Realtek Wave bar automatically moving down - think it's malware

**Michelea1976** · 2012-11-20, 02:24

Hello, I think I have malware on my computer. Recently, I visited a website where my Avast told me it blocked a malicious file. I thought I had told it to delete the file, but I guess not. That's when I noticed the sound would cut off, and realized it was my Realtek Wave bar automatically shutting off. I think it is a malware virus, but my scans proved nothing. Maybe there is something you can see? If not, maybe I need to reload the drivers and it was just one big coincidence. Here are my logs. I followed what you asked. Please let me know if I am missing anything. Spybot did not find anything, and I think that's because I couldn't locate the place to turn of TeaTime. I don't know what version I have, but it's the latest version. Maybe I will need your help on that as well! Thank you for your help!

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Michele at 17:51:37 on 2012-11-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.347 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: <No Name>: - LocalServer32 - <no file>
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [EeeSplendidAgent] c:\program files\asus\epc\eeesplendid\AsAgent.exe
mRun: [LiveUpdate] c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\michel~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cbia.webex.com/client/WBXclient-T27L10NSP25EP11-14378/event/ieatgpc.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7896FF03-9763-4ED2-BF51-E8095EF9E354} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\michele acampora\application data\mozilla\firefox\profiles\01tzrdl6.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-5-28 11448]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-25 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-13 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-13 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-13 44808]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-1-7 54752]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-8-28 38912]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-1-7 1684736]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2010-1-7 39040]
.
=============== Created Last 30 ================
.
2012-11-14 18:25:33 -------- d-----w- c:\documents and settings\michele acampora\application data\webex
.
==================== Find3M ====================
.
2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 02:47:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 02:47:46 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
.
============= FINISH: 17:53:44.71 ===============

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 18:21:21
-----------------------------
18:21:21.546 OS Version: Windows 5.1.2600 Service Pack 3
18:21:21.546 Number of processors: 2 586 0x1C02
18:21:21.546 ComputerName: MICHELE UserName:
18:21:23.203 Initialize success
18:21:27.593 AVAST engine defs: 12111900
18:21:29.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:21:29.937 Disk 0 Vendor: ST916031 0303 Size: 152627MB BusType: 3
18:21:29.953 Disk 0 MBR read successfully
18:21:29.953 Disk 0 MBR scan
18:21:29.968 Disk 0 Windows XP default MBR code
18:21:29.984 Disk 0 MBR hidden
18:21:30.234 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 147581 MB offset 63
18:21:30.296 Disk 0 Partition 2 00 1C Hidd FAT32 LBA MSDOS5.0 5004 MB offset 302246910
18:21:30.343 Disk 0 Partition 3 00 EF EFI FAT A1311 39 MB offset 312496380
18:21:30.406 Disk 0 scanning sectors +312576705
18:21:30.531 Disk 0 scanning C:\WINDOWS\system32\drivers
18:21:50.593 Service scanning
18:22:16.765 Modules scanning
18:22:26.500 Disk 0 trace - called modules:
18:22:26.546 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x81e454b1]<<
18:22:26.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b3a030]
18:22:26.578 3 CLASSPNP.SYS[f7618fd7] -> nt!IofCallDriver -> \Device\00000065[0x86bc7158]
18:22:26.593 5 ACPI.sys[f749f620] -> nt!IofCallDriver -> [0x86b76028]
18:22:26.609 \Driver\iaStor[0x85d41da0] -> IRP_MJ_CREATE -> 0x81e454b1
18:22:27.390 AVAST engine scan C:\WINDOWS
18:22:34.156 AVAST engine scan C:\WINDOWS\system32
18:25:52.046 AVAST engine scan C:\WINDOWS\system32\drivers
18:26:08.296 AVAST engine scan C:\Documents and Settings\Michele Acampora
18:26:27.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michele Acampora\Desktop\MBR.dat"
18:26:27.218 The log file has been saved successfully to "C:\Documents and Settings\Michele Acampora\Desktop\aswMBR.txt"

**Jack&Jill** · 2012-11-26, 02:20

Hello and welcome to Safer Networking.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

**Michelea1976** · 2012-11-26, 03:30

Hello Jack&Jill,
Thank you for responding. I appreciate that.

