Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

rndom srch engine results redirect & IE usually doesn't work

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

rndom srch engine results redirect & IE usually doesn't work

Unread postby C-Royd » January 21st, 2011, 10:34 pm

Hi. I guess i'll do it in point form:
-search engine results get redirected to xxx://www.yafraudcheckonline.com but last month, it was redirecting to xxx://www.croozybannir.com and about 5 weeks before that, it was redirecting to xxx://www.cr0zybaner.com
-when i launch internet explorer, it'll work for about 5 seconds and then it'll freeze. I have to end the process using task manager. I also notice that task manager will show about 3 iexplore.exe processes running

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:21:36 PM, on 1/21/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Novatel Wireless\Mobilink\Lite.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\1am Studios\iPhone FileExplorer\IPhoneFileExplorer.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\mIRC\mirc.exe
C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [FlashGet 3] "C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe" -minimize
O4 - HKCU\..\Run: [Google Update] "C:\Users\amog\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MobiLink Lite] C:\Program Files\Novatel Wireless\MobiLink\Lite.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IPhoneFileExplorer] C:\Program Files\1am Studios\iPhone FileExplorer\IPhoneFileExplorer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1795858736-4127996407-118159487-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-1795858736-4127996407-118159487-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/device ... Loader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7823 bytes
Last edited by Cypher on January 22nd, 2011, 7:24 am, edited 1 time in total.
Reason: Killed bad links
C-Royd
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 10:29 pm
Advertisement
Register to Remove

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby Cypher » January 22nd, 2011, 7:35 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup Made Easy - XP
Backup your data - Vista
Backup your data - windows 7



Please do not post links to sites you are being redirected to, others could get infected by clicking on them.

Please post an Uninstall list.

  • Open HijackThis.
  • Click on the Open the Misc Tools section button.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please post this log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby C-Royd » January 22nd, 2011, 3:21 pm

Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 6.0
BlackBerry Desktop Software 6.0
BlackBerry Device Software Updater
BlackBerry Device Software v5.0.0 for the BlackBerry 9000 smartphone
BlackBerry Device Software v5.0.0 for the BlackBerry 9700 smartphone
BlackBerry JDE 5.0.0
BlackBerry Smartphone Simulators 6.0.0.141 (9800)
BlackBerry v4.2.1 for the 8700 Series Wireless Handheld
Bonjour
DolbyFiles
FileZilla Client 3.3.2.1
FlashFXP v3
FlashGet 1.9.2.1028
Full Tilt Poker
GGPO
Google Talk Plugin
HiJackThis
Holdem Manager
Impatica viaDock 1.1.5
iPhone FileExplorer
iTunes
Java(TM) 6 Update 20
Kaptain Brawe A Brawe New World Episode 1
Launchy 2.1.2
Livestream Procaster
Malwarebytes' Anti-Malware
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIRC
Mobilink Lite
Mozilla Firefox (3.6.8)
Nero 9
Nero 9.4.13.2c
Nero ControlCenter
Nero Installer
NeroBurningROM
OpenOffice.org 3.2
PokerStars
PostgreSQL 8.4
QuickPar 0.9
QuickTime
Rogers Web Conferencing
SUPERAntiSpyware Professional
SWF to AVI 1.7
Synaptics Pointing Device Driver
Trillian
Ventrilo Client
Videora iPhone Converter 5.04
VLC media player 1.0.5
Warcraft III
WC3Banlist
WinPcap 4.1 beta5
WinRAR archiver
Yahoo! Messenger
C-Royd
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 10:29 pm

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby Cypher » January 22nd, 2011, 3:44 pm

Hi C-Royd.

Windows 7 Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.


No anti-virus

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors.


Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.


Next.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)


Next.

Please download DeFogger to your desktop.

Right click DeFogger And select " Run as administrator " to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


Next.

Please download GMER Rootkit Scanner from Here.
  • Right click the .exe file and chose Run as Administrator. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.



Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • RSIT log.txt and info.txt contents.
  • Gmer.txt
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby C-Royd » January 23rd, 2011, 4:51 pm

I ran a scan with Avast and it found a rootkit. I restarted so that Avast could stan prior to Windows booting, It says it found the files which I deleted. Upon booting into Windows, i got a BSOD. After rebooting, I got into Windows and Avast informed me that it again found a rootkit and also a heuristic virus. I restarted to let it perform another scan. This time it found no problems. I booted into windows, got another BSOD, rebooted, got in no problem. Tested google.com and clicked on some links. Still getting randomly redirected to yafraudcheckonline =(

updated Malwarebytes Anti Malware and performed a scan.

