3980] 0x884735D8
    c:\program files\Internet Explorer\iexplore.exe [3256] 0x88639480
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600
    .
    CreateFile( "\\.\PHYSICALDRIVE0 "): The process cannot access the file because it is being used by another process.
    device: opened successfully
    user: error reading MBR
    kernel: MBR read successfully
    detected disk devices:
    detected hooks:
    \Driver\Disk -> 0x89e4b4d0
    \Driver\iaStor DriverStartIo -> 0x88A1C0AE
    \Driver\iaStor -> 0x88a1bf76
    IoDeviceObjectType -> ParseProcedure -> 0x88a1b20e
    \Device\Harddisk0\DR0 -> ParseProcedure -> 0x88a1b20e
    user != kernel MBR !!!
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,f0,e3,66,f2,f9,fc,49,b8,0d,68,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,f0,e3,66,f2,f9,fc,49,b8,0d,68,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(812)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    - - - - - - - > 'explorer.exe'(752)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Rick Picon\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2012-02-06 14:05:46
    ComboFix-quarantined-files.txt 2012-02-06 19:05
    ComboFix2.txt 2012-02-06 18:17
    .
    Pre-Run: 37,611,323,392 bytes free
    Post-Run: 37,630,971,904 bytes free
    .
    - - End Of File - - B48CD63519A7DB84F6F3BC2F2F0C5042
     
    rpicon,
    #19
  21. 2012/02/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #20
Page 1 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...