I have new evidence of malware - my Avast anti-virus is blocking this website and a few other sites. I notice these problems happen when I am hooked up to the internet. When I was away for Thanksgiving Holiday, I had no service and the computer worked fine. The wave bar did not go down and I think it has to do with something in the SVCHost.exe file. This is what Avast tells me when the red pop-up tells me it was blocking a malicious site.

Edit -disabled links

Object: http://79.143.186.52/x/
Infection: URL:MAL
Process: C:\WINDOWS\system32\svchost.exe

The Object can also be these two sites:
http://novemberrainx.com
http:://wewillrocknow.com/x/

Hope this helps. I may have to do more logs for you. Once again, thank you so much for your help!!

**Jack&Jill** · 2012-11-26, 06:14

Hello Michelea1976

,

Welcome to Safer Networking. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

Please observe and follow these Forum Rules.
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly

. We may begin.

--------------------

Thanks for the new information. It will help narrow down the problem.

Scan with RogueKiller

Please download RogueKiller© by Tigzy and save it to your desktop. Click here.
Click on the blue button with arrow pointing downwards to the right of Mirror:.
Allow the download if prompted by your security software and please close all your programs.
Double click on RogueKiller.exe to run it. If it does not run, please try a few times.
Wait for PreScan to finish, then click on Scan. Accept the EULA if prompted.
Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
Please copy and paste the contents of that log in your next reply.

--------------------

Upload file(s) to VirusTotal (VT) for an online scan. Click here.

Click on the Browse button or the white box beside it. A File Upload prompt will open.
Copy and paste the following file and its path to upload:
Code:
```
C:\Documents and Settings\Michele Acampora\Desktop\MBR.dat
```
Press Open, then Send file. The file will be uploaded for testing.
If there is any indication or prompt that the file has been scanned before, please proceed to have the file rescanned or reanalyzed.
Please wait for all the scanners to finish, then copy the website address at the top of your browser and paste it in your reply.

Alternatively, if VirusTotal is busy or inaccessible, you may try Jotti or VirScan (VS) with similar steps.

A result from either one of the above scanners would be sufficient.

--------------------

Please close all programs and do not run any others before and during the GMER scan. Do not use the computer for anything else until after the scan is completed.

Please download GMER and save it to your desktop. Click here.

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running GMER. They may cause the computer to freeze.
If you need help to disable your protection programs see here and here.
Double click the .exe file. If asked to allow the gmer driver file with a sys extension to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
In the right panel, you will see several boxes that have been checked (ticked).
- Uncheck IAT/EAT
- Uncheck All other Drives/Partitions except C:\ (leave C:\ checked)
- Uncheck Show All (don't miss this one)
Then click the Scan button and wait for it to finish.
Once done, click on the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
Enable back your security softwares as soon as you completed the GMER steps.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

If you are having problems running GMER, retry with Devices unchecked as well. If you are still encountering difficulties, please try running GMER in Safe Mode. You can get into Safe Mode using the F8 key during the startup of your computer after a reboot.

--------------------

Please post back:
1. RogueKiller log
2. VT result
3. GMER log

**Michelea1976** · 2012-11-27, 01:03

Hello,
I will always respond within 24 hours. I live on the East Coast of USA and I work, so I will always respond ASAP. Here is the log for RougeKiller:

RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Michele Acampora [Admin rights]
Mode : Scan -- Date : 11/26/2012 18:22:31