MALWARE BYTES LOG:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5581

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/23/2011 3:47:15 PM
mbam-log-2011-01-23 (15-47-15).txt

Scan type: Quick scan
Objects scanned: 163400
Time elapsed: 8 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
C-Royd
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 10:29 pm

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby C-Royd » January 23rd, 2011, 4:51 pm

RSIT INFO.LOG File


info.txt logfile of random's system information tool 1.08 2011-01-23 15:43:05

======Uninstall list======

-->"C:\STUFF\DOWNLOADS\HitmanPro35.exe" /uninstall
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
BlackBerry Desktop Software 6.0-->MsiExec.exe /i{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}
BlackBerry Desktop Software 6.0-->MsiExec.exe /I{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}
BlackBerry Device Software Updater-->MsiExec.exe /X{23C12370-3A82-4558-B727-F345B473AD87}
BlackBerry Device Software v5.0.0 for the BlackBerry 9000 smartphone-->MsiExec.exe /X{F629E6C1-EFD0-40D1-A3A9-06AEF4D08011}
BlackBerry Device Software v5.0.0 for the BlackBerry 9700 smartphone-->MsiExec.exe /X{71420ED7-8DB9-46E6-988A-72794D954F59}
BlackBerry JDE 5.0.0-->MsiExec.exe /X{D0ECDCCD-F0BF-4D9D-AF06-03471A76BA9D}
BlackBerry Smartphone Simulators 6.0.0.141 (9800)-->MsiExec.exe /X{0228A45C-2BC7-48E7-BACB-9D322F92C3B3}
BlackBerry v4.2.1 for the 8700 Series Wireless Handheld-->MsiExec.exe /X{D10619EA-8F56-445F-AA98-6EF208E4864F}
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
DolbyFiles-->MsiExec.exe /X{b1adf008-e898-4fe2-8a1f-690d9a06acaf}
FileZilla Client 3.3.2.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
FlashGet 1.9.2.1028-->C:\Program Files\FlashGet\uninst.exe
Full Tilt Poker-->C:\Program Files\Full Tilt Poker\uninstall.exe
GGPO-->MsiExec.exe /X{68BD9036-0952-4849-AE7A-963BB53EDB71}
Google Talk Plugin-->MsiExec.exe /I{37C5A56A-00EA-347B-B7A1-5628BED56702}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Holdem Manager-->"C:\Program Files\RVG Software\Holdem Manager\UninstallHoldemManager.exe"
Impatica viaDock 1.1.5-->C:\Program Files\Impatica viaDock\uninstall.exe
iPhone FileExplorer-->MsiExec.exe /I{CD04D99E-3D49-4252-823B-45AB37A9E3BC}
iTunes-->MsiExec.exe /I{7AB3A249-FB81-416B-917A-A2A10E74C503}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Kaptain Brawe A Brawe New World Episode 1-->"C:\Program Files\Kaptain Brawe A Brawe New World Episode 1\uninstall.exe" "/U:C:\Program Files\Kaptain Brawe A Brawe New World Episode 1\Uninstall\uninstall.xml"
Launchy 2.1.2-->"C:\Program Files\Launchy\unins000.exe"
Livestream Procaster-->MsiExec.exe /I{531447F3-0BEB-408C-818F-AE0F31144C62}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mobilink Lite-->MsiExec.exe /I{28938B7C-B11B-49BD-84E4-44C8416D4C07}
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 9.4.13.2c-->C:\Program Files\Nero\Nero 9\Nero Burning ROM\Uninstall.exe
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-84AE-TC7E-7Z85-6P7E-0P96-TUHX-1WEK"
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
NeroBurningROM-->MsiExec.exe /X{d025a639-b9c9-417d-8531-208859000af8}
OpenOffice.org 3.2-->MsiExec.exe /I{6ADD0603-16EF-400D-9F9E-486432835002}
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PostgreSQL 8.4-->C:\Program Files\PostgreSQL\8.4\uninstall-postgresql.exe
QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Rogers Web Conferencing-->"C:\Program Files\InstallShield Installation Information\{D81CD572-D535-43E1-8AAB-00F089FBFC21}\setup.exe" -runfromtemp -l0x0009 -removeonly
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SWF to AVI 1.7-->"C:\Program Files\SWF to AVI\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Trillian-->C:\Program Files\Trillian\Trillian.exe /uninstall
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Videora iPhone Converter 5.04-->C:\Program Files\Video Converter App\uninstaller.exe
VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III-->C:\Program Files\Common Files\Blizzard Entertainment\Warcraft III (2)\Uninstall.exe
WC3Banlist-->"C:\Program Files\WC3Banlist\unins000.exe"
WinPcap 4.1 beta5-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 www.8minutedating.com
127.0.0.1 whysohardx.com
127.0.0.1 protectyourpc-11.com
127.0.0.1 checkserverstatux.com
127.0.0.1 xinmin.cn
127.0.0.1 xy95.cn
127.0.0.1 koralda.com
127.0.0.1 weirden.com
127.0.0.1 nanocloudcontroller.com
127.0.0.1 coo0lnet.net

======System event log======

Computer Name: amogcomp
Event Code: 41
Message: The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Record Number: 773
Source Name: Microsoft-Windows-Kernel-Power
Time Written: 20100314074854.401243-000
Event Type: Critical
User: NT AUTHORITY\SYSTEM

Computer Name: amogcomp
Event Code: 6008
Message: The previous system shutdown at 1:16:25 AM on ?3/?14/?2010 was unexpected.
Record Number: 769
Source Name: EventLog
Time Written: 20100314074916.000000-000
Event Type: Error
User:

