BleepingComputer.com: svchost.exe problems, still

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

svchost.exe problems, still

#1 User is offline   DBMotorsports 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 15-July 11

Posted 15 July 2011 - 01:24 PM

New guy with, what seems, a fairly common problem/question. I've been noticing my CPU's been running unusually hard lately, so I opened up my Task Manager to see what's running. I see one of my svchost.exe files (files?) running up and over 200,500K at 67-98% usage. I have, on average, 381M/2441M Commit Charge. I've read the links posted in other user's threads about this .exe, and even followed the "Safe user" recommendation on Black Viper's page. As with any change I make on my computer, I've rebooted, and within minutes, one of the svchost files ran up to 98%; and that was just as I was starting this post. Usually, when I choose End Process, it messes with my Themes on the computer. It doesn't affect the performance, until it uses up my memory again. I've once seen the file run up to over 510K

I try to do regular maintenance, in that I'll go into the folder after removing a program, and deleting the folder, if it's still in the Windows or Program Files folder, and defrag about twice a year. I'm at my wit's end, and about to put my foot thru the computer - BTW, I'm using an Asus Eee PC netbook with XP (Home, I assume, since I don't see Pro on the startup logo). While these are cheap enough to consider 'disposable', I can't replace this one just yet, and have to make this work as long as possible, but I'm at my wit's end with this one .exe

Can anyone help me find what, exactly, is being run with that particular .exe file? Because it's really starting to affect the performance of this, and test my patience

TIA!

Attached File(s)

  • Attached File  damn.JPG (45.7K)
    Number of downloads: 3

This post has been edited by hamluis: 15 July 2011 - 01:33 PM
Reason for edit: Moved from XP to Am I Infected.

#2 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 15 July 2011 - 01:30 PM

Welcome aboard Posted Image

Possible infection.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size

Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image

  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.


IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#3 User is offline   DBMotorsports 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 15-July 11

Posted 15 July 2011 - 01:40 PM

BTW, I've run ProcessExplorer, but I still don't see what, exactly, is run under each .exe, and I can't find anywhere what I can do about each one. OH, and sorry about posting this in the wrong forum... got too excited about all this, I didn't see it - won't happen again


Broni, thanks for that suggestion. I'll get on it asap. I have Malwarebyte's Anti-malware installed. I'll run it again, and post the log (But first, I've got an errand to run)

#4 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 15 July 2011 - 01:41 PM

No problem :)
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#5 User is offline   DBMotorsports 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 15-July 11

Posted 15 July 2011 - 05:49 PM

Ok, from the Security Check, I have ...