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] RTHDCPL.EXE -- C:\WINDOWS\RTHDCPL.EXE -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[Tr.Karagany][FOLDER] plugs : C:\Documents and Settings\Michele Acampora\Application Data\Adobe\plugs --> FOUND
[Tr.Karagany][FOLDER] shed : C:\Documents and Settings\Michele Acampora\Application Data\Adobe\shed --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] dc78608618cbe0bc8e4e065f319ee4ac
[BSP] 6809cbf3405780c9b95bacf805a615ae : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 147581 Mo
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 302246910 | Size: 5004 Mo
2 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496380 | Size: 39 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 2a077998b4f8079c339247a237313e36
[BSP] 6809cbf3405780c9b95bacf805a615ae : Windows XP MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 147581 Mo
2 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 302246910 | Size: 5004 Mo
3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496380 | Size: 39 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 2a077998b4f8079c339247a237313e36
[BSP] 6809cbf3405780c9b95bacf805a615ae : Windows XP MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 147581 Mo
2 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 302246910 | Size: 5004 Mo
3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496380 | Size: 39 Mo

Finished : << RKreport[1]_S_11262012_02d1822.txt >>
RKreport[1]_S_11262012_02d1822.txt

Here is the website for the Antivirus scan:

https://www.virustotal.com/file/4d2c...is/1353972497/

**GMER Scan on next thread**

**Michelea1976** · 2012-11-27, 01:05

I meant GMER Scan on next reply - have to break up this log...its too long...LOL.