Computer Name: amogcomp
Event Code: 1014
Message: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Record Number: 745
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20100314052944.504087-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: amogcomp
Event Code: 1014
Message: Name resolution for the name www.dignow.org timed out after none of the configured DNS servers responded.
Record Number: 704
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20100314033617.759782-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: amogcomp
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 539
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100314011815.576911-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: amogcomp
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Record Number: 446
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100317174500.105987-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: amogcomp
Event Code: 3011
Message: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Record Number: 435
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100317064339.687054-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: amogcomp
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Record Number: 434
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100317064339.687054-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: amogcomp
Event Code: 3036
Message: The content source <csc://{S-1-5-21-1795858736-4127996407-118159487-1000}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add. (HRESULT : 0x80040d0d) (0x80040d0d)

Record Number: 432
Source Name: Microsoft-Windows-Search
Time Written: 20100317063943.000000-000
Event Type: Warning
User:

Computer Name: amogcomp
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 154
Source Name: Microsoft-Windows-Search
Time Written: 20100314011642.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: 37L4247D28-05
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247D28-05$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Changed Attributes:
SAM Account Name: -
SID History: -

Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100314035446.222928-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247D28-05$
Account Domain: WORKGROUP
Logon ID: 0x3e7

New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Attributes:
SAM Account Name: Backup Operators
SID History: -

Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100314035446.222928-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x2faf0
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100314035445.567727-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100314035442.213721-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100314035442.073320-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
C-Royd
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 10:29 pm

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby C-Royd » January 23rd, 2011, 4:52 pm

RSIT LOG FILE:


Logfile of random's system information tool 1.08 (written by random/random)
Run by amog at 2011-01-23 15:42:38
Microsoft Windows 7 Ultimate
System drive C: has 10 GB (4%) free of 292 GB
Total RAM: 2814 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:43:02 PM, on 1/23/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Novatel Wireless\Mobilink\Lite.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\1am Studios\iPhone FileExplorer\IPhoneFileExplorer.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe
C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\mIRC\mirc.exe
C:\STUFF\DOWNLOADS\RSIT.exe
C:\Program Files\trend micro\amog.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [FlashGet 3] "C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe" -minimize
O4 - HKCU\..\Run: [Google Update] "C:\Users\amog\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MobiLink Lite] C:\Program Files\Novatel Wireless\MobiLink\Lite.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IPhoneFileExplorer] C:\Program Files\1am Studios\iPhone FileExplorer\IPhoneFileExplorer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1795858736-4127996407-118159487-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-1795858736-4127996407-118159487-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/device ... Loader.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7373 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1795858736-4127996407-118159487-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1795858736-4127996407-118159487-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-28 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Flashget"=C:\Program Files\FlashGet\flashget.exe [2007-08-02 1994800]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-08-28 1557800]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"FlashGet 3"=C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe -minimize []
"Google Update"=C:\Users\amog\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-03 136176]
"MobiLink Lite"=C:\Program Files\Novatel Wireless\MobiLink\Lite.exe [2008-02-20 409672]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []
"IPhoneFileExplorer"=C:\Program Files\1am Studios\iPhone FileExplorer\IPhoneFileExplorer.exe [2010-04-08 385024]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe

C:\Users\amog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-01-23 15:42:37 ----D---- C:\rsit
2011-01-22 23:34:33 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-01-22 23:34:33 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-01-22 23:34:31 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-01-22 23:34:31 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-01-22 23:34:26 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-01-22 23:33:10 ----A---- C:\Windows\system32\aswBoot.exe
2011-01-22 23:33:08 ----D---- C:\ProgramData\Alwil Software
2011-01-22 23:33:08 ----D---- C:\Program Files\Alwil Software
2011-01-14 00:45:02 ----D---- C:\Program Files\Trend Micro
2011-01-10 15:43:39 ----D---- C:\ProgramData\Cateia Games

======List of files/folders modified in the last 1 months======

2011-01-23 15:42:57 ----D---- C:\Users\amog\AppData\Roaming\mIRC
2011-01-23 15:42:55 ----D---- C:\Windows\Prefetch
2011-01-23 15:42:38 ----D---- C:\Program Files\mIRC
2011-01-23 15:42:08 ----D---- C:\Windows\Temp
2011-01-23 15:32:56 ----D---- C:\Windows\System32
2011-01-23 15:32:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-23 15:27:53 ----D---- C:\Windows
2011-01-23 15:26:39 ----D---- C:\Windows\Minidump
2011-01-22 23:34:33 ----D---- C:\Windows\system32\drivers
2011-01-22 23:34:25 ----SHD---- C:\Windows\Installer
2011-01-22 23:34:25 ----SHD---- C:\Config.Msi
2011-01-22 23:33:51 ----D---- C:\Windows\system32\config
2011-01-22 23:33:08 ----RD---- C:\Program Files
2011-01-22 23:33:08 ----HD---- C:\ProgramData
2011-01-22 23:33:02 ----SHD---- C:\System Volume Information
2011-01-22 16:10:50 ----D---- C:\Users\amog\AppData\Roaming\vlc
2011-01-17 22:53:51 ----D---- C:\Users\amog\AppData\Roaming\Mozilla
2011-01-14 01:41:08 ----D---- C:\Program Files\Mozilla Firefox
2011-01-11 02:46:50 ----D---- C:\Windows\inf
2011-01-11 02:45:39 ----D---- C:\Windows\system32\catroot
2011-01-11 02:45:37 ----D---- C:\Windows\system32\DriverStore
2011-01-08 12:47:16 ----D---- C:\Users\amog\AppData\Roaming\DAEMON Tools Lite

