GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-06 18:32:58 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000067 TOSHIBA_ rev.GJ00 298.09GB Running: ui0okhez.exe; Driver: C:\Users\MILENK~1\AppData\Local\Temp\aglyiuog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!XLATEOBJ_iXlate + 638 fffff9600012b422 6 bytes {JMP QWORD [RIP+0x10dbc0]} .text C:\Windows\System32\win32k.sys!EngSetLastError + 616 fffff96000144d04 8 bytes [10, AC, 24, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000173f00 7 bytes [40, 9D, F3, FF, 01, AB, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000173f08 3 bytes [C0, 06, 02] .text ... * 113 .text C:\Windows\System32\win32k.sys!BRUSHOBJ_pvGetRbrush + 432 fffff9600022baf8 8 bytes [14, 59, 36, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!CLIPOBJ_bEnum + 740 fffff9600022bfc8 8 bytes [34, 5A, 36, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngAcquireSemaphoreNoWait + 76 fffff9600022c658 8 bytes [48, 5B, 36, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 440 fffff96000232b78 6 bytes {JMP QWORD [RIP-0x4546]} .text C:\Windows\System32\win32k.sys!EngCTGetCurrentGamma + 28 fffff96000238fe8 8 bytes [D0, 5E, 36, 04, 80, F8, FF, ...] .text C:\Windows\System32\win32k.sys!EngSetEvent + 16 fffff9600023d1b8 8 bytes [64, 62, 36, 04, 80, F8, FF, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Windows\system32\services.exe[668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Windows\system32\winlogon.exe[736] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Windows\system32\atiesrxx.exe[988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[448] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Windows\System32\svchost.exe[528] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1208] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[1320] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1564] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758ca2ba 1 byte [62] .text C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe[1832] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758ca2ba 1 byte [62] .text C:\Program Files (x86)\Disk Speedup\DSUDefragSrv64.exe[1992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Windows\system32\dmwu.exe[956] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Windows\system32\taskhost.exe[1752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Windows\Explorer.EXE[2088] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe[2156] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758ca2ba 1 byte [62] .text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[2240] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758ca2ba 1 byte [62] .text C:\Windows\system32\svchost.exe[2600] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Windows\system32\svchost.exe[2628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2720] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3040] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3896] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[4012] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[1084] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758ca2ba 1 byte [62] .text C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe[3448] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3432] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758ca2ba 1 byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[4828] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758ca2ba 1 byte [62] .text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[3668] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[4132] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007759eecd 1 byte [62] .text C:\Users\milenka21\Downloads\ui0okhez.exe[1780] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000758ca2ba 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\taskhost.exe [1752:1920] 000007fef9a01f38 Thread C:\Windows\system32\taskhost.exe [1752:2124] 000007fefa301010 Thread C:\Windows\system32\taskhost.exe [1752:2540] 000007fef8cc5170 Thread C:\Windows\system32\svchost.exe [2628:3788] 000007fef88344e0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 4 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW@DisplayName avast! TDI Firewall driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW@Description avast! TDI Firewall driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW@Tag 13 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswFW Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@DisplayName aswKbd Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Group Keyboard Port Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Description avast! keyboard filter driver (aswKbd) Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Tag 7 Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 12 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@ImagePath "C:\Program Files\AVAST Software\Avast\afwServ.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@DisplayName avast! Firewall Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall@Description Implements main functionality for avast! Firewall Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Firewall Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 4 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswFW@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFW@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFW@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFW@DisplayName avast! TDI Firewall driver Reg HKLM\SYSTEM\ControlSet002\services\aswFW@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswFW@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswFW@Description avast! TDI Firewall driver Reg HKLM\SYSTEM\ControlSet002\services\aswFW@Tag 13 Reg HKLM\SYSTEM\ControlSet002\services\aswFW\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFW\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswFW\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@DisplayName aswKbd Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Group Keyboard Port Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Description avast! keyboard filter driver (aswKbd) Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Tag 7 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 12 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler. Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@Type 32 Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@ImagePath "C:\Program Files\AVAST Software\Avast\afwServ.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@DisplayName avast! Firewall Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@ServiceSidType 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Firewall@Description Implements main functionality for avast! Firewall ---- EOF - GMER 2.1 ----