B]Here is the GMER Scan (I hope I did this right):[/B]
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-26 18:56:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 ST916031 rev.0303
Running: rggy0cfq.exe; Driver: C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\uwldypob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA457E4BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA462BC22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA457EED6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA45C0811]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA4589FA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA4589FF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA458A176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA45C01C5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA4589F16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA458A038]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA4589F5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA457F11C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA458A130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA457F93E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA457E508]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA45C0ED7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA45C118D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA45831C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA45C0D42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA45C0BAD]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA462BCEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA457E170]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA457E556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA4583534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA45803A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA4589FD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA458A016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA458A19A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA45C0521]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA4589F3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA4582C3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA458A0BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA4589F86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA4582F14]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA458A154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA462BE4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA45C0A28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA4580272]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA45C087A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA457FDD4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA46387D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA45BF838]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA457E5A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA457E5F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA457F7BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA457E1FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA457E3AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA45C0FDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA457E350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA457FAF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA457FC54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA457E41A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA457F4D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA457F636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA462A41C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA457E640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA457EF1A]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA4644E56]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D28 80504620 4 Bytes JMP 9CA462BC
.text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80504820 12 Bytes [A4, E5, 57, A4, F2, E5, 57, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes [F8, FA, 57, A4, 54, FC, 57, ...] {CLC ; CLI ; PUSH EDI; MOVSB ; PUSH ESP; CLD ; PUSH EDI; MOVSB ; SBB AH, AH; PUSH EDI; MOVSB }
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL A4580A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP A4641CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP A4643810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP A4644E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP A4584B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP A4584A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP A45849F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C56B 5 Bytes JMP A45840A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240DB 5 Bytes JMP A45837C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A45 5 Bytes JMP A4584CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831490 5 Bytes JMP A4584EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839EC7 5 Bytes JMP A45848FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85176B 5 Bytes JMP A4583688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC9A 5 Bytes JMP A458416A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E304 5 Bytes JMP A4583C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E38F 5 Bytes JMP A4583EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F600 5 Bytes JMP A4583670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5466 BF8649DE 5 Bytes JMP A4584A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 362A BF873207 5 Bytes JMP A4583CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4167 BF873D44 5 Bytes JMP A4583E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890E3F 5 Bytes JMP A4584182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8943E9 5 Bytes JMP A4584BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894EC1 5 Bytes JMP A4584E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 BF89C276 5 Bytes JMP A4584090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D80B 5 Bytes JMP A4583834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A96F BF8C1C9C 5 Bytes JMP A4583944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA12D 5 Bytes JMP A4583A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA3AD 5 Bytes JMP A4583B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B2E BF8EBD41 5 Bytes JMP A458356A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB49 BF8F4D5C 5 Bytes JMP A45840C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A40 BF9143A8 5 Bytes JMP A4583760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2614 BF914F7C 5 Bytes JMP A45838F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F8D BF9178F5 5 Bytes JMP A4583FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1934 BF947A54 5 Bytes JMP A4584D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002E01F8
.text C:\WINDOWS\Explorer.EXE[236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002E03FC
.text C:\WINDOWS\Explorer.EXE[236] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\Explorer.EXE[236] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00BC0804
.text C:\WINDOWS\Explorer.EXE[236] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00BC0A08
.text C:\WINDOWS\Explorer.EXE[236] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00BC0600
.text C:\WINDOWS\Explorer.EXE[236] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00BC01F8
.text C:\WINDOWS\Explorer.EXE[236] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00BC03FC
.text C:\Program Files\iPod\bin\iPodService.exe[492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003A01F8
.text C:\Program Files\iPod\bin\iPodService.exe[492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003A03FC
.text C:\Program Files\iPod\bin\iPodService.exe[492] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[492] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009F1014
.text C:\Program Files\iPod\bin\iPodService.exe[492] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009F0804
.text C:\Program Files\iPod\bin\iPodService.exe[492] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009F0A08
.text C:\Program Files\iPod\bin\iPodService.exe[492] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009F0C0C
.text C:\Program Files\iPod\bin\iPodService.exe[492] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009F0E10
.text C:\Program Files\iPod\bin\iPodService.exe[492] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009F01F8
.text C:\Program Files\iPod\bin\iPodService.exe[492] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009F03FC
.text C:\Program Files\iPod\bin\iPodService.exe[492] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009F0600
.text C:\Program Files\iPod\bin\iPodService.exe[492] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 009E0804
.text C:\Program Files\iPod\bin\iPodService.exe[492] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 009E0A08
.text C:\Program Files\iPod\bin\iPodService.exe[492] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 009E0600
.text C:\Program Files\iPod\bin\iPodService.exe[492] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009E01F8
.text C:\Program Files\iPod\bin\iPodService.exe[492] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009E03FC
.text C:\WINDOWS\system32\svchost.exe[540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[540] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00961014
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00960804
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00960A08
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00960C0C
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00960E10
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009601F8
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009603FC
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00960600
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A00804
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A00A08
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A00600
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A001F8
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[736] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A003FC
.text C:\WINDOWS\system32\csrss.exe[744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[744] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[948] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[1020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002F01F8
.text C:\Program Files\Messenger\msmsgs.exe[1020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[1020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002F03FC
.text C:\Program Files\Messenger\msmsgs.exe[1020] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[1020] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00A81014
.text C:\Program Files\Messenger\msmsgs.exe[1020] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00A80804
.text C:\Program Files\Messenger\msmsgs.exe[1020] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00A80A08
.text C:\Program Files\Messenger\msmsgs.exe[1020] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00A80C0C
.text C:\Program Files\Messenger\msmsgs.exe[1020] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00A80E10
.text C:\Program Files\Messenger\msmsgs.exe[1020] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00A801F8
.text C:\Program Files\Messenger\msmsgs.exe[1020] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00A803FC
.text C:\Program Files\Messenger\msmsgs.exe[1020] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00A80600
.text C:\Program Files\Messenger\msmsgs.exe[1020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A70804
.text C:\Program Files\Messenger\msmsgs.exe[1020] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A70A08
.text C:\Program Files\Messenger\msmsgs.exe[1020] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A70600
.text C:\Program Files\Messenger\msmsgs.exe[1020] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A701F8
.text C:\Program Files\Messenger\msmsgs.exe[1020] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A703FC
.text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1112] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 001A3AA9
.text C:\WINDOWS\System32\svchost.exe[1112] ntdll.dll!RtlRaiseException 7C90E528 5 Bytes JMP 001A3CC9
.text C:\WINDOWS\System32\svchost.exe[1112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1112] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 001A45B6
.text C:\WINDOWS\System32\svchost.exe[1112] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 001A4617
.text C:\WINDOWS\System32\svchost.exe[1112] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 001A4687
.text C:\WINDOWS\System32\svchost.exe[1112] USER32.dll!IsWindowVisible 7E429E3D 5 Bytes JMP 001A46BA
.text C:\WINDOWS\System32\svchost.exe[1112] USER32.dll!MessageBoxIndirectW 7E4664D5 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
.text C:\WINDOWS\System32\svchost.exe[1112] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 001A4820
.text C:\WINDOWS\System32\svchost.exe[1112] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 001A47F6
.text C:\WINDOWS\System32\svchost.exe[1112] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 001A4518
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 009D0804
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 009D0A08
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 009D0600
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009D01F8
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009D03FC
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009E1014
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009E0804
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009E0A08
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009E0C0C
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009E0E10
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009E01F8
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009E03FC
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[1200] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009E0600
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[1436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1560] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1684] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1684] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1740] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1780] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1904] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[1972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[1972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003A01F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