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-13 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-13 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-27 691696]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-13 387584]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-07-13 1096704]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-13 4194816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2010-12-20 20952]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-13 8192]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-13 84992]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-08-28 228784]
R4 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-13 53312]
S3 artd24ik;artd24ik; C:\Windows\system32\drivers\artd24ik.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl.sys [2010-03-16 17408]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2008-12-23 50704]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\Windows\system32\DRIVERS\nwusbmdm.sys [2007-10-12 99200]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\Windows\system32\DRIVERS\nwusbser.sys [2007-10-12 99200]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-13 133120]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-13 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-13 28224]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-13 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920]
S3 WINIO;WINIO; \??\C:\Users\amog\AppData\Local\Temp\Rar$EX04.799\Car radio code calculator v1.1\Car radio code calculator\winio.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-13 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
R2 postgresql-8.4;PostgreSQL Server 8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w []
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2008-12-23 117264]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 20992]

-----------------EOF-----------------
C-Royd
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 10:29 pm

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby C-Royd » January 23rd, 2011, 6:04 pm

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-23 16:56:29
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort2 Hitachi_HTS543232L9A300 rev.FB4OC40F
Running: kbyonxdu.exe; Driver: C:\Users\amog\AppData\Local\Temp\pxtyrpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9083A728]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9083A7D8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9083A870]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9084E82E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x9084E652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x9084E78C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83243579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83267F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 8326F73C 4 Bytes [28, A7, 83, 90]
.text ntkrnlpa.exe!RtlSidHashLookup + 3FC 8326F8FC 4 Bytes [D8, A7, 83, 90]
.text ntkrnlpa.exe!RtlSidHashLookup + 54C 8326FA4C 4 Bytes [70, A8, 83, 90]
PAGE ntkrnlpa.exe!ZwLoadDriver 833A1279 7 Bytes JMP 9084E790 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83408F59 5 Bytes JMP 9084A1EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 83422C5F 5 Bytes JMP 9084BCA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 83430CE3 7 Bytes JMP 9084E656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 834DAE52 7 Bytes JMP 9084E832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9123B000, 0x227A14, 0xE8000020]
.text peauth.sys B0613C9D 28 Bytes JMP 67E1FADD
.text peauth.sys B0613CC1 28 Bytes JMP 67E1FADD

