[Maxim724X]

Hello,

I've tried many anti-malware programs (Including SUPERantispyware, Malwarebytes, and Symantec Anti-Virus).

These programs did fix one of the problems I was having (I had constant Vimax banners on every site I visited) and I no longer see those. However, I cannot seem to access the internet at school and I believe it has something to do with the DNS, which I apparently cannot seem to change. Please help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:52 PM, on 2/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Documents and Settings\Greggy B\Local Settings\Temp\jkos-Greggy B\binaries\ScanningProcess.exe
C:\Documents and Settings\Greggy B\Local Settings\Temp\jkos-Greggy B\binaries\ScanningProcess.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://eeepc.asus.com/global
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [U1_USB] C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "D:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: ERUNT AutoBackup.lnk = D:\ERUNT\ERUNT\AUTOBACK.EXE
O4 - Global Startup: AutoRun OSCleaner.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{41CE35A7-6C29-4FA0-99EF-D8107544748D}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

--
End of file - 8733 bytes


I have run Malwarebytes since and it has found nothing, though Kapersky found the following:
Trojan.Win32.Agent.blkl

ALSO, whenever I click on my second hard drive from my computer I get a message that goes something like this:
'resycled\ntldr is not a valid Win32 application', or something of the sort.

This is an awesome site and I greatly appreciate the asistance.

Thanks,
Greg

[Advertisements]

By the way, I just used Combo-Fix and GMER:

ComboFix 09-02-04.01 - Greggy B 2009-02-04 22:44:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.474 [GMT -5:00]
Running from: c:\documents and settings\Greggy B\Desktop\Combo-Fix.exe
.
The following files were disabled during the run:
c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
D:\Autorun.inf
D:\resycled
d:\resycled\ntldr.com
E:\autorun.inf
E:\resycled
e:\resycled\ntldr.com

----- BITS: Possible infected sites -----

hxxp://pingpinghost.com
.
((((((((((((((((((((((((( Files Created from 2009-01-05 to 2009-02-05 )))))))))))))))))))))))))))))))
.

2009-02-04 21:57 . 2009-02-04 21:57 <DIR> d-------- c:\program files\Trend Micro
2009-02-03 16:18 . 2009-02-03 16:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-03 16:16 . 2009-02-03 16:17 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-03 16:16 . 2009-02-03 16:16 <DIR> d-------- c:\documents and settings\Greggy B\Application Data\SUPERAntiSpyware.com
2009-02-03 16:15 . 2009-02-03 16:15 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-02 23:51 . 2009-02-02 23:51 <DIR> d-------- c:\documents and settings\Greggy B\Application Data\Malwarebytes
2009-02-02 23:50 . 2009-02-02 23:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 23:50 . 2009-02-02 23:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-02 23:50 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 23:50 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-02 23:37 . 2009-02-02 23:37 0 --a------ c:\windows\VPC32.INI
2009-02-02 22:58 . 2009-02-02 22:52 123,619 --a------ c:\windows\system32\SYMEVNT.386
2009-02-02 22:58 . 2009-02-02 22:52 83,672 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-02 22:58 . 2009-02-02 22:52 73,224 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-02 22:56 . 2009-02-02 22:58 <DIR> d-------- c:\program files\Symantec
2009-02-02 22:56 . 2009-02-02 22:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-02-02 22:55 . 2009-02-02 22:55 <DIR> d-------- c:\program files\Symantec_Client_Security
2009-02-02 22:55 . 2009-02-02 22:57 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-01-31 11:34 . 2009-01-31 11:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\GRETECH
2009-01-27 10:58 . 2009-01-29 13:13 8,628 --ah----- c:\windows\system32\CMMGR32.GID
2009-01-19 23:14 . 2009-01-19 23:14 <DIR> d-------- c:\program files\CMVideoPlugin
2009-01-19 22:49 . 2009-01-19 23:26 <DIR> d-------- c:\program files\DAEMON Tools Pro
2009-01-19 22:49 . 2009-01-19 22:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-01-19 21:51 . 2009-01-19 21:51 <DIR> d-------- c:\windows\system32\NtmsData
2009-01-19 00:51 . 2009-01-19 00:51 <DIR> d-------- c:\program files\Elaborate Bytes
2009-01-19 00:20 . 2009-01-19 01:03 285 --a------ c:\windows\EReg072.dat
2009-01-19 00:19 . 1998-09-02 03:02 194,320 --a------ c:\windows\system32\qcut.dll
2009-01-19 00:19 . 1998-08-26 23:51 182,032 --a------ c:\windows\system32\dxtmsft3.dll
2009-01-19 00:19 . 1998-08-20 06:02 140,800 --a------ c:\windows\system32\tm20dec.ax
2009-01-19 00:19 . 1998-09-02 03:28 63,488 --a------ c:\windows\system32\unam4ie.exe
2009-01-19 00:19 . 1998-09-02 03:28 38,160 --a------ c:\windows\system32\LMRTREND.dll
2009-01-19 00:19 . 1998-08-17 04:21 11,776 --a------ c:\windows\system32\mciqtz.drv
2009-01-19 00:19 . 1998-08-17 04:21 10,240 --a------ c:\windows\system32\vidx16.dll
2009-01-19 00:19 . 1998-08-17 04:21 5,672 --a------ c:\windows\system32\quartz.vxd
2009-01-19 00:19 . 2009-01-19 00:19 4,608 --a------ c:\windows\system32\w95inf32.dll
2009-01-19 00:19 . 2009-01-19 00:19 2,272 --a------ c:\windows\system32\w95inf16.dll
2009-01-19 00:07 . 2000-06-23 14:05 136,704 --a------ c:\windows\system32\iacenc.dll
2009-01-19 00:07 . 2000-06-22 13:09 56,320 --------- c:\windows\system32\iyvu9_32.dll
2009-01-19 00:06 . 2009-01-19 00:06 <DIR> d-------- c:\program files\Ligos
2009-01-19 00:06 . 1998-10-29 19:45 306,688 --a------ c:\windows\IsUninst.exe
2009-01-18 23:57 . 2009-01-19 23:39 <DIR> d-------- c:\documents and settings\Greggy B\Application Data\DAEMON Tools Pro
2009-01-18 23:57 . 2009-01-18 23:57 <DIR> d-------- c:\documents and settings\Greggy B\Application Data\DAEMON Tools
2009-01-18 23:56 . 2009-01-18 23:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-18 23:55 . 2009-01-18 23:56 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-01-18 23:52 . 2009-01-18 23:52 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-18 23:51 . 2009-01-19 21:20 <DIR> d-------- c:\documents and settings\Greggy B\Application Data\DAEMON Tools Lite
2009-01-15 16:10 . 2009-01-15 16:10 29,184 --a------ c:\windows\system32\drivers\VClone.sys
2009-01-14 16:43 . 2009-01-14 16:43 24,360 --a------ c:\windows\system32\drivers\ElbyCDIO.sys
2009-01-14 16:13 . 2009-01-14 16:13 93,352 --a------ c:\windows\system32\ElbyCDIO.dll
2009-01-12 20:32 . 2009-01-12 20:32 <DIR> d-------- c:\program files\SKTools
2009-01-08 01:15 . 2009-01-08 01:17 <DIR> d-------- c:\program files\Allok RM RMVB to AVI MPEG DVD Converter
2009-01-08 01:15 . 2007-04-12 14:19 129,024 --a------ c:\windows\system32\AVERM.dll
2009-01-07 18:11 . 2009-01-07 18:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sling Media
2009-01-07 18:02 . 2009-02-04 00:04 <DIR> d-------- c:\program files\Sling Media