**Michelea1976** · 2012-11-27, 01:07

.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003A03FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00D21014
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00D20804
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00D20A08
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00D20C0C
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00D20E10
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00D201F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00D203FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00D20600
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D50804
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00D50A08
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00D50600
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00D501F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[2140] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00D503FC
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C10804
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00C10A08
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00C10600
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00C101F8
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00C103FC
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00C21014
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00C20804
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00C20A08
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00C20C0C
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00C20E10
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00C201F8
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C203FC
.text C:\WINDOWS\system32\igfxsrvc.exe[2340] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00C20600
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C40804
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00C40A08
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00C40600
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00C401F8
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00C403FC
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00C51014
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00C50804
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00C50A08
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00C50C0C
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00C50E10
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00C501F8
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C503FC
.text C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2368] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00C50600
.text C:\WINDOWS\System32\alg.exe[2660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002E01F8
.text C:\WINDOWS\System32\alg.exe[2660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002E03FC
.text C:\WINDOWS\System32\alg.exe[2660] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00780804
.text C:\WINDOWS\System32\alg.exe[2660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00780A08
.text C:\WINDOWS\System32\alg.exe[2660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00780600
.text C:\WINDOWS\System32\alg.exe[2660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007801F8
.text C:\WINDOWS\System32\alg.exe[2660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007803FC
.text C:\WINDOWS\System32\alg.exe[2660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00791014
.text C:\WINDOWS\System32\alg.exe[2660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00790804
.text C:\WINDOWS\System32\alg.exe[2660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00790A08
.text C:\WINDOWS\System32\alg.exe[2660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00790C0C
.text C:\WINDOWS\System32\alg.exe[2660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00790E10
.text C:\WINDOWS\System32\alg.exe[2660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007901F8
.text C:\WINDOWS\System32\alg.exe[2660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007903FC
.text C:\WINDOWS\System32\alg.exe[2660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00790600
.text C:\WINDOWS\system32\igfxtray.exe[2676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\WINDOWS\system32\igfxtray.exe[2676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxtray.exe[2676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\igfxtray.exe[2676] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\igfxtray.exe[2676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 009B0804
.text C:\WINDOWS\system32\igfxtray.exe[2676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 009B0A08
.text C:\WINDOWS\system32\igfxtray.exe[2676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 009B0600
.text C:\WINDOWS\system32\igfxtray.exe[2676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009B01F8
.text C:\WINDOWS\system32\igfxtray.exe[2676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009B03FC
.text C:\WINDOWS\system32\igfxtray.exe[2676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009C1014
.text C:\WINDOWS\system32\igfxtray.exe[2676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009C0804
.text C:\WINDOWS\system32\igfxtray.exe[2676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009C0A08
.text C:\WINDOWS\system32\igfxtray.exe[2676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009C0C0C
.text C:\WINDOWS\system32\igfxtray.exe[2676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009C0E10
.text C:\WINDOWS\system32\igfxtray.exe[2676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009C01F8
.text C:\WINDOWS\system32\igfxtray.exe[2676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009C03FC
.text C:\WINDOWS\system32\igfxtray.exe[2676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009C0600
.text C:\WINDOWS\system32\hkcmd.exe[2732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\WINDOWS\system32\hkcmd.exe[2732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[2732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\hkcmd.exe[2732] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[2732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 009B0804
.text C:\WINDOWS\system32\hkcmd.exe[2732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 009B0A08
.text C:\WINDOWS\system32\hkcmd.exe[2732] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 009B0600
.text C:\WINDOWS\system32\hkcmd.exe[2732] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009B01F8
.text C:\WINDOWS\system32\hkcmd.exe[2732] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009B03FC
.text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009C1014
.text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009C0804
.text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009C0A08
.text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009C0C0C
.text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009C0E10
.text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009C01F8
.text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009C03FC
.text C:\WINDOWS\system32\hkcmd.exe[2732] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009C0600
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D00804
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00D00A08
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00D00600
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00D001F8
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00D003FC
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00D11014
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00D10804
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00D10A08
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00D10C0C
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00D10E10
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00D101F8
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00D103FC
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[2812] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00D10600
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00BF0804
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00BF0A08
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00BF0600
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00BF01F8
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00BF03FC
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00C01014
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00C00804
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00C00A08
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00C00C0C
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00C00E10
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00C001F8
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C003FC
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[2828] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00C00600
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00990804
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00990A08
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00990600
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009901F8
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009903FC
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009A1014
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009A0804
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009A0A08
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009A0C0C
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009A0E10
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009A01F8
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009A03FC
.text C:\Program Files\EeePC\ACPI\AsTray.exe[2856] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009A0600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00D81014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00D80804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00D80A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00D80C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00D80E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00D801F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00D803FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00D80600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D70804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00D70A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00D70600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00D701F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2876] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00D703FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01725B00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002F03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] KERNEL32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01967B58 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B9A0 1 Byte [E9]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01967B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] KERNEL32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 0172EF12 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C10804
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00C10A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00C10600
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00C101F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00C103FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01967AB6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00C21014
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00C20804
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00C20A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00C20C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00C20E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00C201F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C203FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2892] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00C20600
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009A1014
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009A0804
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009A0A08
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009A0C0C

**Michelea1976** · 2012-11-27, 01:08

.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009A0E10
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009A01F8
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009A03FC
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009A0600
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00990804
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00990A08
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00990600
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009901F8
.text C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe[2940] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009903FC
.text C:\WINDOWS\system32\igfxext.exe[3180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\WINDOWS\system32\igfxext.exe[3180] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxext.exe[3180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\igfxext.exe[3180] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\igfxext.exe[3180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C00804
.text C:\WINDOWS\system32\igfxext.exe[3180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00C00A08
.text C:\WINDOWS\system32\igfxext.exe[3180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00C00600
.text C:\WINDOWS\system32\igfxext.exe[3180] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00C001F8
.text C:\WINDOWS\system32\igfxext.exe[3180] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00C003FC
.text C:\WINDOWS\system32\igfxext.exe[3180] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00C11014
.text C:\WINDOWS\system32\igfxext.exe[3180] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00C10804
.text C:\WINDOWS\system32\igfxext.exe[3180] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00C10A08
.text C:\WINDOWS\system32\igfxext.exe[3180] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00C10C0C
.text C:\WINDOWS\system32\igfxext.exe[3180] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00C10E10
.text C:\WINDOWS\system32\igfxext.exe[3180] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00C101F8
.text C:\WINDOWS\system32\igfxext.exe[3180] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C103FC
.text C:\WINDOWS\system32\igfxext.exe[3180] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00C10600
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00C20804
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00C20A08
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00C20600
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00C201F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00C203FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00C31014
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00C30804
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00C30A08
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00C30C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00C30E10
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00C301F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00C303FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3264] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00C30600
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[3272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00BC1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00BC0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00BC0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00BC0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00BC0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00BC01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00BC03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00BC0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00BB0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00BB0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00BB0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00BB01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3280] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00BB03FC
.text C:\program files\real\realplayer\update\realsched.exe[3412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\program files\real\realplayer\update\realsched.exe[3412] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\program files\real\realplayer\update\realsched.exe[3412] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\program files\real\realplayer\update\realsched.exe[3412] KERNEL32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\program files\real\realplayer\update\realsched.exe[3412] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\program files\real\realplayer\update\realsched.exe[3412] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009D1014
.text C:\program files\real\realplayer\update\realsched.exe[3412] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009D0804
.text C:\program files\real\realplayer\update\realsched.exe[3412] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009D0A08
.text C:\program files\real\realplayer\update\realsched.exe[3412] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009D0C0C
.text C:\program files\real\realplayer\update\realsched.exe[3412] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009D0E10
.text C:\program files\real\realplayer\update\realsched.exe[3412] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009D01F8
.text C:\program files\real\realplayer\update\realsched.exe[3412] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009D03FC
.text C:\program files\real\realplayer\update\realsched.exe[3412] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009D0600
.text C:\program files\real\realplayer\update\realsched.exe[3412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 009C0804
.text C:\program files\real\realplayer\update\realsched.exe[3412] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 009C0A08
.text C:\program files\real\realplayer\update\realsched.exe[3412] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 009C0600
.text C:\program files\real\realplayer\update\realsched.exe[3412] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009C01F8
.text C:\program files\real\realplayer\update\realsched.exe[3412] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009C03FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00FB1014
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00FB0804
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00FB0A08
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00FB0C0C
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00FB0E10
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00FB01F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00FB03FC
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00FB0600
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00FD0804
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00FD0A08
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00FD0600
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00FD01F8
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[3496] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00FD03FC
.text C:\WINDOWS\system32\ctfmon.exe[3528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002F01F8
.text C:\WINDOWS\system32\ctfmon.exe[3528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002F03FC
.text C:\WINDOWS\system32\ctfmon.exe[3528] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3528] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00AF1014
.text C:\WINDOWS\system32\ctfmon.exe[3528] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00AF0804
.text C:\WINDOWS\system32\ctfmon.exe[3528] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00AF0A08
.text C:\WINDOWS\system32\ctfmon.exe[3528] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00AF0C0C
.text C:\WINDOWS\system32\ctfmon.exe[3528] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00AF0E10
.text C:\WINDOWS\system32\ctfmon.exe[3528] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00AF01F8
.text C:\WINDOWS\system32\ctfmon.exe[3528] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00AF03FC
.text C:\WINDOWS\system32\ctfmon.exe[3528] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00AF0600
.text C:\WINDOWS\system32\ctfmon.exe[3528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\ctfmon.exe[3528] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\ctfmon.exe[3528] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\ctfmon.exe[3528] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\ctfmon.exe[3528] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 009E0804
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 009E0A08
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 009E0600
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009E01F8
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009E03FC
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 009F1014
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 009F0804
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 009F0A08
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 009F0C0C
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 009F0E10
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009F01F8
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009F03FC
.text C:\Program Files\ASUS\Eee Docking\Eee Docking.exe[3580] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 009F0600
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B01F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003B03FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00E20804
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00E20A08
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00E20600
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00E201F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00E203FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00E31014
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00E30804
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00E30A08
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00E30C0C
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00E30E10
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00E301F8
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00E303FC
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3752] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00E30600
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3848] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[3848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Michele Acampora\Desktop\rggy0cfq.exe[3944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Michele Acampora\Desktop\rggy0cfq.exe[3944] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Michele Acampora\Local Settings\Temporary Internet Files\Content.IE5\J8JLDNS4\clients[1].txt 1 bytes

---- EOF - GMER 1.0.15 -

**Jack&Jill** · 2012-11-27, 11:54

Hello Michelea1976

,

No worries about the timing as long as you do not disappear all of a sudden.

Care to share with me what you used these programs for?
EzMessenger
Michele's Ledger

--------------------

RogueKiller in action

Please rerun RogueKiller. Try a few times if it does not run.
Click on Scan.
Go to the Registry tab and uncheck (untick) the following:
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
Click Delete.
Get the result via the Report button and post back the contents of the log.

Alternatively, you may get the zip version and extract the file to the desktop.
Double click on TDSSKiller.exe to execute it.
Click on Change parameters, then check (tick) Verify driver digital signatures and Detect TDLFS file system.
Click OK and press Start scan to begin.
If anything is found, please change all the actions to Skip only. <-- Important, please select Skip only, DO NOT proceed other actions.
Then click on Continue at the lower right corner.
You may be prompted to reboot your computer, please consent.
Once complete, a log will be produced at C:\. It will be named TDSSKiller.Version_Date_Time_log.txt, for example, C:\TDSSKiller.2.4.12.0_26.12.2010_23.12.11_log.txt.
Please post the contents of this log.

--------------------

Please download OTL© by OldTimer from one of the links below and save it to your desktop.

Link 1
Link 2

Scan with OTL

Double click on OTL.exe to run it.
Make sure all the Use SafeList options is checked (selected). There are five of them.
Under the Modules section, please select No Company Name.
Check Scan All Users.
At the lower right corner, check LOP Check and Purity Check.
Click on Run Scan at the top left hand corner. This might take a while.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
Note: These files are saved as OTL.txt and Extras.txt on the desktop.

--------------------

Please post back:
1. the answers to my questions on the programs
2. new RogueKiller log
3. TDSSKiller report
4. OTL logs

**Michelea1976** · 2012-11-28, 00:10

Hello Jack&Jill,
I don't know what EZMessinger is, but the Michele's Ledger is a program a friend wrote for me to keep track of my expenses. I never used it, so I will uninstall it if you think it is interfering somehow. let me know if I should uninstall EzMessinger as well.

Rouge Killer:
RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Michele Acampora [Admin rights]
Mode : Remove -- Date : 11/27/2012 18:00:34

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] RTHDCPL.EXE -- C:\WINDOWS\RTHDCPL.EXE -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> NOT SELECTED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤
[Tr.Karagany][FOLDER] ROOT : C:\Documents and Settings\Michele Acampora\Application Data\Adobe\plugs --> REMOVED
[Tr.Karagany][FOLDER] ROOT : C:\Documents and Settings\Michele Acampora\Application Data\Adobe\shed --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] dc78608618cbe0bc8e4e065f319ee4ac
[BSP] 6809cbf3405780c9b95bacf805a615ae : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 147581 Mo
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 302246910 | Size: 5004 Mo
2 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496380 | Size: 39 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 2a077998b4f8079c339247a237313e36
[BSP] 6809cbf3405780c9b95bacf805a615ae : Windows XP MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 147581 Mo
2 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 302246910 | Size: 5004 Mo
3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496380 | Size: 39 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 2a077998b4f8079c339247a237313e36
[BSP] 6809cbf3405780c9b95bacf805a615ae : Windows XP MBR Code
Partition table:
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 147581 Mo
2 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 302246910 | Size: 5004 Mo
3 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312496380 | Size: 39 Mo

Finished : << RKreport[2]_D_11272012_02d1800.txt >>
RKreport[1]_S_11272012_02d1751.txt ; RKreport[2]_D_11272012_02d1800.txt

Thread: Realtek Wave bar automatically moving down - think it's malware

Thread Tools

Display

Realtek Wave bar automatically moving down - think it's malware

Thank you!

Posting Permissions