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\wininit.exe[440] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[440] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[440] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[440] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[440] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[440] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wininit.exe[440] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[488] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[488] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[488] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[488] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[488] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[488] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\services.exe[488] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[504] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[504] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[504] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[504] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[504] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[504] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsass.exe[504] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[512] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[512] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[512] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[512] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[512] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[512] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\lsm.exe[512] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[552] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[552] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[552] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[552] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[552] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[552] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\winlogon.exe[552] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[644] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[644] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[644] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[644] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[644] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[644] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[644] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[748] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[748] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[748] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[748] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[748] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[748] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[748] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[844] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[844] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[844] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[844] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[844] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[844] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[844] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[884] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[884] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[884] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[884] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[884] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[884] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[884] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[888] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[888] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[888] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[888] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[888] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[888] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtProtectVirtualMemory 76EC5360 5 Bytes JMP 0056000A
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtWriteVirtualMemory 76EC5EE0 5 Bytes JMP 0057000A
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!KiUserExceptionDispatcher 76EC6448 5 Bytes JMP 0055000A
.text C:\Windows\system32\svchost.exe[952] ole32.dll!CoCreateInstance 755057FC 5 Bytes JMP 006A000A
.text C:\Windows\system32\svchost.exe[952] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[952] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[952] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[952] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[952] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1112] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1112] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1112] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1112] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1248] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1248] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1248] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1248] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1248] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[1280] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[1280] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[1280] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[1280] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[1280] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[1280] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\spoolsv.exe[1280] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1400] kernel32.dll!SetUnhandledExceptionFilter 75D83142 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\system32\Dwm.exe[1444] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1444] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1444] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1444] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1444] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1444] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\Dwm.exe[1444] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1468] ntdll.dll!NtProtectVirtualMemory 76EC5360 5 Bytes JMP 004C000A
.text C:\Windows\Explorer.EXE[1468] ntdll.dll!NtWriteVirtualMemory 76EC5EE0 5 Bytes JMP 004D000A
.text C:\Windows\Explorer.EXE[1468] ntdll.dll!KiUserExceptionDispatcher 76EC6448 5 Bytes JMP 0023000A
.text C:\Windows\Explorer.EXE[1468] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1468] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1468] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1468] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\Explorer.EXE[1468] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1600] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1600] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1600] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1600] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1600] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1600] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1600] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\FlashGet\flashget.exe[1612] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\FlashGet\flashget.exe[1612] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\FlashGet\flashget.exe[1612] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\FlashGet\flashget.exe[1612] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\FlashGet\flashget.exe[1612] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\FlashGet\flashget.exe[1612] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\FlashGet\flashget.exe[1612] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1620] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1620] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1620] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1620] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1620] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1620] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1620] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1636] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1636] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1636] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1636] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1636] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1636] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1636] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1652] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1652] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1652] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1652] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1652] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1652] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iTunes\iTunesHelper.exe[1652] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1660] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1660] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1660] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1660] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1660] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1660] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1660] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Update\GoogleUpdate.exe[1692] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Update\GoogleUpdate.exe[1692] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Update\GoogleUpdate.exe[1692] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Update\GoogleUpdate.exe[1692] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Update\GoogleUpdate.exe[1692] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Update\GoogleUpdate.exe[1692] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Update\GoogleUpdate.exe[1692] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Novatel Wireless\Mobilink\Lite.exe[1700] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Novatel Wireless\Mobilink\Lite.exe[1700] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Novatel Wireless\Mobilink\Lite.exe[1700] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Novatel Wireless\Mobilink\Lite.exe[1700] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Novatel Wireless\Mobilink\Lite.exe[1700] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Novatel Wireless\Mobilink\Lite.exe[1700] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Novatel Wireless\Mobilink\Lite.exe[1700] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\1am Studios\iPhone FileExplorer\IPhoneFileExplorer.exe[1708] ntdll.dll!NtProtectVirtualMemory 76EC5360 5 Bytes JMP 0033000A
.text C:\Program Files\1am Studios\iPhone FileExplorer\IPhoneFileExplorer.exe[1708] ntdll.dll!NtWriteVirtualMemory 76EC5EE0 5 Bytes JMP 0034000A
.text C:\Program Files\1am Studios\iPhone FileExplorer\IPhoneFileExplorer.exe[1708] ntdll.dll!KiUserExceptionDispatcher 76EC6448 5 Bytes JMP 0032000A
.text C:\Program Files\Launchy\Launchy.exe[1716] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Launchy\Launchy.exe[1716] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Launchy\Launchy.exe[1716] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Launchy\Launchy.exe[1716] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Launchy\Launchy.exe[1716] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Launchy\Launchy.exe[1716] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Launchy\Launchy.exe[1716] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[1728] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[1728] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[1728] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[1728] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[1728] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[1728] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\taskhost.exe[1728] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1760] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1760] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1760] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1760] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1760] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1760] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1760] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1768] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1768] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1768] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1768] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1768] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1768] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1768] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1820] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1820] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1820] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1820] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1820] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1820] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1820] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1900] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1900] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1900] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1900] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1900] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2064] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2064] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2064] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2064] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2064] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2064] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2064] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2084] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2084] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2084] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2084] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2084] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2084] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2084] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[2124] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[2124] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[2124] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[2124] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[2124] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[2124] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[2124] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe[2316] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe[2316] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe[2316] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe[2316] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe[2316] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe[2316] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe[2316] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[2328] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[2328] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[2328] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[2328] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[2328] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[2328] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\System32\svchost.exe[2328] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe[2388] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe[2388] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe[2388] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe[2388] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe[2388] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe[2388] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe[2388] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[2452] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[2452] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[2452] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[2452] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[2452] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[2452] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[2452] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2712] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2712] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2712] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2712] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2712] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2712] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\wbem\wmiprvse.exe[2712] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2764] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2764] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2764] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2764] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2764] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2764] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtCreateFile + 6 76EC4A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtCreateFile + B 76EC4A1B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtMapViewOfSection + 6 76EC5076 1 Byte [28]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtMapViewOfSection + 6 76EC5076 4 Bytes [28, 03, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtMapViewOfSection + B 76EC507B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenFile + 6 76EC5126 4 Bytes [68, 00, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenFile + B 76EC512B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcess + 6 76EC51D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcess + B 76EC51DB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcessToken + 6 76EC51E6 4 Bytes CALL 75EC58EC
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcessToken + B 76EC51EB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcessTokenEx + 6 76EC51F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenProcessTokenEx + B 76EC51FB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThread + 6 76EC5256 4 Bytes [68, 01, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThread + B 76EC525B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThreadToken + 6 76EC5266 4 Bytes [68, 02, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThreadToken + B 76EC526B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThreadTokenEx + 6 76EC5276 4 Bytes CALL 75EC597D
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtOpenThreadTokenEx + B 76EC527B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtQueryAttributesFile + 6 76EC5386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtQueryAttributesFile + B 76EC538B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtQueryFullAttributesFile + 6 76EC5436 4 Bytes CALL 75EC5B3B
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtQueryFullAttributesFile + B 76EC543B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationFile + 6 76EC5A86
C-Royd
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 10:29 pm

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby C-Royd » January 23rd, 2011, 6:05 pm