Quote

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Eusing Free Registry Cleaner
Java™ 6 Update 16
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Mozilla Thunderbird (5.0.) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
``````````End of Log````````````



From MiniToolBox, I have ...

Quote

MiniToolBox by Farbar
Ran by Keet (administrator) on 15-07-2011 at 11:47:33
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default diroctory========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : EdwardsAKMobile

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Controller

Physical Address. . . . . . . . . : 90-E6-BA-84-F1-9E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.103

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 216.228.160.5

216.228.160.6

216.228.160.7

Lease Obtained. . . . . . . . . . : Friday, July 15, 2011 10:58:58 AM

Lease Expires . . . . . . . . . . : Friday, July 22, 2011 10:58:58 AM



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter

Physical Address. . . . . . . . . : 00-25-D3-8C-2A-95

Server: ns5.bendcable.com
Address: 216.228.160.5

Name: google.com
Addresses: 72.14.213.147, 72.14.213.99, 72.14.213.103, 72.14.213.104
72.14.213.105, 72.14.213.106



Pinging google.com [72.14.213.106] with 32 bytes of data:



Reply from 72.14.213.106: bytes=32 time=24ms TTL=55

Reply from 72.14.213.106: bytes=32 time=23ms TTL=55



Ping statistics for 72.14.213.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 23ms, Maximum = 24ms, Average = 23ms

Server: ns5.bendcable.com
Address: 216.228.160.5

Name: yahoo.com
Addresses: 69.147.125.65, 72.30.2.43, 98.137.149.56, 209.191.122.70
67.195.160.76



Pinging yahoo.com [67.195.160.76] with 32 bytes of data:



Reply from 67.195.160.76: bytes=32 time=109ms TTL=53

Reply from 67.195.160.76: bytes=32 time=115ms TTL=53



Ping statistics for 67.195.160.76:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 109ms, Maximum = 115ms, Average = 112ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...90 e6 ba 84 f1 9e ...... Atheros AR8132 PCI-E Fast Ethernet Controller - Packet Scheduler Miniport
0x3 ...00 25 d3 8c 2a 95 ...... Atheros AR9285 Wireless Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.103 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.103 192.168.0.103 20
192.168.0.0 255.255.255.0 192.168.0.103 192.168.0.103 20
192.168.0.103 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.103 192.168.0.103 20
224.0.0.0 240.0.0.0 192.168.0.103 192.168.0.103 20
255.255.255.255 255.255.255.255 192.168.0.103 3 1
255.255.255.255 255.255.255.255 192.168.0.103 192.168.0.103 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/13/2011 06:04:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46157

Error: (07/13/2011 06:04:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46157

Error: (07/13/2011 06:04:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2011 06:04:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 44204

Error: (07/13/2011 06:04:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 44204

Error: (07/13/2011 06:04:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2011 06:04:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 42250

Error: (07/13/2011 06:04:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 42250

Error: (07/13/2011 06:04:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2011 06:04:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40297


System errors:
=============
Error: (07/15/2011 11:30:35 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 2 time(s).

Error: (07/15/2011 11:30:35 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service terminated unexpectedly. It has done this 2 time(s).

Error: (07/15/2011 11:30:35 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/15/2011 10:59:16 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service depends on the Terminal Services service which failed to start because of the following error:
%%1058

Error: (07/15/2011 10:27:47 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 7 time(s).

Error: (07/15/2011 10:27:47 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service terminated unexpectedly. It has done this 7 time(s).

Error: (07/15/2011 10:27:47 AM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/15/2011 09:40:37 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service depends on the Terminal Services service which failed to start because of the following error:
%%1058

Error: (07/15/2011 08:56:05 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 5 time(s).

Error: (07/15/2011 08:56:05 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service terminated unexpectedly. It has done this 5 time(s).


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 1015.17 MB
Available physical RAM: 487.09 MB
Total Pagefile: 2441.64 MB
Available Pagefile: 2037.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.18 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:144.12 GB) (Free:112.39 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator ASPNET Guest
HelpAssistant Keet Maya
SUPPORT_388945a0


== End of log ==



And from Malwarebyte's, I have ...

Quote

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7112

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/15/2011 1:51:33 PM
mbam-log-2011-07-15 (13-51-33).txt

Scan type: Quick scan
Objects scanned: 215523
Time elapsed: 34 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Finally, for GMER (this one took the longest, to run), I have ...

Quote

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-15 15:26:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 Hitachi_ rev.FB2O
Running: ynzyhgc0.exe; Driver: C:\DOCUME~1\Keet\LOCALS~1\Temp\kftdypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA82AD9CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA8302A68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA82CDAF5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA82AFEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA82AFF04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA82B001A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA82CD4A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA82AFE02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA82AFF54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA82AFE56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA82AFFC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA82AD9EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA82CE1BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA82CE471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA82B029E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA82CE026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA82CDE91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA8302B18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA82AD7B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA82ADA12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA82B0412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA82AE4AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA82AFEDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA82AFF2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA82B0044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA82CD805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA82AFE2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA82B00D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA82AFF94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA82AFE84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA82B01BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA82AFFF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA8302BB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA82CDD0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA82AE370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA82CDB5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA830AE26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA82CCB1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA82ADA36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA82ADA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA82AD812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA82AD94E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA82CE2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA82AD92A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA82AD972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA82ADA7E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA83178DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL A82AEE25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP A831329E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP A8314D38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP A83178E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[356] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003101D4
.text C:\WINDOWS\system32\svchost.exe[356] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003100E4
.text C:\WINDOWS\system32\svchost.exe[356] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310120
.text C:\WINDOWS\system32\svchost.exe[356] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0031015C
.text C:\WINDOWS\system32\svchost.exe[356] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310198
.text C:\WINDOWS\system32\svchost.exe[356] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00310030
.text C:\WINDOWS\system32\svchost.exe[356] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0031006C
.text C:\WINDOWS\system32\svchost.exe[356] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003100A8
.text C:\WINDOWS\system32\svchost.exe[356] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003200E4
.text C:\WINDOWS\system32\svchost.exe[356] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320120
.text C:\WINDOWS\system32\svchost.exe[356] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003200A8
.text C:\WINDOWS\system32\svchost.exe[356] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00320030
.text C:\WINDOWS\system32\svchost.exe[356] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0032006C
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[412] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[412] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D01D4
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[412] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D00E4
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[412] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0120
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[412] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D015C
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[412] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0198
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[412] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D0030
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[412] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D006C
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[412] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D00A8
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E00E4
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[412] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0120
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[412] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E00A8
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[412] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E0030
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[412] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E006C
.text C:\WINDOWS\system32\svchost.exe[736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[736] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[736] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003101D4
.text C:\WINDOWS\system32\svchost.exe[736] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003100E4
.text C:\WINDOWS\system32\svchost.exe[736] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310120
.text C:\WINDOWS\system32\svchost.exe[736] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0031015C
.text C:\WINDOWS\system32\svchost.exe[736] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310198
.text C:\WINDOWS\system32\svchost.exe[736] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00310030
.text C:\WINDOWS\system32\svchost.exe[736] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0031006C
.text C:\WINDOWS\system32\svchost.exe[736] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003100A8
.text C:\WINDOWS\system32\svchost.exe[736] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003200E4
.text C:\WINDOWS\system32\svchost.exe[736] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320120
.text C:\WINDOWS\system32\svchost.exe[736] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003200A8
.text C:\WINDOWS\system32\svchost.exe[736] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00320030
.text C:\WINDOWS\system32\svchost.exe[736] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0032006C
.text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00070030
.text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E01D4
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E00E4
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0120
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E015C
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0198
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E0030
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\winlogon.exe[792] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E00A8
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\services.exe[840] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\services.exe[840] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E01D4
.text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E00E4
.text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0120
.text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E015C
.text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0198
.text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E0030
.text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E00A8
.text C:\WINDOWS\system32\services.exe[840] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\services.exe[840] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\services.exe[840] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\services.exe[840] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\services.exe[840] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\lsass.exe[852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\lsass.exe[852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\lsass.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E01D4
.text C:\WINDOWS\system32\lsass.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E00E4
.text C:\WINDOWS\system32\lsass.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0120
.text C:\WINDOWS\system32\lsass.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E015C
.text C:\WINDOWS\system32\lsass.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0198
.text C:\WINDOWS\system32\lsass.exe[852] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E0030
.text C:\WINDOWS\system32\lsass.exe[852] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\lsass.exe[852] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E00A8
.text C:\WINDOWS\system32\lsass.exe[852] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\lsass.exe[852] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\lsass.exe[852] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\lsass.exe[852] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\lsass.exe[852] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003101D4
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003100E4
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310120
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0031015C
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310198
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00310030
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0031006C
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003100A8
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003200E4
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320120
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003200A8
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00320030
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0032006C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1056] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003101D4
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003100E4
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310120
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0031015C
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310198
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00310030
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0031006C
.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003100A8
.text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003200E4
.text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320120
.text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003200A8
.text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00320030
.text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0032006C
.text C:\WINDOWS\System32\alg.exe[1436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\alg.exe[1436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\alg.exe[1436] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E00E4
.text C:\WINDOWS\System32\alg.exe[1436] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0120
.text C:\WINDOWS\System32\alg.exe[1436] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E00A8
.text C:\WINDOWS\System32\alg.exe[1436] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E0030
.text C:\WINDOWS\System32\alg.exe[1436] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E006C
.text C:\WINDOWS\System32\alg.exe[1436] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F01D4
.text C:\WINDOWS\System32\alg.exe[1436] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F00E4
.text C:\WINDOWS\System32\alg.exe[1436] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0120
.text C:\WINDOWS\System32\alg.exe[1436] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F015C
.text C:\WINDOWS\System32\alg.exe[1436] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0198
.text C:\WINDOWS\System32\alg.exe[1436] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F0030
.text C:\WINDOWS\System32\alg.exe[1436] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F006C
.text C:\WINDOWS\System32\alg.exe[1436] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\igfxext.exe[1448] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\WINDOWS\system32\igfxext.exe[1448] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\WINDOWS\system32\igfxext.exe[1448] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C00E4
.text C:\WINDOWS\system32\igfxext.exe[1448] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0120
.text C:\WINDOWS\system32\igfxext.exe[1448] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C00A8
.text C:\WINDOWS\system32\igfxext.exe[1448] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C0030
.text C:\WINDOWS\system32\igfxext.exe[1448] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C006C
.text C:\WINDOWS\system32\igfxext.exe[1448] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D01D4
.text C:\WINDOWS\system32\igfxext.exe[1448] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D00E4
.text C:\WINDOWS\system32\igfxext.exe[1448] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0120
.text C:\WINDOWS\system32\igfxext.exe[1448] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D015C
.text C:\WINDOWS\system32\igfxext.exe[1448] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0198
.text C:\WINDOWS\system32\igfxext.exe[1448] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D0030
.text C:\WINDOWS\system32\igfxext.exe[1448] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D006C
.text C:\WINDOWS\system32\igfxext.exe[1448] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D00A8
.text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1452] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003101D4
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003100E4
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310120
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0031015C
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310198
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00310030
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0031006C
.text C:\WINDOWS\system32\svchost.exe[1452] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003100A8
.text C:\WINDOWS\system32\svchost.exe[1452] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003200E4
.text C:\WINDOWS\system32\svchost.exe[1452] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320120
.text C:\WINDOWS\system32\svchost.exe[1452] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003200A8
.text C:\WINDOWS\system32\svchost.exe[1452] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00320030
.text C:\WINDOWS\system32\svchost.exe[1452] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0032006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Bonjour\mDNSResponder.exe[1476] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1476] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C01D4
.text C:\Program Files\Bonjour\mDNSResponder.exe[1476] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1476] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C00E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[1476] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0120
.text C:\Program Files\Bonjour\mDNSResponder.exe[1476] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C015C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1476] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0198
.text C:\Program Files\Bonjour\mDNSResponder.exe[1476] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C0030
.text C:\Program Files\Bonjour\mDNSResponder.exe[1476] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1476] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C00A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1476] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D00E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[1476] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0120
.text C:\Program Files\Bonjour\mDNSResponder.exe[1476] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D00A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1476] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D0030
.text C:\Program Files\Bonjour\mDNSResponder.exe[1476] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D006C
.text C:\WINDOWS\system32\spoolsv.exe[1836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\spoolsv.exe[1836] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\spoolsv.exe[1836] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E01D4
.text C:\WINDOWS\system32\spoolsv.exe[1836] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E00E4
.text C:\WINDOWS\system32\spoolsv.exe[1836] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0120
.text C:\WINDOWS\system32\spoolsv.exe[1836] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E015C
.text C:\WINDOWS\system32\spoolsv.exe[1836] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0198
.text C:\WINDOWS\system32\spoolsv.exe[1836] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E0030
.text C:\WINDOWS\system32\spoolsv.exe[1836] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\spoolsv.exe[1836] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E00A8
.text C:\WINDOWS\system32\spoolsv.exe[1836] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\spoolsv.exe[1836] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\spoolsv.exe[1836] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\spoolsv.exe[1836] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\spoolsv.exe[1836] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C01D4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C00E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0120
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C015C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0198
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C0030
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D00E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0120
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D0030
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D006C
.text C:\WINDOWS\system32\svchost.exe[2156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[2156] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[2156] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003101D4
.text C:\WINDOWS\system32\svchost.exe[2156] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003100E4
.text C:\WINDOWS\system32\svchost.exe[2156] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310120
.text C:\WINDOWS\system32\svchost.exe[2156] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0031015C
.text C:\WINDOWS\system32\svchost.exe[2156] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310198
.text C:\WINDOWS\system32\svchost.exe[2156] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00310030
.text C:\WINDOWS\system32\svchost.exe[2156] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0031006C
.text C:\WINDOWS\system32\svchost.exe[2156] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003100A8
.text C:\WINDOWS\system32\svchost.exe[2156] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003200E4
.text C:\WINDOWS\system32\svchost.exe[2156] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[2156] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\svchost.exe[2156] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00E5000A
.text C:\WINDOWS\system32\svchost.exe[2156] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320120
.text C:\WINDOWS\system32\svchost.exe[2156] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003200A8
.text C:\WINDOWS\system32\svchost.exe[2156] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00320030
.text C:\WINDOWS\system32\svchost.exe[2156] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0032006C
.text C:\WINDOWS\system32\svchost.exe[2156] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 023B000A
.text C:\WINDOWS\system32\taskmgr.exe[2440] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A0030
.text C:\WINDOWS\system32\taskmgr.exe[2440] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A006C
.text C:\WINDOWS\system32\taskmgr.exe[2440] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F01D4
.text C:\WINDOWS\system32\taskmgr.exe[2440] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\taskmgr.exe[2440] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\taskmgr.exe[2440] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F015C
.text C:\WINDOWS\system32\taskmgr.exe[2440] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0198
.text C:\WINDOWS\system32\taskmgr.exe[2440] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\taskmgr.exe[2440] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\taskmgr.exe[2440] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\taskmgr.exe[2440] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003000E4
.text C:\WINDOWS\system32\taskmgr.exe[2440] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300120
.text C:\WINDOWS\system32\taskmgr.exe[2440] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003000A8
.text C:\WINDOWS\system32\taskmgr.exe[2440] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00300030
.text C:\WINDOWS\system32\taskmgr.exe[2440] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0030006C
.text C:\WINDOWS\Explorer.EXE[2868] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\Explorer.EXE[2868] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\Explorer.EXE[2868] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003601D4
.text C:\WINDOWS\Explorer.EXE[2868] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003600E4
.text C:\WINDOWS\Explorer.EXE[2868] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00360120
.text C:\WINDOWS\Explorer.EXE[2868] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0036015C
.text C:\WINDOWS\Explorer.EXE[2868] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00360198
.text C:\WINDOWS\Explorer.EXE[2868] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00360030
.text C:\WINDOWS\Explorer.EXE[2868] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0036006C
.text C:\WINDOWS\Explorer.EXE[2868] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003600A8
.text C:\WINDOWS\Explorer.EXE[2868] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003700E4
.text C:\WINDOWS\Explorer.EXE[2868] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00370120
.text C:\WINDOWS\Explorer.EXE[2868] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003700A8
.text C:\WINDOWS\Explorer.EXE[2868] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00370030
.text C:\WINDOWS\Explorer.EXE[2868] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0037006C
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003101D4
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003100E4
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310120
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0031015C
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310198
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00310030
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0031006C
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003100A8
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003200E4
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320120
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003200A8
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00320030
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0032006C
.text C:\WINDOWS\system32\igfxpers.exe[3212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\WINDOWS\system32\igfxpers.exe[3212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\WINDOWS\system32\igfxpers.exe[3212] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C00E4
.text C:\WINDOWS\system32\igfxpers.exe[3212] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0120
.text C:\WINDOWS\system32\igfxpers.exe[3212] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C00A8
.text C:\WINDOWS\system32\igfxpers.exe[3212] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C0030
.text C:\WINDOWS\system32\igfxpers.exe[3212] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C006C
.text C:\WINDOWS\system32\igfxpers.exe[3212] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D01D4
.text C:\WINDOWS\system32\igfxpers.exe[3212] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D00E4
.text C:\WINDOWS\system32\igfxpers.exe[3212] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0120
.text C:\WINDOWS\system32\igfxpers.exe[3212] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D015C
.text C:\WINDOWS\system32\igfxpers.exe[3212] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0198
.text C:\WINDOWS\system32\igfxpers.exe[3212] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D0030
.text C:\WINDOWS\system32\igfxpers.exe[3212] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D006C
.text C:\WINDOWS\system32\igfxpers.exe[3212] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D00A8
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[3272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[3272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[3272] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C00E4
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[3272] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0120
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[3272] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C00A8
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[3272] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C0030
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[3272] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C006C
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[3272] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D01D4
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[3272] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D00E4
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[3272] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0120
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[3272] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D015C
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[3272] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0198
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[3272] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D0030
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[3272] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D006C
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[3272] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D00A8
.text C:\Program Files\Elantech\ETDCtrl.exe[3280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Elantech\ETDCtrl.exe[3280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Elantech\ETDCtrl.exe[3280] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C01D4
.text C:\Program Files\Elantech\ETDCtrl.exe[3280] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Elantech\ETDCtrl.exe[3280] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C00E4
.text C:\Program Files\Elantech\ETDCtrl.exe[3280] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0120
.text C:\Program Files\Elantech\ETDCtrl.exe[3280] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C015C
.text C:\Program Files\Elantech\ETDCtrl.exe[3280] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0198
.text C:\Program Files\Elantech\ETDCtrl.exe[3280] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C0030
.text C:\Program Files\Elantech\ETDCtrl.exe[3280] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C006C
.text C:\Program Files\Elantech\ETDCtrl.exe[3280] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C00A8
.text C:\Program Files\Elantech\ETDCtrl.exe[3280] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D00E4
.text C:\Program Files\Elantech\ETDCtrl.exe[3280] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0120
.text C:\Program Files\Elantech\ETDCtrl.exe[3280] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D00A8
.text C:\Program Files\Elantech\ETDCtrl.exe[3280] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D0030
.text C:\Program Files\Elantech\ETDCtrl.exe[3280] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3300] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D01D4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3300] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D00E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3300] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3300] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D015C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3300] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0198
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3300] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D0030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3300] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3300] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D00A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3300] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E00E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3300] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3300] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E00A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3300] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E0030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3300] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E006C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3532] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Mozilla Firefox\firefox.exe[3532] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3532] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 008001D4
.text C:\Program Files\Mozilla Firefox\firefox.exe[3532] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 008000E4
.text C:\Program Files\Mozilla Firefox\firefox.exe[3532] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00800120
.text C:\Program Files\Mozilla Firefox\firefox.exe[3532] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0080015C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3532] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00800198
.text C:\Program Files\Mozilla Firefox\firefox.exe[3532] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00800030
.text C:\Program Files\Mozilla Firefox\firefox.exe[3532] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0080006C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3532] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 008000A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3532] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 008100E4
.text C:\Program Files\Mozilla Firefox\firefox.exe[3532] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00810120
.text C:\Program Files\Mozilla Firefox\firefox.exe[3532] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 008100A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3532] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00810030
.text C:\Program Files\Mozilla Firefox\firefox.exe[3532] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0081006C
.text C:\WINDOWS\system32\igfxsrvc.exe[3604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\WINDOWS\system32\igfxsrvc.exe[3604] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\WINDOWS\system32\igfxsrvc.exe[3604] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C00E4
.text C:\WINDOWS\system32\igfxsrvc.exe[3604] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0120
.text C:\WINDOWS\system32\igfxsrvc.exe[3604] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C00A8
.text C:\WINDOWS\system32\igfxsrvc.exe[3604] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C0030
.text C:\WINDOWS\system32\igfxsrvc.exe[3604] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C006C
.text C:\WINDOWS\system32\igfxsrvc.exe[3604] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D01D4
.text C:\WINDOWS\system32\igfxsrvc.exe[3604] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D00E4
.text C:\WINDOWS\system32\igfxsrvc.exe[3604] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0120
.text C:\WINDOWS\system32\igfxsrvc.exe[3604] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D015C
.text C:\WINDOWS\system32\igfxsrvc.exe[3604] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0198
.text C:\WINDOWS\system32\igfxsrvc.exe[3604] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D0030
.text C:\WINDOWS\system32\igfxsrvc.exe[3604] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D006C
.text C:\WINDOWS\system32\igfxsrvc.exe[3604] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D00A8
.text C:\WINDOWS\RTHDCPL.EXE[3644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\WINDOWS\RTHDCPL.EXE[3644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\WINDOWS\RTHDCPL.EXE[3644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B01D4
.text C:\WINDOWS\RTHDCPL.EXE[3644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B00E4
.text C:\WINDOWS\RTHDCPL.EXE[3644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0120
.text C:\WINDOWS\RTHDCPL.EXE[3644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B015C
.text C:\WINDOWS\RTHDCPL.EXE[3644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0198
.text C:\WINDOWS\RTHDCPL.EXE[3644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B0030
.text C:\WINDOWS\RTHDCPL.EXE[3644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B006C
.text C:\WINDOWS\RTHDCPL.EXE[3644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B00A8
.text C:\WINDOWS\RTHDCPL.EXE[3644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C00E4
.text C:\WINDOWS\RTHDCPL.EXE[3644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0120
.text C:\WINDOWS\RTHDCPL.EXE[3644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C00A8
.text C:\WINDOWS\RTHDCPL.EXE[3644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C0030
.text C:\WINDOWS\RTHDCPL.EXE[3644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C006C
.text C:\Program Files\RocketDock\RocketDock.exe[3704] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\RocketDock\RocketDock.exe[3704] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\RocketDock\RocketDock.exe[3704] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C00E4
.text C:\Program Files\RocketDock\RocketDock.exe[3704] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0120
.text C:\Program Files\RocketDock\RocketDock.exe[3704] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C00A8
.text C:\Program Files\RocketDock\RocketDock.exe[3704] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C0030
.text C:\Program Files\RocketDock\RocketDock.exe[3704] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C006C
.text C:\Program Files\RocketDock\RocketDock.exe[3704] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D01D4
.text C:\Program Files\RocketDock\RocketDock.exe[3704] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D00E4
.text C:\Program Files\RocketDock\RocketDock.exe[3704] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0120
.text C:\Program Files\RocketDock\RocketDock.exe[3704] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D015C
.text C:\Program Files\RocketDock\RocketDock.exe[3704] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0198
.text C:\Program Files\RocketDock\RocketDock.exe[3704] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D0030
.text C:\Program Files\RocketDock\RocketDock.exe[3704] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D006C
.text C:\Program Files\RocketDock\RocketDock.exe[3704] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D00A8
.text C:\Program Files\TouchFreeze\TouchFreeze.exe[3732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\TouchFreeze\TouchFreeze.exe[3732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\TouchFreeze\TouchFreeze.exe[3732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B00E4
.text C:\Program Files\TouchFreeze\TouchFreeze.exe[3732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0120
.text C:\Program Files\TouchFreeze\TouchFreeze.exe[3732] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B00A8
.text C:\Program Files\TouchFreeze\TouchFreeze.exe[3732] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B0030
.text C:\Program Files\TouchFreeze\TouchFreeze.exe[3732] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B006C
.text C:\Program Files\TouchFreeze\TouchFreeze.exe[3732] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C01D4
.text C:\Program Files\TouchFreeze\TouchFreeze.exe[3732] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\TouchFreeze\TouchFreeze.exe[3732] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C00E4
.text C:\Program Files\TouchFreeze\TouchFreeze.exe[3732] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0120
.text C:\Program Files\TouchFreeze\TouchFreeze.exe[3732] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C015C
.text C:\Program Files\TouchFreeze\TouchFreeze.exe[3732] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0198
.text C:\Program Files\TouchFreeze\TouchFreeze.exe[3732] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C0030
.text C:\Program Files\TouchFreeze\TouchFreeze.exe[3732] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C006C
.text C:\Program Files\TouchFreeze\TouchFreeze.exe[3732] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C00A8
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3744] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F01D4
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3744] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F00E4
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3744] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0120
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3744] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F015C
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3744] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0198
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3744] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F0030
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3744] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F006C
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3744] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F00A8
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3744] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 005400E4
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3744] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00540120
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3744] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 005400A8
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3744] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00540030
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[3744] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0054006C
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[3832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[3832] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[3832] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C00E4
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[3832] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0120
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[3832] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C00A8
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[3832] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C0030
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[3832] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C006C
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[3832] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D01D4
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[3832] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D00E4
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[3832] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0120
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[3832] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D015C
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[3832] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0198
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[3832] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D0030
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[3832] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D006C
.text C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe[3832] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D00A8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[840] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00620002
IAT C:\WINDOWS\system32\services.exe[840] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00620000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

#6 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 15 July 2011 - 05:54 PM

We have several issues there but let's start with removing a rootkit.

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#7 User is offline   DBMotorsports 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 15-July 11

Posted 15 July 2011 - 08:13 PM

Alright, Boni, this is what I have ...

Quote

2011/07/15 17:40:11.0468 2192 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/15 17:40:12.0234 2192 ================================================================================
2011/07/15 17:40:12.0234 2192 SystemInfo:
2011/07/15 17:40:12.0234 2192
2011/07/15 17:40:12.0234 2192 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/15 17:40:12.0234 2192 Product type: Workstation
2011/07/15 17:40:12.0234 2192 ComputerName: EDWARDSAKMOBILE
2011/07/15 17:40:12.0234 2192 UserName: Keet
2011/07/15 17:40:12.0234 2192 Windows directory: C:\WINDOWS
2011/07/15 17:40:12.0234 2192 System windows directory: C:\WINDOWS
2011/07/15 17:40:12.0234 2192 Processor architecture: Intel x86
2011/07/15 17:40:12.0234 2192 Number of processors: 2
2011/07/15 17:40:12.0234 2192 Page size: 0x1000
2011/07/15 17:40:12.0234 2192 Boot type: Normal boot
2011/07/15 17:40:12.0234 2192 ================================================================================
2011/07/15 17:40:13.0156 2192 Initialize success
2011/07/15 17:40:18.0890 4208 ================================================================================
2011/07/15 17:40:18.0890 4208 Scan started
2011/07/15 17:40:18.0890 4208 Mode: Manual;
2011/07/15 17:40:18.0890 4208 ================================================================================
2011/07/15 17:40:20.0062 4208 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/07/15 17:40:20.0312 4208 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/15 17:40:20.0390 4208 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/07/15 17:40:20.0640 4208 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/15 17:40:20.0750 4208 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/15 17:40:21.0609 4208 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/07/15 17:40:22.0328 4208 AR5416 (c4fcc1691f68b502abcca6e6f4b930bf) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/07/15 17:40:23.0328 4208 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
2011/07/15 17:40:23.0515 4208 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/07/15 17:40:23.0578 4208 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/07/15 17:40:24.0031 4208 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/07/15 17:40:24.0406 4208 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/07/15 17:40:24.0687 4208 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/07/15 17:40:24.0859 4208 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/07/15 17:40:30.0609 4208 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/15 17:40:30.0953 4208 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/15 17:40:31.0890 4208 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/15 17:40:32.0156 4208 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/15 17:40:32.0812 4208 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/15 17:40:33.0890 4208 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/15 17:40:33.0968 4208 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/15 17:40:34.0375 4208 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/15 17:40:34.0859 4208 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/15 17:40:35.0296 4208 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/15 17:40:35.0546 4208 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/15 17:40:35.0812 4208 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/15 17:40:36.0453 4208 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/15 17:40:36.0687 4208 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/15 17:40:37.0171 4208 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/15 17:40:37.0343 4208 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/15 17:40:37.0828 4208 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/15 17:40:38.0140 4208 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/15 17:40:38.0453 4208 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/15 17:40:38.0703 4208 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/15 17:40:38.0796 4208 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/15 17:40:38.0890 4208 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/15 17:40:39.0031 4208 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/07/15 17:40:39.0218 4208 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/07/15 17:40:39.0359 4208 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/15 17:40:39.0515 4208 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/15 17:40:39.0734 4208 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/15 17:40:39.0921 4208 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/15 17:40:40.0062 4208 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/15 17:40:40.0562 4208 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/07/15 17:40:40.0890 4208 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/07/15 17:40:40.0953 4208 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/07/15 17:40:41.0125 4208 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/15 17:40:41.0687 4208 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/15 17:40:42.0171 4208 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/07/15 17:40:42.0625 4208 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys
2011/07/15 17:40:42.0765 4208 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/15 17:40:43.0281 4208 IntcAzAudAddService (251be5418a9b2f9240079146ae96c4cf) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/07/15 17:40:43.0906 4208 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/15 17:40:44.0031 4208 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/07/15 17:40:44.0078 4208 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/15 17:40:44.0156 4208 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/15 17:40:44.0406 4208 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/15 17:40:44.0500 4208 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/15 17:40:44.0640 4208 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/15 17:40:45.0000 4208 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/15 17:40:45.0140 4208 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/15 17:40:45.0281 4208 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/15 17:40:45.0546 4208 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/15 17:40:45.0656 4208 Ktp (85b6d85c044e3df77e92b5a7b265008f) C:\WINDOWS\system32\DRIVERS\ETD.sys
2011/07/15 17:40:45.0750 4208 L1c (bb5ef34bcf516faa11193826c5b468ad) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
2011/07/15 17:40:46.0250 4208 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/15 17:40:46.0406 4208 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/15 17:40:46.0609 4208 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/07/15 17:40:47.0031 4208 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/15 17:40:47.0203 4208 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/15 17:40:47.0421 4208 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/15 17:40:47.0781 4208 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/15 17:40:48.0078 4208 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/15 17:40:48.0359 4208 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/15 17:40:48.0484 4208 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/15 17:40:48.0562 4208 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/15 17:40:48.0625 4208 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/15 17:40:48.0750 4208 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/15 17:40:48.0828 4208 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/15 17:40:48.0937 4208 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/15 17:40:49.0125 4208 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/15 17:40:49.0265 4208 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/15 17:40:49.0484 4208 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/15 17:40:49.0656 4208 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/15 17:40:49.0750 4208 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/15 17:40:49.0953 4208 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/15 17:40:50.0093 4208 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/15 17:40:50.0281 4208 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/15 17:40:50.0390 4208 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/15 17:40:50.0812 4208 npf (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
2011/07/15 17:40:51.0015 4208 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/15 17:40:51.0187 4208 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/15 17:40:51.0625 4208 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/15 17:40:51.0734 4208 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/15 17:40:51.0921 4208 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/15 17:40:52.0281 4208 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/15 17:40:52.0453 4208 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/15 17:40:52.0578 4208 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/15 17:40:52.0812 4208 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/15 17:40:53.0109 4208 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/15 17:40:53.0281 4208 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/15 17:40:54.0609 4208 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/15 17:40:54.0687 4208 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/15 17:40:54.0765 4208 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/15 17:40:55.0531 4208 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/15 17:40:55.0609 4208 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/15 17:40:55.0718 4208 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/15 17:40:56.0093 4208 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/15 17:40:56.0671 4208 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/15 17:40:57.0109 4208 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/15 17:40:57.0468 4208 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/15 17:40:57.0812 4208 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/15 17:40:58.0312 4208 RT80x86 (97b59ce2cfbb0884a16ddd8f1781812b) C:\WINDOWS\system32\DRIVERS\RT2860.sys
2011/07/15 17:40:58.0859 4208 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/15 17:40:59.0375 4208 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/07/15 17:40:59.0625 4208 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/15 17:41:00.0093 4208 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/15 17:41:00.0375 4208 SNP2UVC (473f35e2a378b854731e67c377a3bea7) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2011/07/15 17:41:00.0812 4208 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/15 17:41:01.0156 4208 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/15 17:41:01.0296 4208 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/15 17:41:01.0734 4208 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/15 17:41:01.0953 4208 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/15 17:41:02.0218 4208 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/15 17:41:03.0046 4208 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/15 17:41:03.0281 4208 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/15 17:41:03.0437 4208 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/15 17:41:03.0531 4208 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/15 17:41:03.0656 4208 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/15 17:41:03.0875 4208 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\WINDOWS\system32\drivers\truecrypt.sys
2011/07/15 17:41:04.0265 4208 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/15 17:41:04.0796 4208 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/15 17:41:05.0125 4208 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/15 17:41:05.0375 4208 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/15 17:41:05.0515 4208 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/15 17:41:05.0656 4208 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/15 17:41:05.0796 4208 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/15 17:41:05.0875 4208 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/15 17:41:06.0000 4208 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/15 17:41:06.0187 4208 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/07/15 17:41:06.0656 4208 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/07/15 17:41:06.0796 4208 uvclf (a87b9f87459a841b7f0585904d314400) C:\WINDOWS\system32\DRIVERS\uvclf.sys
2011/07/15 17:41:06.0953 4208 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/15 17:41:07.0250 4208 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/15 17:41:07.0546 4208 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/15 17:41:07.0765 4208 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/07/15 17:41:08.0156 4208 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/15 17:41:09.0078 4208 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/07/15 17:41:09.0234 4208 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/15 17:41:09.0375 4208 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/15 17:41:09.0484 4208 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/15 17:41:09.0796 4208 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/07/15 17:41:09.0828 4208 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/07/15 17:41:09.0890 4208 Boot (0x1200) (8d0c98acf07e1c09bdefee5ebdfb8ca2) \Device\Harddisk0\DR0\Partition0
2011/07/15 17:41:09.0921 4208 ================================================================================
2011/07/15 17:41:09.0921 4208 Scan finished
2011/07/15 17:41:09.0921 4208 ================================================================================
2011/07/15 17:41:09.0984 5664 Detected object count: 1
2011/07/15 17:41:09.0984 5664 Actual detected object count: 1
2011/07/15 17:54:36.0265 5664 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/07/15 17:54:36.0265 5664 \Device\Harddisk0\DR0 - ok
2011/07/15 17:54:36.0265 5664 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure


And I have since rebooted, also

#8 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 15 July 2011 - 09:34 PM

Very good :)

Please don't wrap logs in quotes.
Thanks :)

Let's double check on that rootkit...

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#9 User is offline   DBMotorsports 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 15-July 11

Posted 15 July 2011 - 09:59 PM

View PostBroni, on 15 July 2011 - 09:34 PM, said:

Very good :)

Please don't wrap logs in quotes.
Thanks :)


Just paste it, then?? Got it

Wow, during this, my soffice.bin started running big, at over 100K

Alright, this is what I find, with that Unhooker program ...

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xAA16F000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6623232 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xEBA6D000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5857280 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF1E7000 C:\WINDOWS\System32\igxpdx32.DLL 2699264 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 1671168 bytes (Intel Corporation, Component GHAL Driver)
0xEB8AA000 C:\WINDOWS\system32\DRIVERS\athw.sys 1601536 bytes (Atheros Communications, Inc., Driver for Atheros Wireless Network Adapter)
0xA9DA1000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 892928 bytes
0xF7337000 iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xF724E000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA9F3F000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA9E99000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 385024 bytes (AVAST Software, avast! Virtualization Driver)
0xEB7C2000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA07F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA9AB2000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xA9EF7000 C:\WINDOWS\System32\Drivers\aswSP.SYS 294912 bytes (AVAST Software, avast! self protection module)
0xBF47A000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA96BE000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA9FDA000 C:\WINDOWS\System32\drivers\truecrypt.sys 217088 bytes (TrueCrypt Foundation, TrueCrypt Driver)
0xF7459000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7221000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xA9FAF000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEBA31000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAA031000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAA059000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAA14B000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xEB886000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xEB820000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA00F000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7317000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7429000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xA9E7B000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xEB86B000 C:\WINDOWS\system32\DRIVERS\ETD.sys 110592 bytes (ELANTECH Devices Corp., ETD Ware TSR Enhancements)
0xF7207000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7411000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA9C72000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF72EE000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xEB854000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA98BD000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xEBA59000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA0D8000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF72DB000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xF7305000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7448000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xEB843000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF56E8000 C:\WINDOWS\system32\DRIVERS\l1c51x86.sys 65536 bytes (Atheros Communications, Inc., Atheros AR813x/AR815x PCI-E Ethernet Controller ndis miniport driver)
0xF41EE000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF6A2E000 C:\WINDOWS\system32\drivers\npf.sys 61440 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver)
0xA9952000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF41FE000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF75C8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF56D8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF56C8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75A8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF41CE000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))
0xF56A8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF2B0E000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7598000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF56B8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF41BE000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF7588000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7738000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76B8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF2ADE000 C:\WINDOWS\system32\DRIVERS\uvclf.sys 40960 bytes (GenesysLogic Technologies, Inc., uvclf.sys)
0xA930E000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF75B8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF2ACE000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF56F8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF5698000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF41AE000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF2A8E000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF4EFF000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7900000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7898000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7808000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF4ED7000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7908000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7910000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF78F8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF4F0F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF4EF7000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF4F07000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7810000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7920000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7928000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7918000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7838000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF79A0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF58ED000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF58DD000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF2F80000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF79A4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF58E9000 C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys 12288 bytes (ASUSTeK Computer Inc., ASUS ACPI Device Driver)
0xF7A58000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7998000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF799C000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xEED6B000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF0AAA000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF0AA6000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF58E5000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xEC027000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7B02000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B00000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A88000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B04000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B06000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7ADC000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7AEE000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A8A000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7BCE000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7BCC000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C18000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B51000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7B50000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


Nothing detected :(


** end of program. I'm actually noticing things seem to have settled down, now. I have to say, I owe you a big thanks for helping me out like this, and saving my sanity. I won't be getting too excited just yet, and will see how things go as I turn off and turn on the netbook. And if this works as well as it appears too, then I'm logging onto here with my other computer, and running all this on that thing too - other PC is giving me A LOT of the same problems, but taking far longer to respond to anything

This post has been edited by DBMotorsports: 15 July 2011 - 10:10 PM

#10 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 15 July 2011 - 10:29 PM

I'm glad to hear better news :)

RKU log looks clean.

Now....

Uninstall Java™ 6 Update 16
Uninstall Eusing Free Registry Cleaner
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.



=======================================================

We also have "hosts" file missing.

Open Notepad.
Paste the following text into it:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#  	102.54.94.97 	rhino.acme.com      	# source server
#   	38.25.63.10 	x.acme.com          	# x client host

127.0.0.1   	localhost


Go File>Save As and...

1. Name the file hosts (no extension <--- VERY IMPORTANT!)
2. Make sure, "Save as type:" is set to "All Files (*.*)
3. Make sure the file is saved to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder

Posted Image

Then....

Re-run MiniToolbox

Checkmark following boxes:
  • List content of Hosts

Click Go and post the result.
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#11 User is offline   DBMotorsports 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 15-July 11

Posted 15 July 2011 - 10:45 PM

MiniToolBox by Farbar
Ran by Keet (administrator) on 15-07-2011 at 20:45:11
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************
Hosts file not detected in the default diroctory
== End of log ==



Not detected? Is that bad???
*Edit - I'm actually glad you brought up the reason for the registry cleaner. I obviously never knew that, and would have been my luck I'd do something I wasn't supposed too, and could have done irreparable damage

This post has been edited by DBMotorsports: 15 July 2011 - 10:46 PM

#12 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 15 July 2011 - 10:54 PM

Let's see what you did with that "hosts" file.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :dir
C:\WINDOWS\SYSTEM32\DRIVERS\ETC


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#13 User is offline   DBMotorsports 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 15-July 11

Posted 15 July 2011 - 10:58 PM

SystemLook 04.09.10 by jpshortstuff
Log created at 20:57 on 15/07/2011 by Keet
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
hosts.txt --a---- 711 bytes [03:42 16/07/2011] [03:42 16/07/2011]
lmhosts.sam --a---- 3683 bytes [13:03 11/08/2009] [12:00 14/04/2008]
networks --a---- 407 bytes [13:03 11/08/2009] [12:00 14/04/2008]
protocol --a---- 799 bytes [13:03 11/08/2009] [12:00 14/04/2008]
services --a---- 7116 bytes [13:03 11/08/2009] [12:00 14/04/2008]

---Folders---
None found.

-= EOF =-


No folders found?? More "good" news?

#14 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 15 July 2011 - 11:05 PM

OK, the file is there, but you have to rename it.

Open Windows Explorer, go Tools>Folder options>View tab and UN-check "Hide extensions for known file types".
Now navigate to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder and rename hosts.txt to just hosts (no extension)

Post fresh System Look log.
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#15 User is offline   DBMotorsports 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 18
  • Joined: 15-July 11

Posted 15 July 2011 - 11:20 PM

I think I followed your directions correctly ...

SystemLook 04.09.10 by jpshortstuff
Log created at 21:18 on 15/07/2011 by Keet
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
hosts --a---- 711 bytes [03:42 16/07/2011] [03:42 16/07/2011]
lmhosts.sam --a---- 3683 bytes [13:03 11/08/2009] [12:00 14/04/2008]
networks --a---- 407 bytes [13:03 11/08/2009] [12:00 14/04/2008]
protocol --a---- 799 bytes [13:03 11/08/2009] [12:00 14/04/2008]
services --a---- 7116 bytes [13:03 11/08/2009] [12:00 14/04/2008]

---Folders---
None found.

-= EOF =-


But it looks the same as the other one. DID I do that right??

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users