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 03:51 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-21 16:04 --------- d-----w c:\program files\DivX
2009-01-12 23:12 --------- d-----w c:\program files\Microsoft ActiveSync
2009-01-03 06:46 --------- d-----w c:\program files\7-Zip
2008-12-20 00:38 --------- d-----w c:\program files\Windows Media Components
2008-12-19 23:17 --------- d-----w c:\program files\Common Files\Adobe
2008-12-19 23:17 --------- d-----w c:\program files\ASUS
2008-12-19 23:16 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-12-19 23:15 --------- d-----w c:\program files\Common Files\Java
2008-12-19 23:13 --------- d-----w c:\program files\Common Files\Skype
2008-12-19 23:13 --------- d-----w c:\program files\Common Files\Real
2008-12-19 23:12 --------- d-sh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-19 23:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-19 23:12 --------- d-----w c:\program files\EeePC
2008-12-19 23:12 --------- d-----w c:\program files\DVDVideoSoft
2008-12-19 23:11 --------- d-----w c:\program files\Intel
2008-12-19 23:08 --------- d-----w c:\program files\Microsoft.NET
2008-12-19 23:08 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-12-19 23:08 --------- d-----w c:\program files\microsoft frontpage
2008-12-19 23:07 --------- d-----w c:\program files\Opera
2008-12-19 23:07 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-12-19 23:07 --------- d-----w c:\program files\nLite
2008-12-19 23:07 --------- d-----w c:\program files\MSXML 4.0
2008-12-19 23:07 --------- d-----w c:\program files\MSECache
2008-12-19 23:06 --------- d-----w c:\program files\Pharos
2008-12-19 23:05 --------- d-----w c:\program files\RALINK
2008-12-19 23:05 --------- d-----w c:\program files\quicktime
2008-12-19 23:05 --------- d-----w c:\program files\PharosSystems
2008-12-19 23:04 --------- d-----w c:\program files\Realtek
2008-12-19 23:03 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-19 23:03 --------- d-----w c:\program files\WIDCOMM
2008-12-19 23:03 --------- d-----w c:\program files\Skype
2008-12-19 23:01 --------- d-----w c:\program files\Yahoo!
2008-12-19 23:01 --------- d-----w c:\program files\Windows Resource Kits
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-11-22 01:44 142,280 ----a-w c:\windows\system32\ElbyVCD.dll
2008-11-09 16:02 11,264 ----a-w c:\windows\system32\PSSE7CCE.DLL
2008-11-06 16:37 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-06 16:37 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-06 16:35 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-06 16:35 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-11-06 16:33 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-11-06 16:33 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-11-06 16:33 684,032 ----a-w c:\windows\system32\DivX.dll
2008-11-06 16:33 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-11-06 04:18 11,264 ----a-w c:\windows\system32\PSS04FFE.DLL
2008-10-02 20:53 4,900,376 ----a-w c:\program files\LimeWireWin.exe
2008-09-08 03:04 2,146 -c--a-w c:\documents and settings\Greggy B\Application Data\wklnhst.dat
2008-08-07 00:37 39,644 ----a-w c:\program files\Uninst.exe
2008-08-03 23:43 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-05-29 20:46 217 ----a-w c:\program files\setup.ini
2008-05-27 22:26 144,463 ----a-w c:\program files\v542relnotes.txt
2008-05-27 17:04 3,226,112 ----a-w c:\program files\nbpro.exe
2008-05-27 17:03 1,051,136 ----a-w c:\program files\Language.dll
2008-05-23 04:48 33 ---ha-w c:\program files\oemver.txt
2008-04-25 12:24 9,916 ----a-w c:\program files\notices.txt
2008-04-17 01:48 239,616 ----a-w c:\program files\par2dll.dll
2008-04-16 19:32 4,757 ----a-w c:\program files\readme.txt
2007-01-03 23:02 1,067 ----a-w c:\program files\ORDER.TXT
2006-10-08 18:51 397,729 ----a-w c:\program files\sqlite3.exe
2006-03-24 18:32 50,216 ----a-w c:\program files\toolbar.bmp
2005-10-18 15:06 128,000 ----a-w c:\program files\GROUPS.DB3
2002-03-11 09:06 1,822,520 ----a-w c:\program files\instmsiw.exe
2002-03-11 08:45 1,708,856 ----a-w c:\program files\instmsia.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"DAEMON Tools Pro Agent"="d:\program files\DAEMON Tools Pro\DTProAgent.exe" [2008-10-09 200136]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-05-21 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-05-21 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"U1_USB"="c:\program files\ASUS\AiGuru U1\AiGuru_U1usb.exe" [2008-04-25 200704]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-04 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"vptray"="d:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 77824]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-28 c:\windows\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe]

c:\documents and settings\Greggy B\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - d:\erunt\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoRun OSCleaner.lnk - c:\program files\ASUS\Asus OS Cleaner\AsOSCleaner.exe [2008-12-19 118784]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-19 576104]
SuperHybridEngine.lnk - c:\program files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-12-19 294912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"d:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2008-12-10 88576]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2008-05-22 11264]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-05-19 36864]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-05-22 625024]
R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 UltraCrypt;UltraCrypt;\??\d:\program files\UltraCrypt.sys --> d:\program files\UltraCrypt.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{186baa04-7aec-11dd-ae0d-0015aff4b2b5}]
\Shell\AutoRun\command - I:\setup.exe -q

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ad9c41c-6244-11dd-adeb-0015aff4b2b5}]
\Shell\AutoRun\command - F:\SETUP.EXE /AUTORUN
\Shell\configure\command - F:\SETUP.EXE
\Shell\install\command - F:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ca277c6-f175-11dd-af28-0015afbbf29b}]
\Shell\AutoRun\command - System\DriveGuard\DriveProtect.exe -run 
\Shell\Explore\Command - System\DriveGuard\DriveProtect.exe -run  
\Shell\Open\Command - System\DriveGuard\DriveProtect.exe -run 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de080ff2-868e-11dd-ae2c-0015aff4b2b5}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com i:
\Shell\Open\command - "resycled\ntldr.c

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecc7fd6e-9bf0-11dd-ae57-0015aff4b2b5}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com j:
\Shell\Open\command - j:\resycled\ntldr.com j:
.
Contents of the 'Scheduled Tasks' folder

2009-02-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eeepc.asus.com/global
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {41CE35A7-6C29-4FA0-99EF-D8107544748D} = 208.67.222.222,208.67.220.220
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 22:47:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
d:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-02-04 22:50:58
ComboFix-quarantined-files.txt 2009-02-05 03:50:54