(CONTINUED)

4 Bytes [28, 01, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationFile + B 76EC5A8B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationThread + 6 76EC5AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtSetInformationThread + B 76EC5AEB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtUnmapViewOfSection + 6 76EC5E06 1 Byte [68]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtUnmapViewOfSection + 6 76EC5E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!NtUnmapViewOfSection + B 76EC5E0B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2948] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtCreateFile + 6 76EC4A16 4 Bytes [28, 00, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtCreateFile + B 76EC4A1B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtMapViewOfSection + 6 76EC5076 1 Byte [28]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtMapViewOfSection + 6 76EC5076 4 Bytes [28, 03, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtMapViewOfSection + B 76EC507B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenFile + 6 76EC5126 4 Bytes [68, 00, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenFile + B 76EC512B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcess + 6 76EC51D6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcess + B 76EC51DB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessToken + 6 76EC51E6 4 Bytes CALL 75EC68EC
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessToken + B 76EC51EB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessTokenEx + 6 76EC51F6 4 Bytes [A8, 02, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenProcessTokenEx + B 76EC51FB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThread + 6 76EC5256 4 Bytes [68, 01, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThread + B 76EC525B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadToken + 6 76EC5266 4 Bytes [68, 02, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadToken + B 76EC526B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadTokenEx + 6 76EC5276 4 Bytes CALL 75EC697D
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtOpenThreadTokenEx + B 76EC527B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryAttributesFile + 6 76EC5386 4 Bytes [A8, 00, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryAttributesFile + B 76EC538B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryFullAttributesFile + 6 76EC5436 4 Bytes CALL 75EC6B3B
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtQueryFullAttributesFile + B 76EC543B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationFile + 6 76EC5A86 4 Bytes [28, 01, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationFile + B 76EC5A8B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationThread + 6 76EC5AE6 4 Bytes [28, 02, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtSetInformationThread + B 76EC5AEB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtUnmapViewOfSection + 6 76EC5E06 1 Byte [68]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtUnmapViewOfSection + 6 76EC5E06 4 Bytes [68, 03, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!NtUnmapViewOfSection + B 76EC5E0B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2956] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtCreateFile + 6 76EC4A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtCreateFile + B 76EC4A1B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtMapViewOfSection + 6 76EC5076 1 Byte [28]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtMapViewOfSection + 6 76EC5076 4 Bytes [28, 03, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtMapViewOfSection + B 76EC507B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenFile + 6 76EC5126 4 Bytes [68, 00, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenFile + B 76EC512B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcess + 6 76EC51D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcess + B 76EC51DB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessToken + 6 76EC51E6 4 Bytes CALL 75EC58EC
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessToken + B 76EC51EB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessTokenEx + 6 76EC51F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenProcessTokenEx + B 76EC51FB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThread + 6 76EC5256 4 Bytes [68, 01, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThread + B 76EC525B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadToken + 6 76EC5266 4 Bytes [68, 02, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadToken + B 76EC526B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadTokenEx + 6 76EC5276 4 Bytes CALL 75EC597D
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtOpenThreadTokenEx + B 76EC527B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryAttributesFile + 6 76EC5386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryAttributesFile + B 76EC538B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryFullAttributesFile + 6 76EC5436 4 Bytes CALL 75EC5B3B
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtQueryFullAttributesFile + B 76EC543B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationFile + 6 76EC5A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationFile + B 76EC5A8B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationThread + 6 76EC5AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtSetInformationThread + B 76EC5AEB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtUnmapViewOfSection + 6 76EC5E06 1 Byte [68]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtUnmapViewOfSection + 6 76EC5E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!NtUnmapViewOfSection + B 76EC5E0B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2968] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtCreateFile + 6 76EC4A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtCreateFile + B 76EC4A1B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtMapViewOfSection + 6 76EC5076 1 Byte [28]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtMapViewOfSection + 6 76EC5076 4 Bytes [28, 03, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtMapViewOfSection + B 76EC507B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenFile + 6 76EC5126 4 Bytes [68, 00, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenFile + B 76EC512B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcess + 6 76EC51D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcess + B 76EC51DB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessToken + 6 76EC51E6 4 Bytes CALL 75EC58EC
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessToken + B 76EC51EB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessTokenEx + 6 76EC51F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessTokenEx + B 76EC51FB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThread + 6 76EC5256 4 Bytes [68, 01, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThread + B 76EC525B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadToken + 6 76EC5266 4 Bytes [68, 02, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadToken + B 76EC526B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadTokenEx + 6 76EC5276 4 Bytes CALL 75EC597D
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadTokenEx + B 76EC527B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryAttributesFile + 6 76EC5386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryAttributesFile + B 76EC538B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryFullAttributesFile + 6 76EC5436 4 Bytes CALL 75EC5B3B
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryFullAttributesFile + B 76EC543B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationFile + 6 76EC5A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationFile + B 76EC5A8B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationThread + 6 76EC5AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationThread + B 76EC5AEB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtUnmapViewOfSection + 6 76EC5E06 1 Byte [68]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtUnmapViewOfSection + 6 76EC5E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtUnmapViewOfSection + B 76EC5E0B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[2988] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\STUFF\DOWNLOADS\kbyonxdu.exe[3112] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\STUFF\DOWNLOADS\kbyonxdu.exe[3112] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\STUFF\DOWNLOADS\kbyonxdu.exe[3112] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\STUFF\DOWNLOADS\kbyonxdu.exe[3112] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\STUFF\DOWNLOADS\kbyonxdu.exe[3112] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\STUFF\DOWNLOADS\kbyonxdu.exe[3112] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\STUFF\DOWNLOADS\kbyonxdu.exe[3112] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3212] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3212] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3212] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3212] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3212] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3212] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3212] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conhost.exe[3248] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conhost.exe[3248] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conhost.exe[3248] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conhost.exe[3248] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conhost.exe[3248] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conhost.exe[3248] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\conhost.exe[3248] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtCreateFile + 6 76EC4A16 4 Bytes [28, 00, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtCreateFile + B 76EC4A1B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtMapViewOfSection + 6 76EC5076 1 Byte [28]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtMapViewOfSection + 6 76EC5076 4 Bytes [28, 03, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtMapViewOfSection + B 76EC507B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenFile + 6 76EC5126 4 Bytes [68, 00, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenFile + B 76EC512B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcess + 6 76EC51D6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcess + B 76EC51DB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessToken + 6 76EC51E6 4 Bytes CALL 75EC68EC
