Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE8 redirects and Firefox Crashes


  • This topic is locked This topic is locked
3 replies to this topic

#1 andocommanndo

andocommanndo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 26 January 2011 - 01:33 PM

Help, I'm trying to fix my sisters computer and can't figure it out. While browsing usually through google, using good links it will redirect me to sites like findstuff.com. Sometimes if I hit the back button and click the link again it will take me to the page. Sometimes the back button will only reload the findstuff.com page no matter how fast I keep clicking the back button. Also, when I try to load firefox it crashes on program start. I tried starting firefox in safemode to turn off the automatic recovery (it seemed that might have been the cause of it crashing) but it will only get to the about:config then crash again.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:18:03 PM, on 1/26/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ftp://ftp/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154710103345
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/games/GoBitGamesPlayer.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://nationalgeographic.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://cns-services/webinstman/webinst.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10823 bytes




Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5578

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/26/2011 11:08:22 AM
mbam-log-2011-01-26 (11-08-22).txt

Scan type: Full scan (C:\|)
Objects scanned: 236208
Time elapsed: 1 hour(s), 5 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




ComboFix 11-01-25.01 - User 01/25/2011 23:01:09.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.372 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Application Data\360SE
c:\documents and settings\User\Application Data\360SE\360SE.ini
c:\documents and settings\User\Application Data\360SE\data\360sefav.db
c:\documents and settings\User\Application Data\360SE\data\DailyBackup\360sefav_2010_09_05.favdb
c:\documents and settings\User\Application Data\360SE\data\history.dat
c:\documents and settings\User\Application Data\360SE\data\ico\avc.360.cn.ico
c:\documents and settings\User\Application Data\360SE\data\ico\cn.bing.com.ico
c:\documents and settings\User\Application Data\360SE\data\ico\cz.360.cn.ico
c:\documents and settings\User\Application Data\360SE\data\ico\ddt.wan.360.cn.ico
c:\documents and settings\User\Application Data\360SE\data\ico\dgcs.wan.360.cn.ico
c:\documents and settings\User\Application Data\360SE\data\ico\dh.wan.360.cn.ico
c:\documents and settings\User\Application Data\360SE\data\ico\farm.wan.360.cn.ico
c:\documents and settings\User\Application Data\360SE\data\ico\g.kx365.com.ico
c:\documents and settings\User\Application Data\360SE\data\ico\hao.360.cn.ico
c:\documents and settings\User\Application Data\360SE\data\ico\hero.wan.360.cn.ico
c:\documents and settings\User\Application Data\360SE\data\ico\mcsd.wan.360.cn.ico
c:\documents and settings\User\Application Data\360SE\data\ico\me.360.cn.ico
c:\documents and settings\User\Application Data\360SE\data\ico\plsm.wan.360.cn.ico
c:\documents and settings\User\Application Data\360SE\data\ico\poker.wan.360.cn.ico
c:\documents and settings\User\Application Data\360SE\data\ico\se.360.cn.ico
c:\documents and settings\User\Application Data\360SE\data\ico\search8.taobao.com.ico
c:\documents and settings\User\Application Data\360SE\data\ico\update.microsoft.com.ico
c:\documents and settings\User\Application Data\360SE\data\ico\wan.360.cn.ico
c:\documents and settings\User\Application Data\360SE\data\ico\windowsupdate.microsoft.com.ico
c:\documents and settings\User\Application Data\360SE\data\ico\www.baidu.com.ico
c:\documents and settings\User\Application Data\360SE\data\ico\www.bing.com.ico
c:\documents and settings\User\Application Data\360SE\data\ico\www.google.com.hk.ico
c:\documents and settings\User\Application Data\360SE\data\ico\www.qihoo.com.ico
c:\documents and settings\User\Application Data\360SE\data\ico\www.sogou.com.ico
c:\documents and settings\User\Application Data\360SE\data\ico\www.update.microsoft.com.ico
c:\documents and settings\User\Application Data\360SE\data\ico\www.youdao.com.ico
c:\documents and settings\User\Application Data\360SE\data\ico\wxfy.wan.360.cn.ico
c:\documents and settings\User\Application Data\360SE\data\ico\yahoo.cn.ico
c:\documents and settings\User\Application Data\360SE\data\ico\zqjl.wan.360.cn.ico
c:\documents and settings\User\Application Data\360SE\data\IECompat.dat
c:\documents and settings\User\Application Data\360SE\data\user.dat
c:\documents and settings\User\Application Data\360SE\dmfilter.dat
c:\documents and settings\User\Application Data\360SE\extensions\ExtAddons\ExtStats.ini
c:\documents and settings\User\Application Data\360SE\extensions\ExtAddons\ExtStats.ini.cfg
c:\documents and settings\User\Application Data\360SE\extensions\ExtAddons\ganzhi.ini
c:\documents and settings\User\Application Data\360SE\extensions\ExtAddons\recommend.ini
c:\documents and settings\User\Application Data\360SE\extensions\ExtAdfilter\extadfilter.ini
c:\documents and settings\User\Application Data\360SE\extensions\ExtChongzhi\stat.ini
c:\documents and settings\User\Application Data\360SE\extensions\ExtDoctor\doctor.dl_
c:\documents and settings\User\Application Data\360SE\extensions\ExtDoctor\doctor.dll
c:\documents and settings\User\Application Data\360SE\extensions\ExtDoctor\ExtDoctor.ini
c:\documents and settings\User\Application Data\360SE\extensions\ExtProxy\proxy.ini
c:\documents and settings\User\Application Data\360SE\extensions\Favorites\Favorites.ini
c:\documents and settings\User\Application Data\360SE\extensions\Favorites\Log\360log_2010_09_05.log
c:\documents and settings\User\Application Data\360SE\extensions\Favorites\Log\360log_2010_09_06.log
c:\documents and settings\User\Application Data\360SE\extensions\Favorites\Log\360log_2010_09_07.log
c:\documents and settings\User\Application Data\360SE\extensions\Favorites\Log\360log_2010_09_08.log
c:\documents and settings\User\Application Data\360SE\extensions\Favorites\Log\360log_2010_09_09.log
c:\documents and settings\User\Application Data\360SE\extensions\Favorites\Log\360log_2010_11_11.log
c:\documents and settings\User\Application Data\360SE\extensions\SafeCentral\esimple.ini
c:\documents and settings\User\Application Data\360SE\extensions\SafeCentral\SafeCentral.ini
c:\documents and settings\User\Application Data\360SE\extensions\SafeCentral\SafeProtect.dat
c:\documents and settings\User\Application Data\360SE\extensions\SafeCentral\sc.ini
c:\documents and settings\User\Application Data\360SE\extensions\SafeCentral\urllib.dat
c:\documents and settings\User\Application Data\360SE\extensions\SafeCentral\urllibauth.dat
c:\documents and settings\User\Application Data\360SE\extensions\TranslatorPlugin\stat.ini
c:\documents and settings\User\Application Data\360SE\extensions\TranslatorPlugin\translate.ini
c:\documents and settings\User\Application Data\360SE\seup.ini
c:\documents and settings\User\Application Data\360SE\stat.ini
c:\documents and settings\User\Application Data\360SE\Update\extaddons.zip
c:\documents and settings\User\Application Data\360SE\Update\extadfilter.zip
c:\documents and settings\User\Application Data\360SE\Update\extdoctor.zip
c:\documents and settings\User\Application Data\360SE\Update\extproxy.zip
c:\documents and settings\User\Application Data\360SE\Update\safecentral.zip
c:\documents and settings\User\Application Data\360SE\Update\snapplugin.zip
c:\documents and settings\User\Application Data\360SE\Update\translatorplugin.zip
c:\documents and settings\User\Recent\Thumbs.db
c:\windows\Downloaded Program Files\webinst.dll
c:\windows\system\oeminfo.ini
c:\windows\system32\drivers\etc\host_new

.
((((((((((((((((((((((((( Files Created from 2010-12-26 to 2011-01-26 )))))))))))))))))))))))))))))))
.

2011-01-21 22:10 . 2011-01-21 22:10 -------- d-----w- c:\program files\Microsoft Silverlight
2011-01-21 21:01 . 2010-11-06 00:26 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-01-21 21:01 . 2010-11-06 00:26 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-21 21:01 . 2010-11-06 00:26 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-21 21:01 . 2010-11-06 00:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-01-21 21:01 . 2010-11-06 00:26 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-21 21:01 . 2010-11-06 00:26 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-01-21 21:01 . 2010-11-06 00:26 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-01-14 04:40 . 2011-01-14 04:40 -------- d-----w- c:\program files\iPod
2011-01-14 04:30 . 2011-01-14 04:30 -------- d-----w- c:\program files\Bonjour
2011-01-14 02:56 . 2011-01-14 02:56 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-01-14 02:10 . 2008-04-14 10:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-01-14 02:10 . 2008-04-14 10:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-01-14 02:10 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-01-14 02:10 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-01-14 02:10 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-01-14 02:09 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-01-14 02:09 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-01-14 02:09 . 2008-04-14 03:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-01-14 02:09 . 2008-04-14 05:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-01-14 02:09 . 2008-04-14 03:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-01-14 02:09 . 2008-04-14 05:06 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-01-14 02:08 . 2008-04-14 03:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-01-14 02:08 . 2001-08-17 17:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-01-14 02:08 . 2001-08-17 18:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2011-01-14 02:08 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-01-14 02:08 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-01-14 02:08 . 2008-04-14 05:15 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2011-01-14 02:08 . 2008-04-14 03:04 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2011-01-14 02:08 . 2001-08-17 18:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2011-01-14 02:08 . 2001-08-17 17:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2011-01-14 02:08 . 2008-04-14 03:04 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
2011-01-14 02:08 . 2008-04-14 03:04 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
2011-01-14 02:08 . 2008-04-14 03:04 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys
2011-01-14 02:06 . 2001-08-17 18:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2011-01-14 02:06 . 2001-08-17 18:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2011-01-14 02:06 . 2001-08-17 18:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2011-01-14 02:06 . 2001-08-17 18:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-01-14 02:06 . 2001-08-17 18:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-01-14 02:06 . 2001-08-17 18:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2011-01-14 02:06 . 2001-08-17 18:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2011-01-14 02:06 . 2008-04-14 05:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-01-14 02:06 . 2008-04-14 05:15 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2011-01-14 02:06 . 2008-04-14 05:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-01-14 02:06 . 2008-04-14 03:05 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2011-01-14 02:06 . 2001-08-18 03:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2011-01-14 02:06 . 2001-08-18 03:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2011-01-14 02:05 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2011-01-14 02:05 . 2001-08-18 03:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2011-01-14 02:05 . 2001-08-18 03:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2011-01-14 02:05 . 2001-08-17 18:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2011-01-14 02:05 . 2001-08-18 03:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2011-01-14 02:05 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2011-01-14 02:05 . 2001-08-18 03:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2011-01-14 02:05 . 2001-08-18 03:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2011-01-14 02:05 . 2001-08-17 18:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2011-01-14 02:05 . 2001-08-17 18:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2011-01-14 02:05 . 2001-08-17 17:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-01-14 02:05 . 2001-08-18 03:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2011-01-14 02:03 . 2001-08-17 17:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-01-14 02:03 . 2001-08-17 19:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-01-14 02:03 . 2008-04-14 05:10 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2011-01-14 02:03 . 2001-08-17 17:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-01-14 02:03 . 2001-08-17 17:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-01-14 02:03 . 2001-08-17 18:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-01-14 02:03 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2011-01-14 02:03 . 2001-08-17 17:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-01-14 02:03 . 2001-08-17 19:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-01-14 02:03 . 2001-08-17 19:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-01-14 02:03 . 2001-08-17 19:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2011-01-14 02:03 . 2001-08-17 19:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2011-01-14 02:01 . 2001-08-18 03:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2011-01-14 02:01 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-01-14 02:01 . 2001-08-17 18:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2011-01-14 02:01 . 2001-08-18 03:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2011-01-14 02:01 . 2001-08-17 19:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2011-01-14 02:01 . 2001-08-17 18:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-01-14 02:01 . 2001-08-17 17:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2011-01-14 02:01 . 2001-08-18 03:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2011-01-14 02:01 . 2001-08-17 17:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2011-01-14 02:01 . 2008-04-14 05:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2011-01-14 02:01 . 2001-08-17 18:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2011-01-14 02:01 . 2001-08-17 18:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2011-01-14 01:59 . 2001-08-17 19:56 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2011-01-14 01:59 . 2001-08-17 17:50 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2011-01-14 01:59 . 2008-04-14 03:05 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2011-01-14 01:59 . 2001-08-18 03:36 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2011-01-14 01:59 . 2001-08-17 17:50 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-01-14 01:59 . 2001-08-17 19:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-01-14 01:59 . 2001-08-17 17:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-01-14 01:59 . 2001-08-17 19:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-01-14 01:59 . 2001-08-17 17:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-01-14 01:59 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-01-14 01:59 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-01-14 01:59 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-01-14 01:59 . 2001-08-18 03:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-01-14 01:57 . 2001-08-17 17:50 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2011-01-14 01:56 . 2001-08-18 03:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2011-01-14 01:56 . 2001-08-17 17:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2011-01-14 01:56 . 2008-04-14 05:10 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2011-01-14 01:56 . 2001-08-17 17:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-01-14 01:56 . 2001-08-18 03:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2011-01-14 01:56 . 2001-08-17 18:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-01-14 01:56 . 2001-08-17 18:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-01-14 01:56 . 2001-08-18 03:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2011-01-14 01:56 . 2001-08-17 18:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-01-14 01:56 . 2001-08-17 18:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2011-01-14 01:54 . 2001-08-18 03:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-01-14 01:53 . 2001-08-17 17:12 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2011-01-14 01:52 . 2001-08-17 17:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-01-14 01:52 . 2001-08-17 17:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2011-01-14 01:52 . 2001-08-18 03:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2011-01-14 01:52 . 2010-04-27 13:05 2024448 -c--a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-14 01:52 . 2001-08-17 17:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-01-14 01:52 . 2001-08-17 18:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-01-14 01:52 . 2001-08-17 18:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-01-14 01:52 . 2008-04-14 05:24 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2011-01-14 01:52 . 2001-08-17 17:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-01-14 01:52 . 2001-08-17 17:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-01-14 01:50 . 2001-08-17 18:50 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2011-01-14 01:50 . 2001-08-18 03:36 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2011-01-14 01:50 . 2001-08-17 18:49 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2011-01-14 01:50 . 2001-08-18 03:36 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2011-01-14 01:50 . 2001-08-17 18:50 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2011-01-14 01:50 . 2001-08-17 17:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2006-08-04 16:33 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 23:53 . 2010-04-28 19:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:34 . 2007-06-07 15:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52 . 2008-04-14 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-05 01:36 . 2010-09-03 01:36 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-03 12:25 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2009-12-02 22:57 . 2009-09-20 22:15 4274696 ----a-w- c:\program files\Shockwave_Installer_Slim.exe
2009-10-18 20:38 . 2009-10-18 20:37 9414136 ----a-w- c:\program files\picasa35-setup.exe
2008-11-11 03:02 . 2008-11-11 02:59 34130184 ----a-w- c:\program files\GoogleSketchUpWEN.exe
2008-08-28 18:29 . 2008-08-28 18:29 4891216 ----a-w- c:\program files\Silverlight.2.0.exe
2007-04-06 20:38 . 2007-04-06 20:38 219648 ----a-w- c:\program files\Premiere.exe
1997-03-06 00:46 . 2008-08-05 02:43 68096 ----a-w- c:\program files\BN-FSTCR.PRM
1997-02-25 00:51 . 2008-08-05 02:43 49664 ----a-w- c:\program files\FL-RIPPL.PRM
1997-02-25 00:51 . 2008-08-05 02:43 8704 ----a-w- c:\program files\FL-INVRT.PRM
1997-02-25 00:51 . 2008-08-05 02:43 22016 ----a-w- c:\program files\FL-IMPAN.PRM
1996-02-14 02:49 . 2007-04-06 20:38 1040384 ----a-w- c:\program files\preminfo.dll
1996-02-07 22:21 . 2007-04-06 20:38 45056 ----a-w- c:\program files\PLUGIN.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-21 335872]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-07-17 184412]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-12-31 3395600]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2006-8-4 25214]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-9-12 503869]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 07:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-03-04 19:01 88209 ----a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2007-11-01 21:13 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
2002-11-22 19:50 49152 ----a-w- c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-13 16:55 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QvodPlayer\\QvodTerminal.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"7106:TCP"= 7106:TCP:Services
"7105:TCP"= 7105:TCP:Services
"5991:TCP"= 5991:TCP:Services
"5992:TCP"= 5992:TCP:Services

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/12/2011 5:00 PM 293968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/12/2011 5:00 PM 17744]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\wbsd.sys [8/4/2006 12:34 PM 26240]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/12/2011 5:44 PM 38224]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/17/2010 10:40 AM 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 15:40]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 15:40]

2011-01-26 c:\windows\Tasks\User_Feed_Synchronization-{EC73939C-0DDF-48F9-9863-C09D0601A275}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = ftp://ftp/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} - hxxp://cns-services/webinstman/webinst.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ucovwl3c.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Prism - c:\program files\NCH Software\Prism\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-25 23:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?2?4?2??????? ?deB???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@DACL=(02 0010)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-01-25 23:12:23
ComboFix-quarantined-files.txt 2011-01-26 04:12

Pre-Run: 11,153,821,696 bytes free
Post-Run: 11,763,613,696 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - EFE41F68B5D0761DC0DBF2F22205E10C



2011/01/26 13:57:49.0343 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/26 13:57:49.0343 ================================================================================
2011/01/26 13:57:49.0343 SystemInfo:
2011/01/26 13:57:49.0343
2011/01/26 13:57:49.0343 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/26 13:57:49.0343 Product type: Workstation
2011/01/26 13:57:49.0343 ComputerName: RISD-C1B26ADDE6
2011/01/26 13:57:49.0343 UserName: User
2011/01/26 13:57:49.0343 Windows directory: C:\WINDOWS
2011/01/26 13:57:49.0343 System windows directory: C:\WINDOWS
2011/01/26 13:57:49.0343 Processor architecture: Intel x86
2011/01/26 13:57:49.0343 Number of processors: 1
2011/01/26 13:57:49.0343 Page size: 0x1000
2011/01/26 13:57:49.0343 Boot type: Normal boot
2011/01/26 13:57:49.0343 ================================================================================
2011/01/26 13:57:49.0804 Initialize success
2011/01/26 13:58:02.0572 ================================================================================
2011/01/26 13:58:02.0572 Scan started
2011/01/26 13:58:02.0572 Mode: Manual;
2011/01/26 13:58:02.0572 ================================================================================
2011/01/26 13:58:04.0024 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/01/26 13:58:04.0355 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/26 13:58:04.0465 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/01/26 13:58:04.0675 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/01/26 13:58:04.0815 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/26 13:58:05.0006 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/26 13:58:05.0156 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/01/26 13:58:05.0386 AgereSoftModem (6a92b6b9eeb4cfa8d4e3322a6eb4a70f) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/01/26 13:58:05.0647 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/26 13:58:06.0157 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/26 13:58:06.0488 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/01/26 13:58:06.0598 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/01/26 13:58:06.0708 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/01/26 13:58:06.0838 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/01/26 13:58:07.0029 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/01/26 13:58:07.0169 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/26 13:58:07.0319 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/26 13:58:07.0820 ati2mtag (06ada8d1ae1cf24c2b9f7a3e6ebc899d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/01/26 13:58:07.0920 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/26 13:58:08.0030 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/26 13:58:08.0160 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/26 13:58:08.0311 BTDriver (f9fe924da485a2b6b315dc823fbd4389) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/01/26 13:58:08.0491 BTKRNL (c3ad0378f7f892747e8964d7fc74258e) C:\WINDOWS\system32\drivers\btkrnl.sys
2011/01/26 13:58:08.0581 BTSERIAL (f197b8d096ce38ff0a42ee4d176c1f3f) C:\WINDOWS\system32\drivers\btserial.sys
2011/01/26 13:58:08.0691 BTSLBCSP (a843255c8118d2fe90cc5746357ca3e0) C:\WINDOWS\system32\drivers\btslbcsp.sys
2011/01/26 13:58:08.0811 BTWDNDIS (b6869a048ab107e660a28009d8e5e939) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/01/26 13:58:08.0911 BTWUSB (9dfd0a9a33bb252cac4823f0caff9b95) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/01/26 13:58:09.0262 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/26 13:58:09.0482 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/26 13:58:09.0833 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/26 13:58:10.0013 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/26 13:58:10.0203 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/26 13:58:10.0363 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/26 13:58:10.0604 cpqdfw (817bec5f328518290ac42821ec3922cb) C:\WINDOWS\system32\drivers\cpqdfw.sys
2011/01/26 13:58:10.0764 cqcpu (be43d9c71508cb4116cb56979d1ce820) C:\WINDOWS\system32\drivers\cqcpu.sys
2011/01/26 13:58:11.0095 cq_mem (cd6364f3acb9b2094ab60671806a5b9c) C:\WINDOWS\system32\drivers\cq_mem.sys
2011/01/26 13:58:11.0315 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/26 13:58:11.0475 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/26 13:58:11.0625 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/01/26 13:58:11.0755 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/26 13:58:11.0906 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/26 13:58:12.0046 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/01/26 13:58:12.0196 Dot4 HPH11 (a93ae4414505a8095ec4820c4312b5df) C:\WINDOWS\system32\DRIVERS\hphid411.sys
2011/01/26 13:58:12.0326 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/01/26 13:58:12.0446 Dot4Print HPH11 (4f8681519ea48757148895811f2aa051) C:\WINDOWS\system32\DRIVERS\hphipr11.sys
2011/01/26 13:58:12.0707 Dot4Storage HPH11 (df0a7516e9f803c1c64796b81605495c) C:\WINDOWS\system32\Drivers\hphs2k11.sys
2011/01/26 13:58:12.0827 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/01/26 13:58:12.0947 Dot4Usb HPH11 (c6608b2afb2567f0fa6b4bd8837f1660) C:\WINDOWS\system32\drivers\hphius11.sys
2011/01/26 13:58:13.0157 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/26 13:58:13.0388 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/26 13:58:13.0538 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/26 13:58:13.0628 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/26 13:58:13.0708 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/26 13:58:13.0858 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/26 13:58:13.0959 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/26 13:58:14.0049 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/26 13:58:14.0139 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/01/26 13:58:14.0299 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/26 13:58:14.0459 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/26 13:58:14.0700 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/26 13:58:14.0980 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/26 13:58:15.0080 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/26 13:58:15.0341 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/26 13:58:15.0471 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/26 13:58:15.0631 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/26 13:58:15.0781 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/26 13:58:16.0032 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/26 13:58:16.0382 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/26 13:58:16.0532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/26 13:58:16.0673 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/01/26 13:58:16.0753 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/26 13:58:16.0963 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/26 13:58:17.0083 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/26 13:58:17.0153 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/26 13:58:17.0253 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/26 13:58:17.0624 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/26 13:58:17.0864 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/26 13:58:17.0994 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/26 13:58:18.0105 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/26 13:58:18.0245 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/26 13:58:18.0495 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/26 13:58:18.0675 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/26 13:58:18.0876 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/26 13:58:19.0026 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/26 13:58:19.0166 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/26 13:58:19.0296 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/26 13:58:19.0416 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/26 13:58:19.0547 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/26 13:58:19.0717 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/26 13:58:19.0797 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/26 13:58:19.0917 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/26 13:58:19.0987 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/26 13:58:20.0107 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/26 13:58:20.0188 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/26 13:58:20.0288 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/26 13:58:20.0498 netrcacm (b128ccc0e4586628d5d6f6a8f1d0778d) C:\WINDOWS\system32\DRIVERS\639563.sys
2011/01/26 13:58:20.0678 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/26 13:58:21.0039 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/26 13:58:21.0139 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/26 13:58:21.0249 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/26 13:58:21.0359 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/26 13:58:21.0459 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/26 13:58:21.0580 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/26 13:58:21.0730 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/26 13:58:21.0830 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/26 13:58:21.0940 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/26 13:58:22.0040 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/26 13:58:22.0210 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/26 13:58:22.0301 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/01/26 13:58:23.0032 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/26 13:58:23.0122 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/26 13:58:23.0212 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/26 13:58:23.0643 PxHelp20 (7e1eacdecba39e0b2a35306426f0decc) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/01/26 13:58:24.0123 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/26 13:58:24.0283 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/01/26 13:58:24.0394 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/26 13:58:24.0504 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/26 13:58:24.0584 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/26 13:58:24.0754 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/26 13:58:24.0834 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/26 13:58:24.0954 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/26 13:58:25.0065 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/26 13:58:25.0175 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/26 13:58:25.0395 RTL8023 (265e3427e74cf322126c83e12c7869ec) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
2011/01/26 13:58:25.0565 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
2011/01/26 13:58:25.0876 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/26 13:58:26.0276 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/26 13:58:26.0356 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/26 13:58:26.0477 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/26 13:58:26.0717 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/01/26 13:58:26.0887 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
2011/01/26 13:58:27.0088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/26 13:58:27.0198 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/26 13:58:27.0388 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/26 13:58:27.0628 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/26 13:58:27.0768 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/26 13:58:28.0329 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/01/26 13:58:28.0469 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/26 13:58:28.0680 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/26 13:58:28.0860 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/26 13:58:28.0980 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/26 13:58:29.0110 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/26 13:58:29.0471 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/26 13:58:29.0781 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/26 13:58:30.0002 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/26 13:58:30.0172 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/26 13:58:30.0282 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/26 13:58:30.0432 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/26 13:58:30.0653 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/26 13:58:30.0813 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/26 13:58:30.0923 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/26 13:58:31.0023 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/26 13:58:31.0264 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/26 13:58:31.0534 w22n51 (002bff1ddfa3300f827ae585a3dbc8b5) C:\WINDOWS\system32\DRIVERS\w22n51.sys
2011/01/26 13:58:31.0975 w29n51 (67caa926ef06e07f2d31056b39f51c54) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/01/26 13:58:32.0195 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/26 13:58:32.0275 WBSD (b0892439d499fd39b02e772ede714027) C:\WINDOWS\system32\Drivers\WBSD.SYS
2011/01/26 13:58:32.0485 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/26 13:58:32.0706 ================================================================================
2011/01/26 13:58:32.0706 Scan finished
2011/01/26 13:58:32.0706 ================================================================================
2011/01/26 13:58:43.0391 Deinitialize success

Edited by andocommanndo, 26 January 2011 - 02:54 PM.


BC AdBot (Login to Remove)

 


#2 andocommanndo

andocommanndo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 26 January 2011 - 03:33 PM

also...


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtAllocateVirtualMemory, Type: Address change 0x80568FCA-->AA563728 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtClose, Type: Address change 0x805678CD-->AA56A7EA [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x80570833-->AA56A6A2 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtDeleteKey, Type: Address change 0x80595316-->AA56ACA8 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtDeleteValueKey, Type: Address change 0x80592D64-->AA56ABBE [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtDuplicateObject, Type: Address change 0x805717C5-->AA56A276 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtFreeVirtualMemory, Type: Address change 0x805698F5-->AA5637D8 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtOpenKey, Type: Address change 0x80568D48-->AA56A77E [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtOpenProcess, Type: Address change 0x805719AC-->AA56A1B2 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x8058E5C4-->AA56A218 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtProtectVirtualMemory, Type: Address change 0x80571E96-->AA563870 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtQueryValueKey, Type: Address change 0x8056A1F9-->AA56A8C2 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtRenameKey, Type: Address change 0x8064EAEA-->AA56AD76 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtRestoreKey, Type: Address change 0x8064EFDD-->AA56A880 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x80572A6E-->AA56AA04 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x86FC6660 [4] System
0x85BE63A8 [132] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x86050C70 [172] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x85BC2DA0 [352] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85FFC610 [528] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc., TouchPad Driver Helper Application)
0x85FFD020 [536] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc., Synaptics TouchPad Enhancements)
0x86E28448 [608] C:\Documents and Settings\User\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x85FFA610 [656] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard, hpgs2wnd)
0x86058020 [664] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java™ Update Scheduler)
0x86005BB0 [676] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software, avast! Antivirus)
0x86048408 [720] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe (-, hpgs2wnf Module)
0x85FE2918 [728] C:\WINDOWS\AGRSMMSG.exe (Agere Systems, SoftModem Messaging Applet)
0x85FC6DA0 [796] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)
0x85FF6BA8 [820] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc., GoogleToolbarNotifier)
0x86D94DA0 [884] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x85D1CC88 [924] C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (WIDCOMM, Inc., Bluetooth Support Server)
0x86CE17B8 [944] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x86E3A8B0 [968] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x85D1ADA0 [992] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86DA3AC8 [1016] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x86D5E9F8 [1028] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x86C44DA0 [1184] C:\WINDOWS\system32\ati2evxx.exe (-, -)
0x86C0CDA0 [1216] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86C10DA0 [1264] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86C19BC0 [1304] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85BB2DA0 [1384] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., MobileDeviceService)
0x85B3AB28 [1400] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x86C0E9E0 [1404] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86C1ADA0 [1512] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86067DA0 [1888] C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software, avast! Service)
0x85BB12C0 [2164] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java™ Quick Starter Service)
0x85A0BB98 [2300] C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE (HP, PML Driver)
0x85A602E8 [2376] C:\Program Files\CyberLink\Shared Files\RichVideo.exe (-, RichVideo Module)
0x85D0A448 [2464] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x858F6020 [2584] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x859F0920 [2592] C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc., SoundMAX service agent component)
0x85FD5B98 [2656] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85FAC5C0 [3132] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x85A06610 [3556] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x86D749D8 [3612] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x85C63628 [3952] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
==============================================
>Drivers
==============================================
0xF6539000 C:\WINDOWS\system32\DRIVERS\w29n51.sys 3284992 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7346000 btkrnl.sys 1245184 bytes (WIDCOMM, Inc., Bluetooth Protocol Driver for Windows 2000)
0xBF075000 C:\WINDOWS\System32\ati3duag.dll 1183744 bytes (ATI Technologies Inc. , ati3duag.dll)
0xF68A4000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 778240 bytes (ATI Technologies Inc., ATI Radeon Miniport Driver)
0xBF196000 C:\WINDOWS\System32\ativvaxx.dll 593920 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF6446000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF74BD000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAA5A1000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 405504 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xF630F000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA6D4000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA9767000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xAA55A000 C:\WINDOWS\System32\Drivers\aswSP.SYS 290816 bytes (AVAST Software, avast! self protection module)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA93B6000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA98D7000 C:\WINDOWS\system32\drivers\btslbcsp.sys 204800 bytes (WIDCOMM, Inc., Bluetooth Serial Driver for Windows 2000)
0xF636D000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF761F000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF64F7000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 188416 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xA99E2000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7490000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA8FC8000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAA611000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAA684000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF75AB000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAA65E000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF6422000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF686C000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF64D4000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA132000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xAA63C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF7573000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF75D1000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF75F0000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF639D000 C:\WINDOWS\system32\DRIVERS\btwdndis.sys 118784 bytes (WIDCOMM, Inc., Bluetooth LAN Access Server Driver)
0xF7476000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF640A000 C:\WINDOWS\system32\drivers\aeaudio.sys 98304 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xF7593000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAA51A000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xAA17D000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF754A000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF63F3000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAA2FC000 C:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xA9BF5000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6525000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6890000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EE000 ACPI_HAL 81152 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xAA72D000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7561000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF760E000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF63BA000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF685B000 C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys 69632 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xF77DE000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF69D2000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF78AE000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF767E000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF78BE000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF779E000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF69B2000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF69C2000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA9E42000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF773E000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF768E000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF77CE000 C:\WINDOWS\System32\Drivers\btwusb.sys 53248 bytes (WIDCOMM, Inc., Driver for Bluetooth USB Devices)
0xF76CE000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF78DE000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF69A2000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF76AE000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF6982000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76DE000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF77AE000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF69F2000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF769E000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF6992000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF776E000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF766E000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF770E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF6962000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF69E2000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)
0xF76BE000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF789E000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF6972000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF778E000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA9053000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF78CE000 C:\WINDOWS\system32\DRIVERS\smcirda.sys 36864 bytes (SMC, SMC IrCC NDIS 5.0 IrDA FIR Device Driver)
0xF777E000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF79A6000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7A0E000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF794E000 C:\WINDOWS\system32\DRIVERS\btport.sys 28672 bytes (WIDCOMM, Inc., Bluetooth BTPORT Driver for Windows 2000)
0xF78EE000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7A26000 C:\WINDOWS\System32\Drivers\WBSD.SYS 28672 bytes (Winbond Electronics Corp., Winbond Secure Digital (SD/MMC) Storage Device Driver)
0xF79BE000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF79B6000 C:\WINDOWS\system32\drivers\btserial.sys 24576 bytes
0xF7A4E000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7A2E000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7A3E000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF799E000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xF79FE000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7986000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF79AE000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF7976000 C:\WINDOWS\system32\drivers\cpqdfw.sys 20480 bytes
0xF7996000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78F6000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7936000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78FE000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7A66000 C:\WINDOWS\system32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF7946000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7A76000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF79DE000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7A86000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF731A000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA9C0A000 C:\WINDOWS\system32\drivers\cqcpu.sys 16384 bytes (Microsoft Corporation, Description string for cqcpu driver)
0xF7B0E000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAA40E000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7B5A000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7A8A000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xAA476000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7A7E000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7A82000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF62EB000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7B5E000 C:\WINDOWS\system32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0xF730E000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7B4A000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7BC2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7C08000 C:\WINDOWS\system32\drivers\cq_mem.sys 8192 bytes (Microsoft Corporation, Description string for cq_mem driver)
0xF7B74000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7C00000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7BC0000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B72000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7B6E000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7BC6000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7BCA000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7BBC000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7BB6000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B70000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C92000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7CC2000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7CBB000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7C37000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7C36000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\User\Cookies\user@msn[2].txt
!-->[Hidden] C:\Documents and Settings\User\Cookies\user@scorecardresearch[1].txt
!-->[Hidden] C:\Documents and Settings\User\Cookies\user@www.eset[1].txt
!-->[Hidden] C:\Documents and Settings\User\Desktop\GooredFix Backups\tdsskiller\eula.txt
!-->[Hidden] C:\Documents and Settings\User\Desktop\GooredFix Backups\tdsskiller\TDSSKiller.exe
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\D5GZ3DW7\151191C5459349A3D3032E84A[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\D5GZ3DW7\4bb67ab275497a1497a97ea8e46fdc[1].gif
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\D5GZ3DW7\4BE94CD29E71CEAF626C0B27DE87E[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\D5GZ3DW7\7980776cb684844c20339b839ac35e[1].gif
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\D5GZ3DW7\8b0fe9bcd1399077fdc9374e5f314d[1].png
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\D5GZ3DW7\9C82EAE01868DD71784A2F8F8F111C[1].gif
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\D5GZ3DW7\aae030aca59d4b1e167097964e5da_formcode[1].js
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\D5GZ3DW7\BING_websearch_2[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\D5GZ3DW7\E7C79967CA4DABC43AEC5BEF538DBF[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\D5GZ3DW7\EBF8442985F064646E736FAD6B4B86[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\D5GZ3DW7\F59F31ABDA35606EF683A432405545[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\D5GZ3DW7\FreeRefurb_300x120_122810[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\D5GZ3DW7\Sync[1].htm
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\D5GZ3DW7\wlanalytics[1].js
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JYR61EYW\1x1_Image[1].gif
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JYR61EYW\37055364ab006eb95ebbd60846447a[1].css
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JYR61EYW\62AD5103BF860D8A2C62ACB37A2BE[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JYR61EYW\7538ADBEF03B575E565770A0AEB047[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JYR61EYW\adchoices_gif[1].gif
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JYR61EYW\answer[1].aspx
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JYR61EYW\AutoSuggest_min[1].js
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JYR61EYW\c8d8548fff61b10f6f95b987c13eei_header_pop[1].css
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JYR61EYW\CA40F2219E5D7AC0E5B371A9D62D88[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JYR61EYW\E6AF27B2F7DDD6816A9FA14F614054[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JYR61EYW\F3315B57408E99AC863FEFB9839524[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JYR61EYW\FA90DF526D209BFFAD9A845676FA0[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JYR61EYW\jquery-1.4.2.min[1].js
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JYR61EYW\msn_com[1].htm
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JYR61EYW\wlHelper[1].js
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\MJAUVRIM\0000000001_000000000000000017246[1].gif
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\MJAUVRIM\01[1].htm
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\MJAUVRIM\26[1].gif
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\MJAUVRIM\457[1].gif
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\MJAUVRIM\614595fba50d96389708a4135776e4[1].gif
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\MJAUVRIM\617475cf39bf6f5c0bd6ecb985335c[1].gif
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\MJAUVRIM\C6EC4C40B6CA1092AFEFA7C527A4B5[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\MJAUVRIM\EB75D45B8948F72EE451223E95A96[1].gif
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\MJAUVRIM\FC6A4AE118158C6E2CAEBFC4F94A26[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\MJAUVRIM\Include[1].htm
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\MJAUVRIM\p[2].gif
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\MJAUVRIM\wlHelper[1].js
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ZWFCHZJZ\1452335D3677585A1DE5FE36E8B7D[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ZWFCHZJZ\2861F4934558AB52B4D29E5E2E642[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ZWFCHZJZ\325131A25F52789A3869C4761FC17[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ZWFCHZJZ\37BA92E210D341BFDBF4126422A3D2[1].gif
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ZWFCHZJZ\545[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ZWFCHZJZ\641[1].gif
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ZWFCHZJZ\7DC76ADE086CF3F56D9AB5A04489[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ZWFCHZJZ\9798fea395258497f598bba500bf83[1].png
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ZWFCHZJZ\BING_web_search[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ZWFCHZJZ\dapbeta[1].js
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ZWFCHZJZ\E89C2E5747E63D437E92CEA940BC[1].jpg
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ZWFCHZJZ\primedns[1].gif
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ZWFCHZJZ\qsonhs[1].aspx
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ZWFCHZJZ\trvwics[1].gif
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temp\~DFBAD2.tmp
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temp\~DFBAEA.tmp
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temp\~DFBC4C.tmp
!-->[Hidden] C:\Documents and Settings\User\Local Settings\Temp\~DFBC5F.tmp
!-->[Hidden] C:\System Volume Information\_restore{919235C4-021B-45CE-8618-349D61FBCAFF}\RP8\A0005432.lnk
!-->[Hidden] C:\WINDOWS\Prefetch\GOOGLETOOLBARMANAGER_4079369A-2DC43322.pf
!-->[Hidden] C:\WINDOWS\Temp\GoogleToolbarInstaller1.log
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B7C8, Type: Inline - RelativeJump 0x804E27C8-->804E2770 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B894, Type: Inline - RelativeJump 0x804E2894-->804E2841 [ntoskrnl.exe]
ntoskrnl.exe+0x0000B8DC, Type: Inline - RelativeJump 0x804E28DC-->804E291A [ntoskrnl.exe]
ntoskrnl.exe+0x0000B97C, Type: Inline - PushRet 0x804E297C-->C4AA56A8 [unknown_code_page]
ntoskrnl.exe+0x0000B9B8, Type: Inline - RelativeJump 0x804E29B8-->804E296B [ntoskrnl.exe]
ntoskrnl.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x8057FE4C-->AA577832 [aswSP.SYS]
ntoskrnl.exe-->NtCreateSection, Type: Inline - RelativeJump 0x805652B3-->AA577656 [aswSP.SYS]
ntoskrnl.exe-->NtLoadDriver, Type: Inline - RelativeJump 0x805A3B73-->AA577790 [aswSP.SYS]
ntoskrnl.exe-->ObInsertObject, Type: Inline - RelativeJump 0x8056503A-->AA574C88 [aswSP.SYS]
ntoskrnl.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x8059F8CA-->AA5731EE [aswSP.SYS]
[1016]services.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1016]services.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1016]services.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1016]services.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1016]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]
[1016]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1016]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1016]services.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1016]services.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1016]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]
[1016]services.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[1016]services.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[1016]services.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1016]services.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1016]services.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1016]services.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1016]services.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1028]lsass.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1028]lsass.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1028]lsass.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1028]lsass.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1028]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1028]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1028]lsass.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1028]lsass.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1028]lsass.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[1028]lsass.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[1028]lsass.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1028]lsass.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1028]lsass.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1028]lsass.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1028]lsass.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1184]ati2evxx.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1184]ati2evxx.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1184]ati2evxx.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1184]ati2evxx.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1184]ati2evxx.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1184]ati2evxx.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1184]ati2evxx.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1184]ati2evxx.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1184]ati2evxx.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[1184]ati2evxx.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[1184]ati2evxx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1184]ati2evxx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1184]ati2evxx.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1184]ati2evxx.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1184]ati2evxx.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1216]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1216]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1216]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1216]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1216]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1216]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1216]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1216]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1216]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[1216]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[1216]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1216]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1216]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1216]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1216]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1236]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1236]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1236]iexplore.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1236]iexplore.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1236]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1236]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1236]iexplore.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1236]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1236]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[1236]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[1236]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[1236]iexplore.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1236]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1236]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[1236]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[1236]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[1236]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[1236]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[1236]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[1236]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[1236]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[1236]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[1236]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[1236]iexplore.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[1236]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[1236]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1236]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[1236]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[1236]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[1236]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[1236]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->00000000 [ieframe.dll]
[1236]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[1236]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[1236]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[1236]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[1236]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[1236]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1236]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[1236]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[1236]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[1236]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[1236]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[1236]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[1236]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[1236]iexplore.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1236]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [ieframe.dll]
[1236]iexplore.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1236]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [ieframe.dll]
[1236]iexplore.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1236]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1236]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->00000000 [aclayers.dll]
[1236]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [aclayers.dll]
[1236]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->00000000 [aclayers.dll]
[1236]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[1236]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]
[1264]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1264]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1264]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1264]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1264]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1264]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1264]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1264]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1264]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[1264]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[1264]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1264]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1264]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1264]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1264]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1304]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1304]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1304]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1304]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1304]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1304]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1304]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1304]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1304]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[1304]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[1304]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1304]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1304]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1304]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1304]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[132]spoolsv.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[132]spoolsv.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[132]spoolsv.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[132]spoolsv.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[132]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[132]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[132]spoolsv.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[132]spoolsv.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[132]spoolsv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[132]spoolsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[132]spoolsv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[132]spoolsv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[132]spoolsv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[132]spoolsv.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[132]spoolsv.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1384]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1384]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1384]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1384]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1384]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1384]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1384]AppleMobileDeviceService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1384]AppleMobileDeviceService.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1384]AppleMobileDeviceService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[1384]AppleMobileDeviceService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[1384]AppleMobileDeviceService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1384]AppleMobileDeviceService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1384]AppleMobileDeviceService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1384]AppleMobileDeviceService.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1384]AppleMobileDeviceService.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1400]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1400]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1400]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1400]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1400]mDNSResponder.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1400]mDNSResponder.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1400]mDNSResponder.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1400]mDNSResponder.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1400]mDNSResponder.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[1400]mDNSResponder.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[1400]mDNSResponder.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1400]mDNSResponder.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1400]mDNSResponder.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1400]mDNSResponder.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1400]mDNSResponder.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1404]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1404]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1404]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1404]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1404]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1404]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1404]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1404]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1404]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[1404]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[1404]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1404]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1404]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1404]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1404]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[1512]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[1512]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[1512]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[1512]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[1512]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[1512]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[1512]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[1512]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[1512]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[1512]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[1512]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[1512]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[1512]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[1512]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[1512]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[172]explorer.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[172]explorer.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[172]explorer.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[172]explorer.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[172]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[172]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[172]explorer.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[172]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[172]explorer.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[172]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[172]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[172]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[172]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[172]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[172]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[172]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[172]explorer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[172]explorer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[172]explorer.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[172]explorer.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[172]explorer.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[172]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[172]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[1888]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C84495D-->00000000 [unknown_code_page]
[2164]jqs.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[2164]jqs.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[2164]jqs.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[2164]jqs.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[2164]jqs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[2164]jqs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[2164]jqs.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[2164]jqs.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[2164]jqs.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[2164]jqs.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[2164]jqs.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[2164]jqs.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[2164]jqs.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[2164]jqs.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[2164]jqs.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[2300]HPZIPM12.EXE-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[2300]HPZIPM12.EXE-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[2300]HPZIPM12.EXE-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[2300]HPZIPM12.EXE-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[2300]HPZIPM12.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[2300]HPZIPM12.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[2300]HPZIPM12.EXE-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[2300]HPZIPM12.EXE-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[2300]HPZIPM12.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[2300]HPZIPM12.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[2300]HPZIPM12.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[2300]HPZIPM12.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[2300]HPZIPM12.EXE-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[2300]HPZIPM12.EXE-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[2300]HPZIPM12.EXE-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[2376]RichVideo.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[2376]RichVideo.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[2376]RichVideo.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[2376]RichVideo.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[2376]RichVideo.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[2376]RichVideo.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[2376]RichVideo.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[2376]RichVideo.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[2376]RichVideo.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[2376]RichVideo.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[2376]RichVideo.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[2376]RichVideo.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[2376]RichVideo.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[2376]RichVideo.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[2376]RichVideo.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[2464]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[2464]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[2464]iexplore.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[2464]iexplore.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[2464]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[2464]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[2464]iexplore.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[2464]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2464]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[2464]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[2464]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[2464]iexplore.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[2464]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2464]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[2464]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[2464]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[2464]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[2464]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[2464]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[2464]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[2464]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[2464]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[2464]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[2464]iexplore.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[2464]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[2464]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2464]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[2464]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[2464]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[2464]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[2464]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[2464]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[2464]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[2464]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[2464]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[2464]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2464]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[2464]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[2464]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[2464]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[2464]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[2464]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[2464]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[2464]iexplore.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[2464]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[2464]iexplore.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[2464]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[2464]iexplore.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[2464]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[2464]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->00000000 [aclayers.dll]
[2464]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [aclayers.dll]
[2464]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->00000000 [aclayers.dll]
[2464]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[2464]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]
[2592]SMAgent.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[2592]SMAgent.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[2592]SMAgent.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[2592]SMAgent.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[2592]SMAgent.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[2592]SMAgent.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[2592]SMAgent.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[2592]SMAgent.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[2592]SMAgent.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[2592]SMAgent.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[2592]SMAgent.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[2592]SMAgent.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[2592]SMAgent.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[2592]SMAgent.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[2592]SMAgent.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[2656]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[2656]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[2656]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[2656]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[2656]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[2656]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[2656]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[2656]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[2656]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[2656]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[2656]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[2656]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[2656]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[2656]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[2656]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[3132]iPodService.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[3132]iPodService.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[3132]iPodService.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[3132]iPodService.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[3132]iPodService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[3132]iPodService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[3132]iPodService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[3132]iPodService.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[3132]iPodService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[3132]iPodService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[3132]iPodService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[3132]iPodService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[3132]iPodService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[3132]iPodService.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[3132]iPodService.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[352]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[352]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[352]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[352]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[352]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[352]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[352]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[352]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[352]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[352]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[352]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[352]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[352]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[352]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[352]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[3556]alg.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[3556]alg.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[3556]alg.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[3556]alg.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[3556]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[3556]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[3556]alg.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[3556]alg.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[3556]alg.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[3556]alg.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[3556]alg.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[3556]alg.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[3556]alg.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[3556]alg.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[3556]alg.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[3612]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[3612]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[3612]iexplore.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[3612]iexplore.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[3612]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[3612]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[3612]iexplore.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[3612]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3612]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[3612]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[3612]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[3612]iexplore.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[3612]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3612]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[3612]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[3612]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[3612]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[3612]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[3612]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[3612]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[3612]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[3612]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[3612]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[3612]iexplore.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[3612]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[3612]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3612]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[3612]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[3612]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[3612]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[3612]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->00000000 [ieframe.dll]
[3612]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[3612]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[3612]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[3612]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[3612]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[3612]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3612]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[3612]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[3612]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[3612]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[3612]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[3612]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[3612]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[3612]iexplore.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[3612]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [ieframe.dll]
[3612]iexplore.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[3612]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [ieframe.dll]
[3612]iexplore.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[3612]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[3612]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->00000000 [aclayers.dll]
[3612]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [aclayers.dll]
[3612]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->00000000 [aclayers.dll]
[3612]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3612]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]
[3952]ctfmon.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[3952]ctfmon.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[3952]ctfmon.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[3952]ctfmon.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[3952]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[3952]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[3952]ctfmon.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[3952]ctfmon.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[3952]ctfmon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[3952]ctfmon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[3952]ctfmon.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[3952]ctfmon.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[3952]ctfmon.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[3952]ctfmon.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[3952]ctfmon.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[528]SynTPLpr.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[528]SynTPLpr.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[528]SynTPLpr.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[528]SynTPLpr.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[528]SynTPLpr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[528]SynTPLpr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[528]SynTPLpr.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[528]SynTPLpr.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[528]SynTPLpr.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[528]SynTPLpr.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[528]SynTPLpr.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[528]SynTPLpr.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[528]SynTPLpr.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[528]SynTPLpr.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[528]SynTPLpr.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[536]SynTPEnh.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[536]SynTPEnh.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[536]SynTPEnh.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[536]SynTPEnh.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[536]SynTPEnh.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[536]SynTPEnh.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[536]SynTPEnh.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[536]SynTPEnh.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[536]SynTPEnh.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[536]SynTPEnh.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[536]SynTPEnh.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[536]SynTPEnh.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[536]SynTPEnh.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[536]SynTPEnh.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[536]SynTPEnh.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[656]hpgs2wnd.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[656]hpgs2wnd.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[656]hpgs2wnd.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[656]hpgs2wnd.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[656]hpgs2wnd.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[656]hpgs2wnd.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[656]hpgs2wnd.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[656]hpgs2wnd.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[656]hpgs2wnd.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[656]hpgs2wnd.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[656]hpgs2wnd.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[656]hpgs2wnd.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[656]hpgs2wnd.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[656]hpgs2wnd.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[656]hpgs2wnd.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[664]jusched.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[664]jusched.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[664]jusched.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[664]jusched.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[664]jusched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[664]jusched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[664]jusched.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[664]jusched.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[664]jusched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[664]jusched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[664]jusched.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[664]jusched.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[664]jusched.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[664]jusched.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[664]jusched.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[720]hpgs2wnf.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[720]hpgs2wnf.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[720]hpgs2wnf.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[720]hpgs2wnf.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[720]hpgs2wnf.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[720]hpgs2wnf.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[720]hpgs2wnf.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[720]hpgs2wnf.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[720]hpgs2wnf.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[720]hpgs2wnf.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[720]hpgs2wnf.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[720]hpgs2wnf.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[720]hpgs2wnf.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[720]hpgs2wnf.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[720]hpgs2wnf.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[728]AGRSMMSG.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[728]AGRSMMSG.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[728]AGRSMMSG.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[728]AGRSMMSG.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[728]AGRSMMSG.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[728]AGRSMMSG.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[728]AGRSMMSG.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[728]AGRSMMSG.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[728]AGRSMMSG.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[728]AGRSMMSG.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[728]AGRSMMSG.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[728]AGRSMMSG.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[728]AGRSMMSG.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[728]AGRSMMSG.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[728]AGRSMMSG.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[796]iTunesHelper.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[796]iTunesHelper.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[796]iTunesHelper.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[796]iTunesHelper.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[796]iTunesHelper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[796]iTunesHelper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[796]iTunesHelper.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[796]iTunesHelper.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[796]iTunesHelper.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[796]iTunesHelper.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[796]iTunesHelper.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[796]iTunesHelper.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[796]iTunesHelper.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[796]iTunesHelper.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[796]iTunesHelper.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[820]GoogleToolbarNotifier.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[820]GoogleToolbarNotifier.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[820]GoogleToolbarNotifier.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[820]GoogleToolbarNotifier.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[820]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[820]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[820]GoogleToolbarNotifier.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[820]GoogleToolbarNotifier.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[820]GoogleToolbarNotifier.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[820]GoogleToolbarNotifier.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[820]GoogleToolbarNotifier.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[820]GoogleToolbarNotifier.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[820]GoogleToolbarNotifier.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[820]GoogleToolbarNotifier.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[820]GoogleToolbarNotifier.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[924]btwdins.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[924]btwdins.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[924]btwdins.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[924]btwdins.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[924]btwdins.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[924]btwdins.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[924]btwdins.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[924]btwdins.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[924]btwdins.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[924]btwdins.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[924]btwdins.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[924]btwdins.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[924]btwdins.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[924]btwdins.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[924]btwdins.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[968]winlogon.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[968]winlogon.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[968]winlogon.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[968]winlogon.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[968]winlogon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[968]winlogon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[968]winlogon.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[968]winlogon.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[968]winlogon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[968]winlogon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[968]winlogon.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[968]winlogon.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[968]winlogon.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[968]winlogon.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[968]winlogon.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]
[992]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x77E37101-->00000000 [snxhk.dll]
[992]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x77E37189-->00000000 [snxhk.dll]
[992]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x77E36E69-->00000000 [snxhk.dll]
[992]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x77E37001-->00000000 [snxhk.dll]
[992]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E37211-->00000000 [snxhk.dll]
[992]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E373A9-->00000000 [snxhk.dll]
[992]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x77E374B1-->00000000 [snxhk.dll]
[992]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x77E36D81-->00000000 [snxhk.dll]
[992]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [snxhk.dll]
[992]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91738B-->00000000 [snxhk.dll]
[992]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x7E431211-->00000000 [snxhk.dll]
[992]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [snxhk.dll]
[992]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x7E4317F7-->00000000 [snxhk.dll]
[992]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [snxhk.dll]
[992]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7E4318AC-->00000000 [snxhk.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:08 AM

Posted 28 January 2011 - 08:38 PM

Hi

Please do the following:

Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.

Double click the file to run it and follow any prompts.

If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.

Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.

*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.

Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.

Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.


**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:08 AM

Posted 05 February 2011 - 10:01 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users