Pre-Run: 202,522,624 bytes free
Post-Run: 275,259,392 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

272 --- E O F --- 2009-01-14 08:06:02

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-04 23:17:42
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT spdg.sys ZwCreateKey [0xF73880E0]
SSDT spdg.sys ZwEnumerateKey [0xF73A6CA2]
SSDT spdg.sys ZwEnumerateValueKey [0xF73A7030]
SSDT spdg.sys ZwOpenKey [0xF73880C0]
SSDT spdg.sys ZwQueryKey [0xF73A7108]
SSDT spdg.sys ZwQueryValueKey [0xF73A6F88]
SSDT spdg.sys ZwSetValueKey [0xF73A719A]
SSDT \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA99CCF20]

INT 0x62 ? 86567BF8
INT 0x63 ? 863B0F00
INT 0x82 ? 86567BF8
INT 0xA4 ? 863B0F00
INT 0xB1 ? 86569BF8
INT 0xB1 ? 86569BF8
INT 0xB4 ? 863B0F00

---- Kernel code sections - GMER 1.0.14 ----

? spdg.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6B0A8AC 5 Bytes JMP 863B04E0
.text ajk1j5ws.SYS F6AA9386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text ajk1j5ws.SYS F6AA93AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ajk1j5ws.SYS F6AA93C4 3 Bytes [ 00, 80, 02 ]
.text ajk1j5ws.SYS F6AA93C9 1 Byte [ 2E ]
.text ajk1j5ws.SYS F6AA93CB 9 Bytes [ 00, 00, 5E, 02, 00, 00, 00, ... ]
.text ...
.text a18g074q.SYS F6A3B386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text a18g074q.SYS F6A3B3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text a18g074q.SYS F6A3B3C4 3 Bytes [ 00, 70, 02 ]
.text a18g074q.SYS F6A3B3C9 1 Byte [ 2E ]
.text a18g074q.SYS F6A3B3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ]
.text ...
? C:\WINDOWS\TEMP\mc21.tmp The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\RTHDCPL.EXE[264] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\RTHDCPL.EXE[264] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\RTHDCPL.EXE[264] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\RTHDCPL.EXE[264] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\RTHDCPL.EXE[264] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\RTHDCPL.EXE[264] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\RTHDCPL.EXE[264] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\RTHDCPL.EXE[264] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\RTHDCPL.EXE[264] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\RTHDCPL.EXE[264] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\RTHDCPL.EXE[264] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\RTHDCPL.EXE[264] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[388] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\hkcmd.exe[388] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\hkcmd.exe[388] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\system32\hkcmd.exe[388] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\hkcmd.exe[388] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\hkcmd.exe[388] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\hkcmd.exe[388] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\hkcmd.exe[388] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\hkcmd.exe[388] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[388] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[388] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[388] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SOUNDMAN.EXE[392] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\SOUNDMAN.EXE[392] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[392] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\SOUNDMAN.EXE[392] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\SOUNDMAN.EXE[392] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\SOUNDMAN.EXE[392] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\SOUNDMAN.EXE[392] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\SOUNDMAN.EXE[392] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[392] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SOUNDMAN.EXE[392] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\SOUNDMAN.EXE[392] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SOUNDMAN.EXE[392] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[460] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\igfxtray.exe[460] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\igfxtray.exe[460] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\system32\igfxtray.exe[460] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\igfxtray.exe[460] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\igfxtray.exe[460] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\igfxtray.exe[460] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\igfxtray.exe[460] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\igfxtray.exe[460] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[460] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[460] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[460] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\igfxext.exe[644] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\igfxext.exe[644] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\igfxext.exe[644] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\system32\igfxext.exe[644] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\igfxext.exe[644] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\igfxext.exe[644] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\igfxext.exe[644] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\igfxext.exe[644] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\igfxext.exe[644] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxext.exe[644] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\igfxext.exe[644] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxext.exe[644] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\Program Files\QuickTime\qttask.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\QuickTime\qttask.exe[1112] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\QuickTime\qttask.exe[1112] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\QuickTime\qttask.exe[1112] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\Program Files\QuickTime\qttask.exe[1112] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\QuickTime\qttask.exe[1112] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\QuickTime\qttask.exe[1112] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\QuickTime\qttask.exe[1112] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\QuickTime\qttask.exe[1112] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\qttask.exe[1112] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\Program Files\QuickTime\qttask.exe[1112] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\qttask.exe[1112] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[1500] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\notepad.exe[1840] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\notepad.exe[1840] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\notepad.exe[1840] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\notepad.exe[1840] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\notepad.exe[1840] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\notepad.exe[1840] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\notepad.exe[1840] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\notepad.exe[1840] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\notepad.exe[1840] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\notepad.exe[1840] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\notepad.exe[1840] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\notepad.exe[1840] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe[1888] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe[1888] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe[1888] kernel32.dll!FreeLibrary + 15 7C80AC83 4 B

Edited by Maxim724X, 04 February 2009 - 10:18 PM.

[Maxim724X]

By the way, I just used Combo-Fix and GMER:

ComboFix 09-02-04.01 - Greggy B 2009-02-04 22:44:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.474 [GMT -5:00]
Running from: c:\documents and settings\Greggy B\Desktop\Combo-Fix.exe
.
The following files were disabled during the run:
c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
D:\Autorun.inf
D:\resycled
d:\resycled\ntldr.com
E:\autorun.inf
E:\resycled
e:\resycled\ntldr.com

----- BITS: Possible infected sites -----

hxxp://pingpinghost.com
.
((((((((((((((((((((((((( Files Created from 2009-01-05 to 2009-02-05 )))))))))))))))))))))))))))))))
.

2009-02-04 21:57 . 2009-02-04 21:57 <DIR> d-------- c:\program files\Trend Micro
2009-02-03 16:18 . 2009-02-03 16:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-03 16:16 . 2009-02-03 16:17 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-03 16:16 . 2009-02-03 16:16 <DIR> d-------- c:\documents and settings\Greggy B\Application Data\SUPERAntiSpyware.com
2009-02-03 16:15 . 2009-02-03 16:15 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-02 23:51 . 2009-02-02 23:51 <DIR> d-------- c:\documents and settings\Greggy B\Application Data\Malwarebytes
2009-02-02 23:50 . 2009-02-02 23:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 23:50 . 2009-02-02 23:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-02 23:50 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 23:50 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-02 23:37 . 2009-02-02 23:37 0 --a------ c:\windows\VPC32.INI
2009-02-02 22:58 . 2009-02-02 22:52 123,619 --a------ c:\windows\system32\SYMEVNT.386
2009-02-02 22:58 . 2009-02-02 22:52 83,672 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-02 22:58 . 2009-02-02 22:52 73,224 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-02 22:56 . 2009-02-02 22:58 <DIR> d-------- c:\program files\Symantec
2009-02-02 22:56 . 2009-02-02 22:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-02-02 22:55 . 2009-02-02 22:55 <DIR> d-------- c:\program files\Symantec_Client_Security
2009-02-02 22:55 . 2009-02-02 22:57 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-01-31 11:34 . 2009-01-31 11:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\GRETECH
2009-01-27 10:58 . 2009-01-29 13:13 8,628 --ah----- c:\windows\system32\CMMGR32.GID
2009-01-19 23:14 . 2009-01-19 23:14 <DIR> d-------- c:\program files\CMVideoPlugin
2009-01-19 22:49 . 2009-01-19 23:26 <DIR> d-------- c:\program files\DAEMON Tools Pro
2009-01-19 22:49 . 2009-01-19 22:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-01-19 21:51 . 2009-01-19 21:51 <DIR> d-------- c:\windows\system32\NtmsData
2009-01-19 00:51 . 2009-01-19 00:51 <DIR> d-------- c:\program files\Elaborate Bytes
2009-01-19 00:20 . 2009-01-19 01:03 285 --a------ c:\windows\EReg072.dat
2009-01-19 00:19 . 1998-09-02 03:02 194,320 --a------ c:\windows\system32\qcut.dll
2009-01-19 00:19 . 1998-08-26 23:51 182,032 --a------ c:\windows\system32\dxtmsft3.dll
2009-01-19 00:19 . 1998-08-20 06:02 140,800 --a------ c:\windows\system32\tm20dec.ax
2009-01-19 00:19 . 1998-09-02 03:28 63,488 --a------ c:\windows\system32\unam4ie.exe
2009-01-19 00:19 . 1998-09-02 03:28 38,160 --a------ c:\windows\system32\LMRTREND.dll
2009-01-19 00:19 . 1998-08-17 04:21 11,776 --a------ c:\windows\system32\mciqtz.drv
2009-01-19 00:19 . 1998-08-17 04:21 10,240 --a------ c:\windows\system32\vidx16.dll
2009-01-19 00:19 . 1998-08-17 04:21 5,672 --a------ c:\windows\system32\quartz.vxd
2009-01-19 00:19 . 2009-01-19 00:19 4,608 --a------ c:\windows\system32\w95inf32.dll
2009-01-19 00:19 . 2009-01-19 00:19 2,272 --a------ c:\windows\system32\w95inf16.dll
2009-01-19 00:07 . 2000-06-23 14:05 136,704 --a------ c:\windows\system32\iacenc.dll
2009-01-19 00:07 . 2000-06-22 13:09 56,320 --------- c:\windows\system32\iyvu9_32.dll
2009-01-19 00:06 . 2009-01-19 00:06 <DIR> d-------- c:\program files\Ligos
2009-01-19 00:06 . 1998-10-29 19:45 306,688 --a------ c:\windows\IsUninst.exe
2009-01-18 23:57 . 2009-01-19 23:39 <DIR> d-------- c:\documents and settings\Greggy B\Application Data\DAEMON Tools Pro
2009-01-18 23:57 . 2009-01-18 23:57 <DIR> d-------- c:\documents and settings\Greggy B\Application Data\DAEMON Tools
2009-01-18 23:56 . 2009-01-18 23:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-18 23:55 . 2009-01-18 23:56 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-01-18 23:52 . 2009-01-18 23:52 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-18 23:51 . 2009-01-19 21:20 <DIR> d-------- c:\documents and settings\Greggy B\Application Data\DAEMON Tools Lite
2009-01-15 16:10 . 2009-01-15 16:10 29,184 --a------ c:\windows\system32\drivers\VClone.sys
2009-01-14 16:43 . 2009-01-14 16:43 24,360 --a------ c:\windows\system32\drivers\ElbyCDIO.sys
2009-01-14 16:13 . 2009-01-14 16:13 93,352 --a------ c:\windows\system32\ElbyCDIO.dll
2009-01-12 20:32 . 2009-01-12 20:32 <DIR> d-------- c:\program files\SKTools
2009-01-08 01:15 . 2009-01-08 01:17 <DIR> d-------- c:\program files\Allok RM RMVB to AVI MPEG DVD Converter
2009-01-08 01:15 . 2007-04-12 14:19 129,024 --a------ c:\windows\system32\AVERM.dll
2009-01-07 18:11 . 2009-01-07 18:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sling Media
2009-01-07 18:02 . 2009-02-04 00:04 <DIR> d-------- c:\program files\Sling Media

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 03:51 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-21 16:04 --------- d-----w c:\program files\DivX
2009-01-12 23:12 --------- d-----w c:\program files\Microsoft ActiveSync
2009-01-03 06:46 --------- d-----w c:\program files\7-Zip
2008-12-20 00:38 --------- d-----w c:\program files\Windows Media Components
2008-12-19 23:17 --------- d-----w c:\program files\Common Files\Adobe
2008-12-19 23:17 --------- d-----w c:\program files\ASUS
2008-12-19 23:16 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-12-19 23:15 --------- d-----w c:\program files\Common Files\Java
2008-12-19 23:13 --------- d-----w c:\program files\Common Files\Skype
2008-12-19 23:13 --------- d-----w c:\program files\Common Files\Real
2008-12-19 23:12 --------- d-sh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-19 23:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-19 23:12 --------- d-----w c:\program files\EeePC
2008-12-19 23:12 --------- d-----w c:\program files\DVDVideoSoft
2008-12-19 23:11 --------- d-----w c:\program files\Intel
2008-12-19 23:08 --------- d-----w c:\program files\Microsoft.NET
2008-12-19 23:08 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-12-19 23:08 --------- d-----w c:\program files\microsoft frontpage
2008-12-19 23:07 --------- d-----w c:\program files\Opera
2008-12-19 23:07 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-12-19 23:07 --------- d-----w c:\program files\nLite
2008-12-19 23:07 --------- d-----w c:\program files\MSXML 4.0
2008-12-19 23:07 --------- d-----w c:\program files\MSECache
2008-12-19 23:06 --------- d-----w c:\program files\Pharos
2008-12-19 23:05 --------- d-----w c:\program files\RALINK
2008-12-19 23:05 --------- d-----w c:\program files\quicktime
2008-12-19 23:05 --------- d-----w c:\program files\PharosSystems
2008-12-19 23:04 --------- d-----w c:\program files\Realtek
2008-12-19 23:03 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-19 23:03 --------- d-----w c:\program files\WIDCOMM
2008-12-19 23:03 --------- d-----w c:\program files\Skype
2008-12-19 23:01 --------- d-----w c:\program files\Yahoo!
2008-12-19 23:01 --------- d-----w c:\program files\Windows Resource Kits
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-11-22 01:44 142,280 ----a-w c:\windows\system32\ElbyVCD.dll
2008-11-09 16:02 11,264 ----a-w c:\windows\system32\PSSE7CCE.DLL
2008-11-06 16:37 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-06 16:37 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-06 16:35 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-06 16:35 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-11-06 16:33 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-11-06 16:33 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-11-06 16:33 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-11-06 16:33 684,032 ----a-w c:\windows\system32\DivX.dll
2008-11-06 16:33 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-11-06 04:18 11,264 ----a-w c:\windows\system32\PSS04FFE.DLL
2008-10-02 20:53 4,900,376 ----a-w c:\program files\LimeWireWin.exe
2008-09-08 03:04 2,146 -c--a-w c:\documents and settings\Greggy B\Application Data\wklnhst.dat
2008-08-07 00:37 39,644 ----a-w c:\program files\Uninst.exe
2008-08-03 23:43 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-05-29 20:46 217 ----a-w c:\program files\setup.ini
2008-05-27 22:26 144,463 ----a-w c:\program files\v542relnotes.txt
2008-05-27 17:04 3,226,112 ----a-w c:\program files\nbpro.exe
2008-05-27 17:03 1,051,136 ----a-w c:\program files\Language.dll
2008-05-23 04:48 33 ---ha-w c:\program files\oemver.txt
2008-04-25 12:24 9,916 ----a-w c:\program files\notices.txt
2008-04-17 01:48 239,616 ----a-w c:\program files\par2dll.dll
2008-04-16 19:32 4,757 ----a-w c:\program files\readme.txt
2007-01-03 23:02 1,067 ----a-w c:\program files\ORDER.TXT
2006-10-08 18:51 397,729 ----a-w c:\program files\sqlite3.exe
2006-03-24 18:32 50,216 ----a-w c:\program files\toolbar.bmp
2005-10-18 15:06 128,000 ----a-w c:\program files\GROUPS.DB3
2002-03-11 09:06 1,822,520 ----a-w c:\program files\instmsiw.exe
2002-03-11 08:45 1,708,856 ----a-w c:\program files\instmsia.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"DAEMON Tools Pro Agent"="d:\program files\DAEMON Tools Pro\DTProAgent.exe" [2008-10-09 200136]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-05-21 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-05-21 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"U1_USB"="c:\program files\ASUS\AiGuru U1\AiGuru_U1usb.exe" [2008-04-25 200704]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-04 77824]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"vptray"="d:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 77824]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-28 c:\windows\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe]

c:\documents and settings\Greggy B\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - d:\erunt\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoRun OSCleaner.lnk - c:\program files\ASUS\Asus OS Cleaner\AsOSCleaner.exe [2008-12-19 118784]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-19 576104]
SuperHybridEngine.lnk - c:\program files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-12-19 294912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"d:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2008-12-10 88576]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [2008-05-22 11264]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-05-19 36864]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-05-22 625024]
R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 UltraCrypt;UltraCrypt;\??\d:\program files\UltraCrypt.sys --> d:\program files\UltraCrypt.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{186baa04-7aec-11dd-ae0d-0015aff4b2b5}]
\Shell\AutoRun\command - I:\setup.exe -q

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ad9c41c-6244-11dd-adeb-0015aff4b2b5}]
\Shell\AutoRun\command - F:\SETUP.EXE /AUTORUN
\Shell\configure\command - F:\SETUP.EXE
\Shell\install\command - F:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ca277c6-f175-11dd-af28-0015afbbf29b}]
\Shell\AutoRun\command - System\DriveGuard\DriveProtect.exe -run 
\Shell\Explore\Command - System\DriveGuard\DriveProtect.exe -run  
\Shell\Open\Command - System\DriveGuard\DriveProtect.exe -run 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de080ff2-868e-11dd-ae2c-0015aff4b2b5}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com i:
\Shell\Open\command - "resycled\ntldr.c

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ecc7fd6e-9bf0-11dd-ae57-0015aff4b2b5}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\ntldr.com j:
\Shell\Open\command - j:\resycled\ntldr.com j:
.
Contents of the 'Scheduled Tasks' folder

2009-02-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eeepc.asus.com/global
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {41CE35A7-6C29-4FA0-99EF-D8107544748D} = 208.67.222.222,208.67.220.220
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 22:47:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
d:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-02-04 22:50:58
ComboFix-quarantined-files.txt 2009-02-05 03:50:54

Pre-Run: 202,522,624 bytes free
Post-Run: 275,259,392 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

272 --- E O F --- 2009-01-14 08:06:02

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-04 23:17:42
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT spdg.sys ZwCreateKey [0xF73880E0]
SSDT spdg.sys ZwEnumerateKey [0xF73A6CA2]
SSDT spdg.sys ZwEnumerateValueKey [0xF73A7030]
SSDT spdg.sys ZwOpenKey [0xF73880C0]
SSDT spdg.sys ZwQueryKey [0xF73A7108]
SSDT spdg.sys ZwQueryValueKey [0xF73A6F88]
SSDT spdg.sys ZwSetValueKey [0xF73A719A]
SSDT \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA99CCF20]

INT 0x62 ? 86567BF8
INT 0x63 ? 863B0F00
INT 0x82 ? 86567BF8
INT 0xA4 ? 863B0F00
INT 0xB1 ? 86569BF8
INT 0xB1 ? 86569BF8
INT 0xB4 ? 863B0F00

---- Kernel code sections - GMER 1.0.14 ----

? spdg.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6B0A8AC 5 Bytes JMP 863B04E0
.text ajk1j5ws.SYS F6AA9386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text ajk1j5ws.SYS F6AA93AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ajk1j5ws.SYS F6AA93C4 3 Bytes [ 00, 80, 02 ]
.text ajk1j5ws.SYS F6AA93C9 1 Byte [ 2E ]
.text ajk1j5ws.SYS F6AA93CB 9 Bytes [ 00, 00, 5E, 02, 00, 00, 00, ... ]
.text ...
.text a18g074q.SYS F6A3B386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text a18g074q.SYS F6A3B3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text a18g074q.SYS F6A3B3C4 3 Bytes [ 00, 70, 02 ]
.text a18g074q.SYS F6A3B3C9 1 Byte [ 2E ]
.text a18g074q.SYS F6A3B3CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ]
.text ...
? C:\WINDOWS\TEMP\mc21.tmp The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\RTHDCPL.EXE[264] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\RTHDCPL.EXE[264] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\RTHDCPL.EXE[264] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\RTHDCPL.EXE[264] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\RTHDCPL.EXE[264] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\RTHDCPL.EXE[264] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\RTHDCPL.EXE[264] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\RTHDCPL.EXE[264] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\RTHDCPL.EXE[264] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\RTHDCPL.EXE[264] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\RTHDCPL.EXE[264] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\RTHDCPL.EXE[264] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[388] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\hkcmd.exe[388] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\hkcmd.exe[388] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\system32\hkcmd.exe[388] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\hkcmd.exe[388] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\hkcmd.exe[388] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\hkcmd.exe[388] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\hkcmd.exe[388] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\hkcmd.exe[388] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[388] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[388] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[388] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\SOUNDMAN.EXE[392] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\SOUNDMAN.EXE[392] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[392] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\SOUNDMAN.EXE[392] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\SOUNDMAN.EXE[392] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\SOUNDMAN.EXE[392] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\SOUNDMAN.EXE[392] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\SOUNDMAN.EXE[392] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[392] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SOUNDMAN.EXE[392] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\SOUNDMAN.EXE[392] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SOUNDMAN.EXE[392] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[460] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\igfxtray.exe[460] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\igfxtray.exe[460] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\system32\igfxtray.exe[460] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\igfxtray.exe[460] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\igfxtray.exe[460] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\igfxtray.exe[460] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\igfxtray.exe[460] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\igfxtray.exe[460] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[460] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\igfxtray.exe[460] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxtray.exe[460] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\igfxext.exe[644] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\igfxext.exe[644] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\igfxext.exe[644] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\system32\igfxext.exe[644] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\igfxext.exe[644] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\igfxext.exe[644] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\igfxext.exe[644] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\igfxext.exe[644] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\igfxext.exe[644] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxext.exe[644] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\igfxext.exe[644] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxext.exe[644] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe[724] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\Program Files\QuickTime\qttask.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\QuickTime\qttask.exe[1112] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\QuickTime\qttask.exe[1112] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\QuickTime\qttask.exe[1112] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\Program Files\QuickTime\qttask.exe[1112] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\QuickTime\qttask.exe[1112] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\QuickTime\qttask.exe[1112] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\QuickTime\qttask.exe[1112] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\QuickTime\qttask.exe[1112] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\qttask.exe[1112] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\Program Files\QuickTime\qttask.exe[1112] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\QuickTime\qttask.exe[1112] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\DOCUME~1\GREGGY~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1328] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[1500] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe[1512] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\EeePC\ACPI\AsEPCMon.exe[1520] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ASUS\AiGuru U1\AiGuru_U1usb.exe[1532] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[1548] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\notepad.exe[1840] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\notepad.exe[1840] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\notepad.exe[1840] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\notepad.exe[1840] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\notepad.exe[1840] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\notepad.exe[1840] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\notepad.exe[1840] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\notepad.exe[1840] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\notepad.exe[1840] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\notepad.exe[1840] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\notepad.exe[1840] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\notepad.exe[1840] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[1872] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] kernel32.dll!ExitProcess 7C81CAFA 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] GDI32.dll!StartDocW 77F45962 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] GDI32.dll!StartDocA 77F45E79 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxsrvc.exe[1880] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [ 0E, 5F ]
.text D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe[1888] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe[1888] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe[1888] kernel32.dll!FreeLibrary + 15 7C80AC83 4 B

Edited by Maxim724X, 04 February 2009 - 10:18 PM.