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessToken + B 76EC51EB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessTokenEx + 6 76EC51F6 4 Bytes [A8, 02, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenProcessTokenEx + B 76EC51FB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThread + 6 76EC5256 4 Bytes [68, 01, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThread + B 76EC525B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadToken + 6 76EC5266 4 Bytes [68, 02, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadToken + B 76EC526B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadTokenEx + 6 76EC5276 4 Bytes CALL 75EC697D
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtOpenThreadTokenEx + B 76EC527B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryAttributesFile + 6 76EC5386 4 Bytes [A8, 00, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryAttributesFile + B 76EC538B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryFullAttributesFile + 6 76EC5436 4 Bytes CALL 75EC6B3B
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtQueryFullAttributesFile + B 76EC543B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationFile + 6 76EC5A86 4 Bytes [28, 01, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationFile + B 76EC5A8B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationThread + 6 76EC5AE6 4 Bytes [28, 02, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtSetInformationThread + B 76EC5AEB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtUnmapViewOfSection + 6 76EC5E06 1 Byte [68]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtUnmapViewOfSection + 6 76EC5E06 4 Bytes [68, 03, 17, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!NtUnmapViewOfSection + B 76EC5E0B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3388] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3492] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3492] ntdll.dll!LdrLoadDll
76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3492] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3492] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3492] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3492] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3492] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3500] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3500] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3500] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3500] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3500] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3500] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3500] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3508] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3508] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3508] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3508] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3508] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3508] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3508] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3516] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3516] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3516] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3516] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3516] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3516] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PostgreSQL\8.4\bin\postgres.exe[3516] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3556] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3556] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3556] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3556] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3556] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3556] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtCreateFile + 6 76EC4A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtCreateFile + B 76EC4A1B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtMapViewOfSection + 6 76EC5076 1 Byte [28]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtMapViewOfSection + 6 76EC5076 4 Bytes [28, 03, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtMapViewOfSection + B 76EC507B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenFile + 6 76EC5126 4 Bytes [68, 00, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenFile + B 76EC512B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenProcess + 6 76EC51D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenProcess + B 76EC51DB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenProcessToken + 6 76EC51E6 4 Bytes CALL 75EC58EC
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenProcessToken + B 76EC51EB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenProcessTokenEx + 6 76EC51F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenProcessTokenEx + B 76EC51FB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenThread + 6 76EC5256 4 Bytes [68, 01, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenThread + B 76EC525B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenThreadToken + 6 76EC5266 4 Bytes [68, 02, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenThreadToken + B 76EC526B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenThreadTokenEx + 6 76EC5276 4 Bytes CALL 75EC597D
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtOpenThreadTokenEx + B 76EC527B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtQueryAttributesFile + 6 76EC5386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtQueryAttributesFile + B 76EC538B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtQueryFullAttributesFile + 6 76EC5436 4 Bytes CALL 75EC5B3B
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtQueryFullAttributesFile + B 76EC543B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtSetInformationFile + 6 76EC5A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtSetInformationFile + B 76EC5A8B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtSetInformationThread + 6 76EC5AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtSetInformationThread + B 76EC5AEB 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtUnmapViewOfSection + 6 76EC5E06 1 Byte [68]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtUnmapViewOfSection + 6 76EC5E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!NtUnmapViewOfSection + B 76EC5E0B 1 Byte [E2]
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Users\amog\AppData\Local\Google\Chrome\Application\chrome.exe[3564] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[3596] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[3596] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[3596] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[3596] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[3596] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[3596] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\SearchIndexer.exe[3596] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3672] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3672] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3672] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3672] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3672] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3672] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3672] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3748] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3748] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3748] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3748] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3748] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3748] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\iPod\bin\iPodService.exe[3748] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\mIRC\mirc.exe[3832] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\mIRC\mirc.exe[3832] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\mIRC\mirc.exe[3832] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\mIRC\mirc.exe[3832] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\mIRC\mirc.exe[3832] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\mIRC\mirc.exe[3832] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\mIRC\mirc.exe[3832] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[3900] ntdll.dll!LdrUnloadDll 76EDBE7F 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[3900] ntdll.dll!LdrLoadDll 76EDF585 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[3900] USER32.dll!UnhookWindowsHookEx 75B3CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[3900] USER32.dll!UnhookWinEvent 75B3D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[3900] USER32.dll!SetWindowsHookExW 75B4210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[3900] USER32.dll!SetWinEventHook 75B4507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Windows\system32\svchost.exe[3900] USER32.dll!SetWindowsHookExA 75B66DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 86846292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 86846292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 86846292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 86846292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 86846292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 86846292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort6 86846292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort7 86846292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP5T0L0-7 86846292

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskHitachi_HTS543232L9A300_________________FB4OC40F#5&32171732&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Threads - GMER 1.0.15 ----

Thread System [4:2468] B06FAF2E

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA8 0x13 0xE5 0xEF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x95 0x0A 0x5D 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x93 0xBA 0xE9 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA8 0x13 0xE5 0xEF ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x95 0x0A 0x5D 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x93 0xBA 0xE9 0x0E ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 53: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 625142192 (+255): rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\Users\amog\AppData\Roaming\FlashGet\DataBase\MFC9B5B.tmp 0 bytes

---- EOF - GMER 1.0.15 ----
C-Royd
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 10:29 pm

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby C-Royd » January 23rd, 2011, 6:08 pm

I hope this information helps you in the investigation. I have tested Google.com and have confirmed that random search results will result in the redirect. It should also be noted that I get a BSOD randomly even prior to coming here for help. These BSOD would occur randomly while I am performing tasks on the computer. They never happened upon booting the computer. Avast might be causing it.
C-Royd
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 10:29 pm

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby Cypher » January 24th, 2011, 7:08 am

Hi C-Royd.
Unfortunately you have an infected (MBR) Master Boot Record.
The (Master Boot Record) tells your computer what to do when it starts up. Without that information, the computer won't start.
We can try to fix the MBR but it is not without risk, It's quite possible that your computer may not start up if something goes wrong.
If you understand the possible risk involved and would like to attempt to fix this infection, I would urge you first to ensure you have first backed up any important data.

Let me know what you would like to do and If you have any questions.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby C-Royd » January 24th, 2011, 12:16 pm

Cypher wrote:Hi C-Royd.
Unfortunately you have an infected (MBR) Master Boot Record.
The (Master Boot Record) tells your computer what to do when it starts up. Without that information, the computer won't start.
We can try to fix the MBR but it is not without risk, It's quite possible that your computer may not start up if something goes wrong.
If you understand the possible risk involved and would like to attempt to fix this infection, I would urge you first to ensure you have first backed up any important data.

Let me know what you would like to do and If you have any questions.


Thanks for your help. Would you mind identifying which parts of the logs I posted indicate that my MBR is infected? Also, would you also provide what it is infected with? And if we can't fix the issue and the computer "may not start up", would it be able to be booted at all to the point wher I can reformat and install Windows? Thanks.
C-Royd
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 10:29 pm

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby Cypher » January 24th, 2011, 12:26 pm

Hi C-Royd.
Thanks for your help.

You're welcome.
Would you mind identifying which parts of the logs I posted indicate that my MBR is infected?

The Gmer scan identified the infection, this would explain why your searches are being redirected.
As i explained your MBR is infected.
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!

And if we can't fix the issue and the computer "may not start up", would it be able to be booted at all to the point wher I can reformat and install Windows?
Question do you have the Windows 7 disc that came with your PC or did it come pre-installed?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby C-Royd » January 24th, 2011, 1:53 pm

Cypher wrote:Hi C-Royd.
Thanks for your help.

You're welcome.
Would you mind identifying which parts of the logs I posted indicate that my MBR is infected?

The Gmer scan identified the infection, this would explain why your searches are being redirected.
As i explained your MBR is infected.
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!

And if we can't fix the issue and the computer "may not start up", would it be able to be booted at all to the point wher I can reformat and install Windows?
Question do you have the Windows 7 disc that came with your PC or did it come pre-installed?


I have a Windows 7 disc but it did not come with the laptop. It was purchased from a vendor.
C-Royd
Regular Member
 
Posts: 20
Joined: January 21st, 2011, 10:29 pm

Re: rndom srch engine results redirect & IE usually doesn't

Unread postby Cypher » January 24th, 2011, 2:35 pm

I have a Windows 7 disc but it did not come with the laptop. It was purchased from a vendor.
Can you tell me what make your PC is and does it have a Recovery Environment?
Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
Do you have an option that says Repair your computer?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware