Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Im infected with a malware.


  • This topic is locked This topic is locked
18 replies to this topic

#1 van1313van

van1313van

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 04 February 2011 - 09:28 AM

Hello guys im Van
i tried to connect to a network using hamachi and i got infected with a virus.
heres my DSS log. Thanks!


DDS (Ver_10-12-12.02) - NTFSx86
Run by Van at 2:19:05.84 on Sat 01/01/2005
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.66 [GMT 8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Van\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
uDefault_Search_URL = hxxp://google.com
mSearch Page = ${URL_SEARCHPAGE}
mStart Page = hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {F2257711-226B-4529-8E1D-E82E1C55EBD8} - No File
uRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe
uRun: [sysinfo] c:\windows\system32\rundll32.exe c:\docume~1\van\locals~1\temp\1888752816Wsy.dll,Sets
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [EPSON Stylus C45 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C45"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
dRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe
dRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
dRunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoSMHelp = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: DisableCAD = 1 (0x1)
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: WB - c:\program files\alienguise\fastload.dll
mASetup: {JAXH5P2A-A873-A055-J1HO-EU345RK8J1SN} - c:\windows\system32\install\svchost.exe Restart

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\van\applic~1\mozilla\firefox\profiles\g322255l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q=
FF - component: c:\documents and settings\van\application data\mozilla\firefox\profiles\g322255l.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\documents and settings\van\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Past Modern: {81514210-E22A-4e69-93D5-E1EFD45B4620} - %profile%\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}
FF - Ext: ANTHEM: {07b2a769-ed19-4483-87ce-c643914c9626} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
FF - Ext: Aeon: {ded0fc70-7215-4802-afeb-b2982d3e7225} - %profile%\extensions\{ded0fc70-7215-4802-afeb-b2982d3e7225}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2005-1-1 294608]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-3-19 13696]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2005-1-1 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2005-1-1 40384]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-29 12672]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-12-6 1238408]
S2 gupdate1ca634762019d82;Google Update Service (gupdate1ca634762019d82);c:\program files\google\update\GoogleUpdate.exe [2009-11-12 133104]
S3 ALIENZDRVR;ALIENZDRVR;\??\c:\documents and settings\van\my documents\downloads\pangya\radical engin server\alienz32.sys --> c:\documents and settings\van\my documents\downloads\pangya\radical engin server\Alienz32.sys [?]
S3 GarenaPEngine;GarenaPEngine;c:\docume~1\van\locals~1\temp\PUE4.tmp [2005-1-1 25616]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2005-1-1 34688]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 SoRa_DRIVER53;SoRa_DRIVER53;\??\d:\haha\sora 4.6\sora_.sys --> d:\haha\sora 4.6\SoRa_.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== File Associations ===============

inifile=c:\windows\system32\NOTEPAD2.EXE %1
txtfile=c:\windows\system32\NOTEPAD2.EXE %1

=============== Created Last 30 ================

2010-08-16 23:28:20 614477 ----a-w- c:\windows\system32\vorbis.acm
2010-06-18 10:47:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-06-08 03:10:12 -------- d-----w- c:\program files\Business Objects
2010-06-08 03:03:58 -------- d-----w- c:\program files\Microsoft Device Emulator
2010-06-08 03:00:45 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2010-06-08 02:57:33 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-06-08 02:57:33 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-08 02:49:45 18368 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vsa\9.0\1033\ResourceCache.dll
2010-06-08 02:49:31 2060160 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\visualstudio\9.0\1033\ResourceCache.dll
2010-06-08 02:40:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\PreEmptive Solutions
2010-06-08 02:22:39 -------- d-----w- c:\program files\HTML Help Workshop
2010-06-08 02:22:39 -------- d-----w- c:\program files\common files\Merge Modules
2010-06-08 02:22:38 -------- d-----w- c:\program files\CE Remote Tools
2010-06-08 02:20:00 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2010-06-08 02:17:22 97296 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1036.dll
2010-06-08 02:17:22 96272 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.3082.dll
2010-06-08 02:17:22 96272 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1031.dll
2010-06-08 02:17:22 95248 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1040.dll
2010-06-08 02:17:22 91152 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1033.dll
2010-06-08 02:17:22 81424 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1041.dll
2010-06-08 02:17:22 79888 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1042.dll
2010-06-08 02:17:22 76304 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1028.dll
2010-06-08 02:17:22 75792 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.2052.dll
2010-06-08 02:17:22 562688 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.exe
2010-06-05 10:49:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-05 10:49:19 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-06-05 10:49:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-05 06:29:35 -------- d-----w- c:\program files\iPod
2010-06-05 06:29:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-06-05 06:19:20 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-06-05 06:11:07 -------- d-----w- C:\ELogbook
2010-06-05 06:00:38 -------- d-----w- c:\docume~1\van\locals~1\applic~1\OpenCandy
2010-06-05 06:00:16 -------- d-----w- c:\docume~1\van\applic~1\OpenCandy
2010-04-05 11:55:34 165376 ----a-w- c:\windows\system32\unrar.dll
2010-04-05 11:55:30 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-04-05 11:55:29 39936 ----a-w- c:\windows\system32\huffyuv.dll
2010-04-05 11:55:29 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-04-05 11:55:28 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-04-05 11:55:28 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2010-04-05 11:55:27 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-04-05 11:55:21 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-04-05 11:37:53 -------- d-----w- c:\docume~1\van\locals~1\applic~1\Conduit
2010-04-05 11:37:52 -------- d-----w- c:\docume~1\van\locals~1\applic~1\Feboz
2010-03-24 02:22:54 -------- d-----w- c:\windows\.jagex_cache_32
2010-03-13 07:09:20 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2010-03-13 07:09:20 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2010-03-13 07:09:20 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2010-03-13 07:09:20 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2010-03-13 07:06:43 -------- d-----w- c:\program files\HP
2010-02-26 00:02:21 -------- d-----w- c:\program files\Conduit
2010-02-26 00:02:19 -------- d-----w- c:\program files\Feboz
2010-02-24 04:06:02 -------- d-----w- c:\program files\Microsoft SQL Server 2005 Mobile Edition
2010-02-21 18:30:22 -------- d-----w- c:\program files\LimeWire
2010-02-21 18:16:36 1298432 ------w- c:\windows\UNNMP.exe
2010-02-21 18:14:54 106496 ----a-r- c:\windows\system32\TwnLib20.dll
2010-02-21 18:14:43 155648 ----a-r- c:\windows\system32\NeroCheck.exe
2010-02-21 18:13:41 2306048 ------w- c:\windows\UNNeroVision.exe
2010-02-21 18:13:05 544768 ------w- c:\windows\system32\imagx5.dll
2010-02-21 18:13:05 38912 ------w- c:\windows\system32\picn20.dll
2010-02-21 18:13:04 569344 ------w- c:\windows\system32\imagr5.dll
2010-02-21 18:13:03 283920 ------w- c:\windows\system32\ImagXpr5.dll
2010-01-31 09:22:09 53248 ----a-r- c:\windows\system32\VTTimer.exe
2010-01-31 09:22:09 40960 ----a-r- c:\windows\system32\VModes.exe
2010-01-31 09:22:09 147456 ----a-r- c:\windows\system32\VTTrayp.exe
2010-01-31 09:22:08 397312 ----a-r- c:\windows\system32\VTovrlay.dll
2010-01-31 09:22:08 262144 ----a-r- c:\windows\system32\VTInfo2.dll
2010-01-31 09:22:07 495616 ----a-r- c:\windows\system32\VTDisply.dll
2010-01-31 09:22:07 360448 ----a-r- c:\windows\system32\VTGamma2.dll
2010-01-31 09:22:02 1875968 ----a-r- c:\windows\system32\vticd.dll
2010-01-31 09:22:00 3488000 ----a-r- c:\windows\system32\vtdisp.dll
2010-01-31 09:22:00 227456 ----a-r- c:\windows\system32\drivers\vtmini.sys
2010-01-29 14:19:52 77312 ----a-w- C:\mbr.exe
2010-01-23 01:04:26 -------- d-----w- c:\documents and settings\van\DoctorWeb
2010-01-22 15:16:03 1279968 ----a-w- c:\windows\system32\asw4B.tmp
2010-01-22 12:50:01 -------- d-----w- c:\docume~1\van\locals~1\applic~1\Stardock
2010-01-21 21:41:23 77312 ----a-w- c:\windows\MBR.exe
2010-01-21 21:41:22 98816 ----a-w- c:\windows\sed.exe
2010-01-21 21:41:22 261632 ----a-w- c:\windows\PEV.exe
2010-01-21 21:41:22 161792 ----a-w- c:\windows\SWREG.exe
2010-01-21 01:27:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-01-19 18:28:59 105 ----a-w- c:\docume~1\van\applic~1\netstat.bat
2010-01-19 14:56:48 608448 ----a-w- c:\windows\system32\COMCTL32.OCX
2010-01-18 23:37:03 -------- d-----w- c:\docume~1\van\applic~1\FreeFixer
2010-01-18 23:37:01 -------- d-----w- c:\docume~1\van\locals~1\applic~1\FreeFixer
2010-01-18 23:32:45 -------- d-----w- c:\program files\FreeFixer
2010-01-18 12:36:23 -------- d-----w- c:\docume~1\van\locals~1\applic~1\AVG Security Toolbar
2010-01-18 10:13:49 -------- d-----w- C:\$AVG
2010-01-10 10:37:46 -------- d-----w- c:\docume~1\van\applic~1\MiKTeX
2010-01-10 10:35:15 -------- d-----w- c:\docume~1\van\locals~1\applic~1\MiKTeX
2010-01-09 11:56:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\MiKTeX
2010-01-09 11:53:14 -------- d-----w- c:\program files\MiKTeX 2.8
2009-12-19 09:36:55 299008 ----a-w- c:\windows\uninst.exe
2009-12-09 12:28:00 140800 ----a-w- c:\windows\system32\tm20dec.ax
2009-12-09 12:27:49 -------- d-----w- c:\documents and settings\van\WINDOWS
2009-12-02 06:57:25 -------- d-----w- c:\program files\Veoh Networks
2009-12-02 03:23:33 -------- d-----w- c:\docume~1\van\applic~1\fofix
2009-12-01 11:45:18 -------- d-----w- c:\docume~1\van\applic~1\fretsonfire
2009-11-29 11:15:16 -------- d-----w- c:\docume~1\van\locals~1\applic~1\Macromedia
2009-11-29 11:05:36 -------- d-----w- c:\program files\Macromedia
2009-11-29 11:05:36 -------- d-----w- c:\program files\common files\Macromedia
2009-11-29 11:04:40 180224 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\iGdiCnv.dll
2009-11-29 11:04:39 266240 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IScrCnv.dll
2009-11-29 11:04:38 32768 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\objpscnv.dll
2009-11-29 11:04:32 409600 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\ISRT.dll
2009-11-29 11:04:29 172032 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IUserCnv.dll
2009-11-29 11:04:26 761856 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IDriver.exe
2009-11-29 11:04:25 540772 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\_ISRES1033.dll
2009-11-27 12:11:03 -------- d-----w- c:\docume~1\van\locals~1\applic~1\Deployment
2009-11-17 12:41:15 -------- d-----w- c:\docume~1\van\locals~1\applic~1\Temp
2009-11-15 00:46:53 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-11-14 11:18:44 -------- d-----w- c:\windows\NV38203612.TMP
2009-11-14 11:08:42 -------- d-----w- c:\windows\NV9883288.TMP
2009-11-13 15:16:44 -------- d-----w- c:\docume~1\van\applic~1\Electronic Arts
2009-11-13 06:36:59 -------- d-----w- c:\program files\DirectVobSub
2009-11-12 03:21:56 -------- d-----w- c:\program files\common files\DivX Shared
2009-11-12 03:21:53 -------- d-----w- c:\program files\DivX
2009-11-11 00:56:57 90112 ----a-w- c:\windows\unvise32.exe
2009-11-11 00:49:33 -------- d-----w- C:\NVIDIA
2009-11-11 00:14:11 -------- d-----w- c:\windows\nview
2009-11-11 00:14:10 446464 ----a-w- c:\windows\system32\nvudisp.exe
2009-11-11 00:13:45 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-11 00:13:41 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2009-11-11 00:13:41 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2009-11-11 00:13:41 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2009-11-11 00:13:41 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2009-11-11 00:13:41 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2009-11-11 00:13:35 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2009-11-11 00:13:34 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2009-11-11 00:11:20 16176 ------w- c:\windows\system32\drivers\NVXBAR.SYS
2009-11-11 00:11:17 29696 ------w- c:\windows\system32\FILTER.AX
2009-11-11 00:11:17 141246 ------w- c:\windows\system32\drivers\NVCAP.SYS
2009-11-10 06:42:01 217088 ----a-w- c:\windows\system32\libmySQL.dll
2009-11-10 06:42:01 102400 ----a-w- c:\windows\system32\TrackerNET.dll
2009-11-04 00:11:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Azureus
2009-11-04 00:11:19 -------- d-----w- c:\docume~1\van\applic~1\Azureus
2009-11-04 00:10:58 -------- d-----w- c:\program files\Vuze
2009-11-02 05:30:16 -------- d-----w- c:\program files\GameSpy Arcade
2009-11-02 05:29:57 -------- d-----w- c:\program files\MSXML 4.0
2009-10-24 12:41:39 -------- d-----w- c:\program files\PowerISO
2009-10-23 01:48:10 -------- d-----w- c:\docume~1\van\locals~1\applic~1\CAPCOM
2009-10-23 01:46:59 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-10-23 01:46:58 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-10-23 01:46:58 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2009-10-23 01:46:58 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2009-10-23 01:46:57 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2009-10-23 01:46:57 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-10-23 01:46:55 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-10-23 01:31:01 -------- d--h--w- c:\windows\msdownld.tmp
2009-10-18 11:22:44 -------- d-----w- c:\docume~1\van\locals~1\applic~1\Yahoo!
2009-10-15 13:36:25 -------- d-----w- c:\windows\system32\appmgmt
2009-10-15 12:33:34 -------- d-----w- c:\documents and settings\van\My VBB Projects
2009-10-15 12:33:34 -------- d-----w- c:\documents and settings\van\My Robodidactics Projects
2009-10-15 12:33:34 -------- d-----w- c:\documents and settings\van\My JavaCAM Projects
2009-10-15 12:32:04 -------- d-----w- C:\VBB3
2009-10-03 02:42:51 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-10-03 02:42:51 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-10-01 04:26:05 -------- d-----w- c:\docume~1\van\locals~1\applic~1\Dota_Fighters
2009-10-01 04:26:05 -------- d-----w- c:\docume~1\van\applic~1\Dota_Fighters
2009-09-30 00:52:12 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-29 15:34:23 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2009-09-29 15:34:22 -------- d-----w- c:\program files\CPUID
2009-09-28 05:47:47 115016 ----a-r- c:\windows\system32\MSINET.OCX
2009-09-28 05:47:39 69632 ----a-r- c:\windows\system32\xmltok.dll
2009-09-28 05:47:39 36864 ----a-r- c:\windows\system32\xmlparse.dll
2009-09-28 05:47:39 35840 ----a-r- c:\windows\system32\comdlg32.oca
2009-09-28 05:47:39 140488 ----a-r- c:\windows\system32\comdlg32.ocx
2009-09-28 05:47:38 26096 ----a-r- c:\windows\system32\xmlinst.exe
2009-09-28 05:47:38 24576 ----a-r- c:\windows\system32\msxml3a.dll
2009-09-28 05:47:37 89360 ----a-r- c:\windows\system32\VB5DB.DLL
2009-09-28 05:47:37 29184 ----a-r- c:\windows\system32\MSINET.oca
2009-09-25 16:41:34 98304 ----a-w- c:\program files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
2009-09-25 11:50:11 -------- d-----w- C:\Downloads
2009-09-23 05:01:53 -------- d-----w- c:\program files\Software Informer
2009-09-23 05:01:53 -------- d-----w- c:\docume~1\van\applic~1\Software Informer
2009-09-23 05:01:46 -------- d-----w- c:\docume~1\van\applic~1\Free Download Manager
2009-09-23 05:01:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\FreeDownloadManager.ORG
2009-09-23 05:01:36 -------- d-----w- c:\program files\Free Download Manager
2009-09-20 11:12:34 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2009-09-20 11:12:34 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2009-09-20 11:12:34 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2009-09-20 11:12:34 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2009-09-20 11:12:12 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2009-09-20 11:12:10 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2009-09-19 00:59:09 -------- d-----w- c:\docume~1\van\applic~1\BitTorrent
2009-09-19 00:58:52 -------- d-----w- c:\program files\BitTorrent
2009-09-18 00:25:20 -------- d-----w- c:\windows\system32\Adobe
2009-09-13 15:29:43 4096 ----a-w- c:\windows\system32\detoured.dll
2009-09-12 05:16:57 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-09-12 05:16:57 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-09-12 05:16:54 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-09-12 05:16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-09-12 05:16:47 -------- d-----w- c:\windows\Logs
2009-09-04 20:43:41 45328 ----a-w- c:\program files\common files\microsoft shared\replication manager 4.0\mstran40.exe
2009-09-04 20:43:41 37136 ----a-w- c:\program files\common files\microsoft shared\replication manager 4.0\mstrai40.exe
2009-09-04 20:43:40 74000 ----a-w- c:\program files\common files\microsoft shared\replication manager 4.0\msrpfs40.dll
2009-09-04 17:54:48 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-09-04 17:54:48 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-08-31 02:07:51 -------- d-----w- c:\program files\Audacity
2009-08-29 18:12:11 719872 ----a-w- c:\windows\system32\devil.dll
2009-08-29 18:12:11 318976 ----a-w- c:\windows\system32\avisynth.dll
2009-08-29 18:12:10 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2009-08-29 18:12:10 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-08-29 18:12:10 27648 ----a-w- c:\windows\system32\AVSredirect.dll
2009-08-29 18:12:10 -------- d-----w- c:\program files\AviSynth 2.5
2009-08-21 15:05:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\PopCap Games
2009-08-01 23:58:31 -------- d-----w- c:\windows\system32\Events
2009-07-31 03:00:18 -------- d-----w- c:\docume~1\van\locals~1\applic~1\Help
2009-07-28 04:47:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-07-28 04:42:20 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-28 04:42:15 -------- d-----w- c:\docume~1\van\applic~1\DAEMON Tools Pro
2009-07-27 02:43:18 58908 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-07-16 05:57:17 -------- d-----w- c:\docume~1\van\applic~1\Sunbelt
2009-07-16 05:57:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt
2009-07-16 05:57:08 -------- d-----w- c:\program files\Sunbelt Software
2009-07-16 05:44:00 -------- d-----w- c:\program files\Trend Micro
2009-07-15 05:00:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-07-15 05:00:16 -------- d-----w- c:\program files\Security Task Manager
2009-07-12 04:11:20 670016 ----a-w- c:\program files\common files\microsoft shared\vc\msdia90.dll
2009-07-11 22:01:53 -------- d-----w- c:\program files\Microsoft SQL Server
2009-07-11 22:00:55 193824 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vbexpress\9.0\1033\ResourceCache.dll
2009-07-11 21:59:29 416 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\msdn\9.0\1033\ResourceCache.dll
2009-07-11 21:53:41 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-11 21:53:10 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-07-11 21:52:51 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-11 21:52:51 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-11 21:52:51 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-07-11 21:52:51 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-11 21:52:49 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-11 21:52:49 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-11 21:52:47 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-11 21:52:47 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-11 21:52:43 -------- d-----w- C:\1a6b86c497266736251b92
2009-07-11 21:48:12 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-07-11 13:37:20 641536 ----a-w- c:\program files\common files\microsoft shared\vc\msdia80.dll
2009-06-26 14:46:22 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-06-26 14:46:19 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-06-26 14:46:18 16384 ----a-w- c:\windows\system32\ipsink.ax
2009-06-26 14:46:18 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-06-26 14:46:17 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-06-26 14:46:14 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-06-26 14:46:12 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-06-26 14:46:10 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-06-26 14:45:59 90624 ----a-w- c:\windows\system32\kswdmcap.ax
2009-06-26 14:45:59 61952 ----a-w- c:\windows\system32\kstvtune.ax
2009-06-26 14:45:59 43008 ----a-w- c:\windows\system32\ksxbar.ax
2009-06-26 14:45:59 28672 ----a-w- c:\windows\system32\vidcap.ax
2009-06-26 14:45:58 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-06-26 14:41:54 94208 ----a-w- c:\windows\amcap.exe
2009-06-26 14:37:51 -------- d-----w- c:\program files\PC Camera
2009-06-26 14:37:51 -------- d-----w- c:\program files\common files\PCCamera
2009-06-26 04:06:34 -------- d-----r- c:\program files\Skype
2009-06-24 14:39:26 1003520 ----a-w- c:\windows\system32\VSFilter.dll
2009-06-14 01:01:56 -------- d-----w- c:\program files\bfgclient
2009-06-14 00:42:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\BigFishGamesCache
2009-05-30 21:38:00 -------- d-----w- c:\program files\common files\Macrovision Shared
2009-05-29 19:33:10 -------- d-----w- c:\program files\Data Design Interactive
2009-05-28 23:00:00 -------- d-----w- c:\program files\Microsoft Games
2009-05-28 22:44:39 -------- d-----w- c:\docume~1\van\applic~1\Activision
2009-05-28 21:54:16 -------- d-sh--w- c:\windows\ftpcache
2009-05-25 17:31:04 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-05-25 17:30:20 -------- d-----w- c:\docume~1\van\locals~1\applic~1\Microsoft Help
2009-05-25 17:11:11 -------- d-----w- c:\program files\Zuma Deluxe
2009-05-21 00:59:33 -------- d-----w- c:\program files\Elaborate Bytes
2009-05-19 02:53:37 -------- d-s---w- c:\documents and settings\van\UserData
2009-05-09 02:02:18 -------- d-----w- c:\program files\Koloroo
2009-04-30 01:24:26 -------- d-----w- c:\docume~1\van\applic~1\CopyTransControlCenter
2009-04-30 01:24:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\CopyTransControlCenter
2009-04-19 11:36:50 -------- d-----w- c:\docume~1\van\locals~1\applic~1\Yahoo
2009-04-19 05:17:59 -------- d-----w- c:\program files\Persona
2009-04-18 18:08:23 -------- d-----w- c:\program files\Calc98
2009-04-17 02:00:50 -------- d-----w- c:\program files\common files\DirectX
2009-04-11 18:21:25 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-04-09 22:52:40 -------- d--h--w- c:\windows\PIF
2009-04-08 21:12:41 73728 ----a-w- c:\windows\system32\Nakedd3d hook.dll
2009-04-08 19:52:32 3473644 ----a-w- c:\windows\system32\GameMon.des
2009-04-08 19:50:23 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2009-04-08 19:50:23 4682 ----a-w- c:\windows\system32\npptNT2.sys
2009-04-08 19:48:55 -------- d-----w- c:\program files\common files\INCA Shared
2009-04-08 19:14:13 -------- d-----w- c:\program files\MYGAME
2009-04-08 19:14:10 -------- d-----w- c:\program files\MYGAME Launcher
2009-04-01 17:20:35 -------- d-----w- c:\docume~1\van\locals~1\applic~1\Identities
2009-03-31 16:36:56 -------- d-----w- c:\program files\Level Up
2009-03-30 23:31:53 -------- d-----w- c:\docume~1\van\applic~1\FrostWire
2009-03-30 06:24:34 -------- d-----w- c:\docume~1\van\locals~1\applic~1\Adobe
2009-03-25 07:49:20 -------- d-----w- c:\windows\pss
2009-03-22 04:06:04 2297552 ----a-w- c:\windows\system\d3dx9_26.dll
2009-03-22 03:53:25 -------- d-----w- c:\program files\common files\EasyInfo
2009-03-20 02:26:55 -------- d-----w- c:\program files\Cheat Engine

==================== Find3M ====================

2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
2009-12-09 02:33:14 6144 ----a-w- c:\windows\system32\fingercap.dll
2009-12-09 02:33:14 43520 ----a-w- c:\windows\system32\libusb0.dll
2009-12-09 02:33:14 43008 ----a-w- c:\windows\system32\libusb0_x64.dll
2009-09-04 09:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 09:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 09:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 09:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 09:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 09:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 09:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 09:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-03-19 11:05:37 107132 ----a-w- c:\windows\UninstallFirefox.exe
2009-03-19 11:04:48 107132 ----a-w- c:\windows\UninstallThunderbird.exe
2009-03-16 06:18:32 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-03-16 06:18:32 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-03-16 06:18:32 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-03-09 07:27:22 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-03-09 07:27:22 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-03-09 07:27:22 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2008-12-19 16:26:06 2625536 ----a-w- c:\windows\system32\ffdshow.ax
2008-12-19 15:15:58 4338246 ----a-w- c:\windows\system32\libavcodec.dll
2008-12-17 17:41:18 884237 ----a-w- c:\windows\system32\ff_x264.dll
2008-12-17 17:22:58 93184 ----a-w- c:\windows\system32\ff_wmv9.dll
2008-12-17 17:22:48 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2008-12-17 17:17:34 239247 ----a-w- c:\windows\system32\ff_theora.dll
2008-12-17 16:59:54 560802 ----a-w- c:\windows\system32\libmplayer.dll
2008-12-12 03:18:16 87336 ----a-w- c:\windows\system32\dns-sd.exe
2008-12-12 03:11:46 61440 ----a-w- c:\windows\system32\dnssd.dll
2008-10-27 02:04:18 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2008-10-27 02:04:16 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2008-10-27 02:04:16 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2008-10-27 02:04:14 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2008-07-31 02:41:54 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2008-07-31 02:41:52 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2008-07-31 02:40:32 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2008-07-31 02:16:54 947472 ----a-w- c:\windows\system32\msjava.dll
2008-07-30 04:10:04 73720 ----a-w- c:\windows\system32\dxva2.dll
2008-07-30 04:10:04 493048 ----a-w- c:\windows\system32\evr.dll
2008-07-30 04:10:04 26112 ----a-w- c:\windows\system32\TsWpfWrp.exe
2008-07-30 03:35:46 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2008-07-30 02:59:58 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2008-07-30 02:59:58 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2008-07-30 02:59:58 161296 ----a-w- c:\windows\system32\UIAutomationCore.dll
2008-07-30 02:59:58 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-30 02:24:50 97800 ----a-w- c:\windows\system32\infocardapi.dll
2008-07-30 02:24:50 622080 ----a-w- c:\windows\system32\icardagt.exe
2008-07-30 02:24:50 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2008-07-30 02:24:50 11264 ----a-w- c:\windows\system32\icardres.dll
2008-07-29 12:49:58 586240 ----a-w- c:\windows\system32\icardres.dll.mui
2008-07-25 18:16:58 83968 ----a-w- c:\windows\system32\mscories.dll
2008-07-25 18:16:58 282112 ----a-w- c:\windows\system32\mscoree.dll
2008-07-25 18:16:58 158720 ----a-w- c:\windows\system32\mscorier.dll
2008-07-25 18:16:46 96760 ----a-w- c:\windows\system32\dfshim.dll
2008-07-10 09:49:38 215576 ----a-w- c:\windows\system32\SqlServerSpatial.dll
2008-07-10 03:01:00 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2008-07-10 03:00:58 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2008-07-10 03:00:58 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2008-07-09 09:05:50 421888 ----a-w- c:\windows\system32\ac3filter.acm
2008-05-30 06:19:18 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2008-05-30 06:18:52 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2008-05-30 06:17:30 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2008-05-30 06:17:00 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2008-05-30 06:11:46 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2008-05-30 06:11:46 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2008-05-30 06:11:46 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2008-04-17 05:12:54 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2008-03-05 08:03:54 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2008-03-05 08:03:20 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2008-03-05 08:00:06 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2008-03-05 07:56:58 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2008-03-05 07:56:58 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2008-02-05 15:07:36 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2007-11-08 00:19:22 847112 ----a-w- c:\windows\system32\hha.dll
2007-11-08 00:19:22 129024 ----a-w- c:\windows\system32\msstdfmt.dll
2007-11-07 17:26:42 228872 ----a-w- c:\windows\system32\vsjitdebugger.exe
2007-10-21 19:39:54 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2007-10-21 19:37:16 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2007-10-12 07:14:00 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2007-10-12 07:14:00 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2007-10-07 22:15:42 380928 ----a-w- c:\windows\system32\AviSplitter.ax
2007-10-07 21:38:36 1195888 ----a-w- c:\windows\system32\FM20.DLL
2007-10-02 01:56:34 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2007-09-18 14:29:08 446464 ----a-w- c:\windows\system32\MatroskaSplitter.ax
2007-09-18 14:27:38 434176 ----a-w- c:\windows\system32\RealMediaSplitter.ax
2007-07-19 16:57:12 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2007-07-19 10:14:42 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2007-07-19 10:14:42 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2007-07-19 10:14:42 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2007-06-20 12:46:04 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2007-05-16 08:45:16 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2007-05-16 08:45:16 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2007-05-16 08:45:16 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2007-04-04 10:55:00 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2007-03-15 08:57:58 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2007-03-12 08:42:30 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2006-11-02 16:10:16 80912 ----a-w- c:\windows\system32\sherlock2.exe
2006-10-26 21:10:06 33088 ----a-w- c:\windows\system32\FM20ENU.DLL

============= FINISH: 2:21:54.76 ===============

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 PM

Posted 07 February 2011 - 03:51 PM

Hi,

Please do the following:


Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
  • Double click the exe file.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 van1313van

van1313van
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 08 February 2011 - 06:22 AM

Hi! Thanks for your reply.
Sorry but i cannot complete the GMER scan because it stops while scanning halfway.
and i need to reboot the computer to try again. It stops while scanning Alwil/Avast.
i tried to turn it off but it still stops. Thanks again

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 PM

Posted 08 February 2011 - 12:29 PM

Hi,

Try this scanner instead:

Please download Rootkit Unhooker and save it on your desktop.
  • Disable your security programs
  • Double click RKUnhookerLE.exe to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then click File > Save Report
  • Save the report to your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.
Note - You may get this warning it is ok, just ignore it:
  • "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 van1313van

van1313van
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 08 February 2011 - 07:16 PM

The link you gave me did not work so i downloaded from a different site http://www.antirootkit.com/software/RootKit-Unhooker.htm

heres the report you requested.. Thanks!

RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.7.300.509
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>Drivers
Driver: C:\WINDOWS\System32\vtdisp.dll
Address: 0xBF012000
Size: 3489792 bytes

Driver: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Address: 0xF0353000
Size: 2285568 bytes

Driver: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000
Size: 2057344 bytes

Driver: PnpManager
Address: 0x804D7000
Size: 2057344 bytes

Driver: RAW
Address: 0x804D7000
Size: 2057344 bytes

Driver: WMIxWDM
Address: 0x804D7000
Size: 2057344 bytes

Driver: Win32k
Address: 0xBF800000
Size: 1843200 bytes

Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1843200 bytes

Driver: PCI_PNP6548
Address: 0xF741A000
Size: 1052672 bytes

Driver: spcy.sys
Address: 0xF741A000
Size: 1052672 bytes

Driver: sptd
Address: 0xF741A000
Size: 1052672 bytes

Driver: Ntfs.sys
Address: 0xF7291000
Size: 577536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xEF0BF000
Size: 454656 bytes

Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xEF214000
Size: 360448 bytes

Driver: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xEE7D9000
Size: 335872 bytes

Driver: C:\WINDOWS\System32\Drivers\aswSP.SYS
Address: 0xEF078000
Size: 290816 bytes

Driver: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000
Size: 286720 bytes

Driver: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xEE196000
Size: 266240 bytes

Driver: C:\WINDOWS\system32\DRIVERS\vtmini.sys
Address: 0xF21AD000
Size: 229376 bytes

Driver: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF029F000
Size: 212992 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF02D3000
Size: 200704 bytes

Driver: ACPI.sys
Address: 0xF73D4000
Size: 188416 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xEE954000
Size: 184320 bytes

Driver: NDIS.sys
Address: 0xF7264000
Size: 184320 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xEF12E000
Size: 176128 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xEF1EC000
Size: 163840 bytes

Driver: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Address: 0xEE6C1000
Size: 163840 bytes

Driver: dmio.sys
Address: 0xF737E000
Size: 155648 bytes

Driver: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF032F000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF05A4000
Size: 143360 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF0581000
Size: 143360 bytes

Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xEF1A9000
Size: 139264 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xEF1CB000
Size: 135168 bytes

Driver: ACPI_HAL
Address: 0x806CE000
Size: 131712 bytes

Driver: C:\WINDOWS\system32\hal.dll
Address: 0x806CE000
Size: 131712 bytes

Driver: fltMgr.sys
Address: 0xF7347000
Size: 126976 bytes

Driver: ftdisk.sys
Address: 0xF73A4000
Size: 126976 bytes

Driver: Mup.sys
Address: 0xF724A000
Size: 106496 bytes

Driver: atapi.sys
Address: 0xF7366000
Size: 98304 bytes

Driver: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEF038000
Size: 98304 bytes

Driver: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xF7402000
Size: 98304 bytes

Driver: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Address: 0xEEAC1000
Size: 94208 bytes

Driver: KSecDD.sys
Address: 0xF731E000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF0304000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xEE38C000
Size: 86016 bytes

Driver: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF031B000
Size: 81920 bytes

Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF2199000
Size: 81920 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xEF26C000
Size: 77824 bytes

Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000
Size: 73728 bytes

Driver: sr.sys
Address: 0xF7335000
Size: 73728 bytes

Driver: C:\WINDOWS\System32\Drivers\adfs.SYS
Address: 0xEE943000
Size: 69632 bytes

Driver: pci.sys
Address: 0xF73C3000
Size: 69632 bytes

Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF28B6000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF6D14000
Size: 65536 bytes

Driver: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF6D44000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF77DC000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xF0E8A000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF76CC000
Size: 61440 bytes

Driver: C:\WINDOWS\System32\Drivers\SCDEmu.SYS
Address: 0xF1F2C000
Size: 57344 bytes

Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF787C000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF765C000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF785C000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF788C000
Size: 53248 bytes

Driver: VolSnap.sys
Address: 0xF763C000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF779C000
Size: 49152 bytes

Driver: C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
Address: 0xF6D34000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF784C000
Size: 45056 bytes

Driver: MountMgr.sys
Address: 0xF762C000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF769C000
Size: 45056 bytes

Driver: uagp35.sys
Address: 0xF766C000
Size: 45056 bytes

Driver: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Address: 0xF139D000
Size: 40960 bytes

Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF76AC000
Size: 40960 bytes

Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF76BC000
Size: 40960 bytes

Driver: disk.sys
Address: 0xF764C000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF1F9C000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF786C000
Size: 36864 bytes

Driver: isapnp.sys
Address: 0xF761C000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF1FAC000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF1F8C000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF1F6C000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF0639000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF79BC000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF789C000
Size: 28672 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF79CC000
Size: 28672 bytes

Driver: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Address: 0xF0B45000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xF7A0C000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF124B000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF1293000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYS
Address: 0xF78E4000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7964000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\aswRdr.SYS
Address: 0xF799C000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF0609000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\hamachi.sys
Address: 0xF1263000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7924000
Size: 20480 bytes

Driver: PartMgr.sys
Address: 0xF78A4000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF0B2D000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF0B15000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF0DBD000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF79EC000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xF125B000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\drivers\BIOS.sys
Address: 0xF720A000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\drivers\cpuz132_x32.sys
Address: 0xEE9B9000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF721A000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xEEBD4000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF720E000
Size: 16384 bytes

Driver: C:\WINDOWS\System32\Drivers\aswFsBlk.SYS
Address: 0xEF020000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7A2C000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF7ABC000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7AFC000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF1155000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF0B92000
Size: 8192 bytes

Driver: dmload.sys
Address: 0xF7B22000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B3A000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF0B94000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7B1C000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7B4C000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF0B8E000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7BBC000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7BC2000
Size: 8192 bytes

Driver: viaide.sys
Address: 0xF7B20000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xF7B1E000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7C78000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF1010000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7CBC000
Size: 4096 bytes

Driver: pciide.sys
Address: 0xF7BE4000
Size: 4096 bytes

Driver: unknown_irp_handler
Address: 0x84D891F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x84D8B1F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x84D8C1F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x84D8D1F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x84C211F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x84A7B1F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x84B711F8
Size: 3592 bytes

Driver: unknown_irp_handler
Address: 0x84A942E8
Size: 3352 bytes

Driver: unknown_irp_handler
Address: 0x84A07500
Size: 2816 bytes

Driver: unknown_irp_handler
Address: 0x849DA500
Size: 2816 bytes

==============================================
>Stealth
==============================================
>Hooks

ntkrnlpa.exe+0x0002A1C0, Type: Inline - RelativeJump at address 0x805011C0 hook handler located in [unknown_code_page]
ntkrnlpa.exe+0x0002A26C, Type: Inline - RelativeJump at address 0x8050126C hook handler located in [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002A338, Type: Inline - RelativeJump at address 0x80501338 hook handler located in [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002A380, Type: Inline - RelativeJump at address 0x80501380 hook handler located in [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002A420, Type: Inline - PushRet at address 0x80501420 hook handler located in [unknown_code_page]
ntkrnlpa.exe+0x0002A45C, Type: Inline - RelativeJump at address 0x8050145C hook handler located in [ntkrnlpa.exe]
ntkrnlpa.exe+0x00069D7A, Type: Inline - RelativeJump at address 0x80540D7A hook handler located in [ntkrnlpa.exe]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Inline - RelativeJump at address 0x805C5DCA hook handler located in [aswSP.SYS]
ntkrnlpa.exe-->NtCreateSection, Type: Inline - RelativeJump at address 0x8059F3AE hook handler located in [aswSP.SYS]
ntkrnlpa.exe-->NtLoadDriver, Type: Inline - RelativeJump at address 0x805784C2 hook handler located in [aswSP.SYS]
ntkrnlpa.exe-->ObInsertObject, Type: Inline - RelativeJump at address 0x805B7598 hook handler located in [aswSP.SYS]
ntkrnlpa.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump at address 0x805B08AA hook handler located in [aswSP.SYS]
[1020]inetinfo.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[1020]inetinfo.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[1020]inetinfo.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[1020]inetinfo.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[1020]inetinfo.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[1020]inetinfo.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[1020]inetinfo.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[1020]inetinfo.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[1020]inetinfo.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[1020]inetinfo.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[1020]inetinfo.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[1020]inetinfo.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[1020]inetinfo.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[1020]inetinfo.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[1020]inetinfo.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[1052]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[1052]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[1052]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[1052]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[1052]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[1052]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[1052]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[1052]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[1052]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[1052]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[1052]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[1052]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[1052]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[1052]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[1052]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[1116]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[1116]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[1116]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[1116]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[1116]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[1116]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[1116]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[1116]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[1116]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[1116]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[1116]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[1116]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[1116]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[1116]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[1116]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[1164]jqs.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[1164]jqs.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[1164]jqs.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[1164]jqs.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[1164]jqs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[1164]jqs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[1164]jqs.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[1164]jqs.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[1164]jqs.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[1164]jqs.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[1164]jqs.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[1164]jqs.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[1164]jqs.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[1164]jqs.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[1164]jqs.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[1288]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[1288]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[1288]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[1288]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[1288]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[1288]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[1288]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[1288]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[1288]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[1288]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[1288]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[1288]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[1288]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[1288]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[1288]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[1400]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet at address 0x7C810386 hook handler located in [unknown_code_page]
[1628]sqlservr.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[1628]sqlservr.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[1628]sqlservr.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[1628]sqlservr.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[1628]sqlservr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[1628]sqlservr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[1628]sqlservr.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[1628]sqlservr.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[1628]sqlservr.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[1628]sqlservr.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[1628]sqlservr.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[1628]sqlservr.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[1628]sqlservr.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[1628]sqlservr.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[1628]sqlservr.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[1900]sqlwriter.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[1900]sqlwriter.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[1900]sqlwriter.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[1900]sqlwriter.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[1900]sqlwriter.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[1900]sqlwriter.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[1900]sqlwriter.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[1900]sqlwriter.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[1900]sqlwriter.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[1900]sqlwriter.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[1900]sqlwriter.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[1900]sqlwriter.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[1900]sqlwriter.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[1900]sqlwriter.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[1900]sqlwriter.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[1916]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[1916]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[1916]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[1916]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[1916]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[1916]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[1916]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[1916]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[1916]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[1916]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[1916]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[1916]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[1916]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[1916]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[1916]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[1960]iPodService.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[1960]iPodService.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[1960]iPodService.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[1960]iPodService.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[1960]iPodService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[1960]iPodService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[1960]iPodService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[1960]iPodService.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[1960]iPodService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[1960]iPodService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[1960]iPodService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[1960]iPodService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[1960]iPodService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[1960]iPodService.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[1960]iPodService.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[2016]spoolsv.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[2016]spoolsv.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[2016]spoolsv.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[2016]spoolsv.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[2016]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[2016]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[2016]spoolsv.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[2016]spoolsv.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[2016]spoolsv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[2016]spoolsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[2016]spoolsv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[2016]spoolsv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[2016]spoolsv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[2016]spoolsv.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[2016]spoolsv.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[2368]alg.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[2368]alg.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[2368]alg.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[2368]alg.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[2368]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[2368]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[2368]alg.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[2368]alg.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[2368]alg.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[2368]alg.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[2368]alg.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[2368]alg.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[2368]alg.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[2368]alg.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[2368]alg.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[2904]wbload.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[2904]wbload.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[2904]wbload.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[2904]wbload.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[2904]wbload.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[2904]wbload.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[2904]wbload.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[2904]wbload.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[2904]wbload.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[2904]wbload.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[2904]wbload.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[2904]wbload.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[2904]wbload.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[2904]wbload.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[2904]wbload.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[3108]explorer.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[3108]explorer.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[3108]explorer.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[3108]explorer.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[3108]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[3108]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[3108]explorer.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[3108]explorer.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[3108]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll]
[3108]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification at address 0x010011D4 hook handler located in [wblind.dll]
[3108]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification at address 0x0100112C hook handler located in [wblind.dll]
[3108]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification at address 0x01001254 hook handler located in [wblind.dll]
[3108]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[3108]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[3108]explorer.exe-->user32.dll-->CallWindowProcW, Type: IAT modification at address 0x0100171C hook handler located in [wbhelp.dll]
[3108]explorer.exe-->user32.dll-->DeferWindowPos, Type: IAT modification at address 0x0100184C hook handler located in [wbhelp.dll]
[3108]explorer.exe-->user32.dll-->GetWindowPlacement, Type: IAT modification at address 0x010016F0 hook handler located in [wbhelp.dll]
[3108]explorer.exe-->user32.dll-->GetWindowRect, Type: IAT modification at address 0x01001920 hook handler located in [wbhelp.dll]
[3108]explorer.exe-->user32.dll-->LoadImageW, Type: IAT modification at address 0x010016F4 hook handler located in [wblind.dll]
[3108]explorer.exe-->user32.dll-->MoveWindow, Type: IAT modification at address 0x010016C0 hook handler located in [wbhelp.dll]
[3108]explorer.exe-->user32.dll-->SendMessageW, Type: IAT modification at address 0x0100174C hook handler located in [wblind.dll]
[3108]explorer.exe-->user32.dll-->SetWindowPlacement, Type: IAT modification at address 0x010016A4 hook handler located in [wbhelp.dll]
[3108]explorer.exe-->user32.dll-->SetWindowPos, Type: IAT modification at address 0x01001924 hook handler located in [wbhelp.dll]
[3108]explorer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[3108]explorer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[3108]explorer.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[3108]explorer.exe-->user32.dll-->TrackPopupMenu, Type: IAT modification at address 0x010017F0 hook handler located in [wblind.dll]
[3108]explorer.exe-->user32.dll-->TrackPopupMenuEx, Type: IAT modification at address 0x010017C8 hook handler located in [wblind.dll]
[3108]explorer.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[3108]explorer.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[3200]SOUNDMAN.EXE-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[3200]SOUNDMAN.EXE-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[3200]SOUNDMAN.EXE-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[3200]SOUNDMAN.EXE-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[3200]SOUNDMAN.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[3200]SOUNDMAN.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[3200]SOUNDMAN.EXE-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[3200]SOUNDMAN.EXE-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[3200]SOUNDMAN.EXE-->kernel32.dll-->LoadLibraryA, Type: IAT modification at address 0x00409160 hook handler located in [wblind.dll]
[3200]SOUNDMAN.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[3200]SOUNDMAN.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[3200]SOUNDMAN.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[3200]SOUNDMAN.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[3200]SOUNDMAN.EXE-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[3200]SOUNDMAN.EXE-->user32.dll-->TrackPopupMenu, Type: IAT modification at address 0x004091EC hook handler located in [wblind.dll]
[3200]SOUNDMAN.EXE-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[3200]SOUNDMAN.EXE-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[3296]VTTimer.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[3296]VTTimer.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[3296]VTTimer.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[3296]VTTimer.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[3296]VTTimer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[3296]VTTimer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[3296]VTTimer.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[3296]VTTimer.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[3296]VTTimer.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification at address 0x004090B8 hook handler located in [wblind.dll]
[3296]VTTimer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[3296]VTTimer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[3296]VTTimer.exe-->user32.dll-->SetWindowLongA, Type: IAT modification at address 0x00409190 hook handler located in [wbhelp.dll]
[3296]VTTimer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[3296]VTTimer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[3296]VTTimer.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[3296]VTTimer.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[3296]VTTimer.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[3304]VTTrayp.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[3304]VTTrayp.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[3304]VTTrayp.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[3304]VTTrayp.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[3304]VTTrayp.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[3304]VTTrayp.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[3304]VTTrayp.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[3304]VTTrayp.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[3304]VTTrayp.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification at address 0x004161D0 hook handler located in [wblind.dll]
[3304]VTTrayp.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[3304]VTTrayp.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[3304]VTTrayp.exe-->user32.dll-->DeferWindowPos, Type: IAT modification at address 0x00416308 hook handler located in [wbhelp.dll]
[3304]VTTrayp.exe-->user32.dll-->GetWindowRect, Type: IAT modification at address 0x00416304 hook handler located in [wbhelp.dll]
[3304]VTTrayp.exe-->user32.dll-->MoveWindow, Type: IAT modification at address 0x004162B8 hook handler located in [wbhelp.dll]
[3304]VTTrayp.exe-->user32.dll-->SetWindowLongA, Type: IAT modification at address 0x0041630C hook handler located in [wbhelp.dll]
[3304]VTTrayp.exe-->user32.dll-->SetWindowPos, Type: IAT modification at address 0x004162EC hook handler located in [wbhelp.dll]
[3304]VTTrayp.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[3304]VTTrayp.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[3304]VTTrayp.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[3304]VTTrayp.exe-->user32.dll-->TrackPopupMenu, Type: IAT modification at address 0x00416268 hook handler located in [wblind.dll]
[3304]VTTrayp.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[3304]VTTrayp.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[3332]hpcmpmgr.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[3332]hpcmpmgr.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[3332]hpcmpmgr.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[3332]hpcmpmgr.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[3332]hpcmpmgr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[3332]hpcmpmgr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[3332]hpcmpmgr.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[3332]hpcmpmgr.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[3332]hpcmpmgr.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification at address 0x004280E4 hook handler located in [wblind.dll]
[3332]hpcmpmgr.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification at address 0x00428190 hook handler located in [wblind.dll]
[3332]hpcmpmgr.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[3332]hpcmpmgr.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[3332]hpcmpmgr.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[3332]hpcmpmgr.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[3332]hpcmpmgr.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[3332]hpcmpmgr.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[3332]hpcmpmgr.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[3340]hpwuSchd2.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[3340]hpwuSchd2.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[3340]hpwuSchd2.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[3340]hpwuSchd2.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[3340]hpwuSchd2.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[3340]hpwuSchd2.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[3340]hpwuSchd2.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[3340]hpwuSchd2.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[3340]hpwuSchd2.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification at address 0x00407018 hook handler located in [wblind.dll]
[3340]hpwuSchd2.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[3340]hpwuSchd2.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[3340]hpwuSchd2.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[3340]hpwuSchd2.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[3340]hpwuSchd2.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[3340]hpwuSchd2.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[3340]hpwuSchd2.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[3356]iTunesHelper.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[3356]iTunesHelper.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[3356]iTunesHelper.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[3356]iTunesHelper.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[3356]iTunesHelper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[3356]iTunesHelper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[3356]iTunesHelper.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[3356]iTunesHelper.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[3356]iTunesHelper.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification at address 0x004080C8 hook handler located in [wblind.dll]
[3356]iTunesHelper.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification at address 0x00408014 hook handler located in [wblind.dll]
[3356]iTunesHelper.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[3356]iTunesHelper.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[3356]iTunesHelper.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[3356]iTunesHelper.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[3356]iTunesHelper.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[3356]iTunesHelper.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[3356]iTunesHelper.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[3364]AvastUI.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification at address 0x0068C1E8 hook handler located in [wblind.dll]
[3364]AvastUI.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification at address 0x0068C208 hook handler located in [wblind.dll]
[3364]AvastUI.exe-->user32.dll-->DeferWindowPos, Type: IAT modification at address 0x0068C868 hook handler located in [wbhelp.dll]
[3364]AvastUI.exe-->user32.dll-->GetWindowPlacement, Type: IAT modification at address 0x0068C830 hook handler located in [wbhelp.dll]
[3364]AvastUI.exe-->user32.dll-->GetWindowRect, Type: IAT modification at address 0x0068C904 hook handler located in [wbhelp.dll]
[3364]AvastUI.exe-->user32.dll-->MoveWindow, Type: IAT modification at address 0x0068C8D4 hook handler located in [wbhelp.dll]
[3364]AvastUI.exe-->user32.dll-->SetWindowLongA, Type: IAT modification at address 0x0068C83C hook handler located in [wbhelp.dll]
[3364]AvastUI.exe-->user32.dll-->SetWindowLongW, Type: IAT modification at address 0x0068C8B0 hook handler located in [wbhelp.dll]
[3364]AvastUI.exe-->user32.dll-->TrackPopupMenu, Type: IAT modification at address 0x0068C9F8 hook handler located in [wblind.dll]
[3380]jusched.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[3380]jusched.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[3380]jusched.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[3380]jusched.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[3380]jusched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[3380]jusched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[3380]jusched.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[3380]jusched.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[3380]jusched.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification at address 0x0042C138 hook handler located in [wblind.dll]
[3380]jusched.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification at address 0x0042C0F8 hook handler located in [wblind.dll]
[3380]jusched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[3380]jusched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[3380]jusched.exe-->user32.dll-->SetWindowLongA, Type: IAT modification at address 0x0042C28C hook handler located in [wbhelp.dll]
[3380]jusched.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[3380]jusched.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[3380]jusched.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[3380]jusched.exe-->user32.dll-->TrackPopupMenu, Type: IAT modification at address 0x0042C2B0 hook handler located in [wblind.dll]
[3380]jusched.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[3380]jusched.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[3388]hamachi-2-ui.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[3388]hamachi-2-ui.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[3388]hamachi-2-ui.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[3388]hamachi-2-ui.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[3388]hamachi-2-ui.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[3388]hamachi-2-ui.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[3388]hamachi-2-ui.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[3388]hamachi-2-ui.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[3388]hamachi-2-ui.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification at address 0x004F33AC hook handler located in [wblind.dll]
[3388]hamachi-2-ui.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification at address 0x004F3298 hook handler located in [wblind.dll]
[3388]hamachi-2-ui.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[3388]hamachi-2-ui.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[3388]hamachi-2-ui.exe-->user32.dll-->DeferWindowPos, Type: IAT modification at address 0x004F364C hook handler located in [wbhelp.dll]
[3388]hamachi-2-ui.exe-->user32.dll-->GetWindowPlacement, Type: IAT modification at address 0x004F3528 hook handler located in [wbhelp.dll]
[3388]hamachi-2-ui.exe-->user32.dll-->GetWindowRect, Type: IAT modification at address 0x004F36F8 hook handler located in [wbhelp.dll]
[3388]hamachi-2-ui.exe-->user32.dll-->MoveWindow, Type: IAT modification at address 0x004F3498 hook handler located in [wbhelp.dll]
[3388]hamachi-2-ui.exe-->user32.dll-->SetWindowLongW, Type: IAT modification at address 0x004F3590 hook handler located in [wbhelp.dll]
[3388]hamachi-2-ui.exe-->user32.dll-->SetWindowPos, Type: IAT modification at address 0x004F360C hook handler located in [wbhelp.dll]
[3388]hamachi-2-ui.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[3388]hamachi-2-ui.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[3388]hamachi-2-ui.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[3388]hamachi-2-ui.exe-->user32.dll-->TrackPopupMenu, Type: IAT modification at address 0x004F3504 hook handler located in [wblind.dll]
[3388]hamachi-2-ui.exe-->user32.dll-->TrackPopupMenuEx, Type: IAT modification at address 0x004F3500 hook handler located in [wblind.dll]
[3388]hamachi-2-ui.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[3388]hamachi-2-ui.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[3612]TaskSwitchXP.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[3612]TaskSwitchXP.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[3612]TaskSwitchXP.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[3612]TaskSwitchXP.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[3612]TaskSwitchXP.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[3612]TaskSwitchXP.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[3612]TaskSwitchXP.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[3612]TaskSwitchXP.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[3612]TaskSwitchXP.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[3612]TaskSwitchXP.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[3612]TaskSwitchXP.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[3612]TaskSwitchXP.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[3612]TaskSwitchXP.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[3612]TaskSwitchXP.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[3612]TaskSwitchXP.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[3640]rundll32.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[3640]rundll32.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[3640]rundll32.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[3640]rundll32.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[3640]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[3640]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[3640]rundll32.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[3640]rundll32.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[3640]rundll32.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification at address 0x01001034 hook handler located in [wblind.dll]
[3640]rundll32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[3640]rundll32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[3640]rundll32.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[3640]rundll32.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[3640]rundll32.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[3640]rundll32.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[3640]rundll32.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[3760]firefox.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[3760]firefox.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[3760]firefox.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[3760]firefox.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[3760]firefox.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[3760]firefox.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[3760]firefox.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[3760]firefox.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[3760]firefox.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification at address 0x00403034 hook handler located in [wblind.dll]
[3760]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[3760]firefox.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[3760]firefox.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[3760]firefox.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[3760]firefox.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[3760]firefox.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[3760]firefox.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[384]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[384]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[384]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[384]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[384]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[384]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[384]AppleMobileDeviceService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[384]AppleMobileDeviceService.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[384]AppleMobileDeviceService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[384]AppleMobileDeviceService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[384]AppleMobileDeviceService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[384]AppleMobileDeviceService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[384]AppleMobileDeviceService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[384]AppleMobileDeviceService.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[384]AppleMobileDeviceService.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[396]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[396]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[396]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[396]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[396]mDNSResponder.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[396]mDNSResponder.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[396]mDNSResponder.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[396]mDNSResponder.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[396]mDNSResponder.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[396]mDNSResponder.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[396]mDNSResponder.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[396]mDNSResponder.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[396]mDNSResponder.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[396]mDNSResponder.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[396]mDNSResponder.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[632]winlogon.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[632]winlogon.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[632]winlogon.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[632]winlogon.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[632]winlogon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[632]winlogon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[632]winlogon.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[632]winlogon.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[632]winlogon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[632]winlogon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[632]winlogon.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[632]winlogon.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[632]winlogon.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[632]winlogon.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[632]winlogon.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[676]services.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[676]services.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[676]services.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[676]services.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[676]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification at address 0x010010F0 hook handler located in [unknown_code_page]
[676]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[676]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[676]services.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[676]services.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[676]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification at address 0x0100117C hook handler located in [unknown_code_page]
[676]services.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[676]services.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[676]services.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[676]services.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[676]services.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[676]services.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[676]services.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[688]lsass.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[688]lsass.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[688]lsass.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[688]lsass.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[688]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[688]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[688]lsass.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[688]lsass.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[688]lsass.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[688]lsass.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[688]lsass.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[688]lsass.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[688]lsass.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[688]lsass.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[688]lsass.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[844]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[844]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[844]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[844]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[844]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[844]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[844]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[844]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[844]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[844]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[844]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[844]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[844]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[844]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[844]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[892]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[892]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[892]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[892]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[892]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[892]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[892]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[892]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[892]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[892]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[892]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[892]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[892]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[892]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[892]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]
[976]hamachi-2.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump at address 0x77E36F61 hook handler located in [snxhk.dll]
[976]hamachi-2.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump at address 0x77E36FE9 hook handler located in [snxhk.dll]
[976]hamachi-2.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump at address 0x77E36CC9 hook handler located in [snxhk.dll]
[976]hamachi-2.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump at address 0x77E36E61 hook handler located in [snxhk.dll]
[976]hamachi-2.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump at address 0x77E37071 hook handler located in [snxhk.dll]
[976]hamachi-2.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump at address 0x77E37209 hook handler located in [snxhk.dll]
[976]hamachi-2.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump at address 0x77E37311 hook handler located in [snxhk.dll]
[976]hamachi-2.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump at address 0x77E36BE1 hook handler located in [snxhk.dll]
[976]hamachi-2.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump at address 0x7C9161CA hook handler located in [snxhk.dll]
[976]hamachi-2.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump at address 0x7C91718B hook handler located in [snxhk.dll]
[976]hamachi-2.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump at address 0x77D611F1 hook handler located in [snxhk.dll]
[976]hamachi-2.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump at address 0x77D53DEA hook handler located in [snxhk.dll]
[976]hamachi-2.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump at address 0x77D617D0 hook handler located in [snxhk.dll]
[976]hamachi-2.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump at address 0x77D4F22E hook handler located in [snxhk.dll]
[976]hamachi-2.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump at address 0x77D61885 hook handler located in [snxhk.dll]

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 PM

Posted 08 February 2011 - 07:20 PM

Hi

sorry about that, glad you were able to find the program, I've updated my link :)

Please do the following:


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 van1313van

van1313van
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 09 February 2011 - 09:27 AM

Heres the log you requested...Attached File  ComboFix.txt   106.04KB   2 downloads
Thanks!

Edited by van1313van, 09 February 2011 - 09:28 AM.


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 PM

Posted 09 February 2011 - 06:48 PM

Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2938:TCP"=-


Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 van1313van

van1313van
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 10 February 2011 - 09:22 AM

hey im really sorry but i cant complete the ESET scan because it gets stucked at 12%
ill just give combofix log Attached File  ComboFix.txt   20.3KB   1 downloads
and MBAM log Attached File  mbam-log-2005-01-01 (00-38-58).txt   1.56KB   2 downloads
Thanks!

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 PM

Posted 10 February 2011 - 03:16 PM

Please download and install Service Pack 3 from the following Microsoft site

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=en

It's described as the Windows XP Service Pack 3 Network Installation Package for IT Professionals and Developers but it's fine for you to download and install.

Once that has been completed, please re-run ComboFix and post the log.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 van1313van

van1313van
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 12 February 2011 - 09:02 AM

sorry it took me so long. heres the log you requested Attached File  ComboFix.txt   20.24KB   2 downloads

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 PM

Posted 12 February 2011 - 01:43 PM

Hi,

That looks good now,

please rerun MBAM, make sure it comes up clean this time and give ESET another try, make sure all other programs are closed and your security programs are disabled while you are running it. If ESET still wont run, then give PANDA a try:

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC Now button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report


Please advise how your computer is running as well, and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 van1313van

van1313van
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 13 February 2011 - 05:27 AM

hahaha sorry it took so long ESET scan took forever.. heres the logs Attached File  ESETLOG.txt   1.86KB   1 downloads Attached File  mbam-log-2005-01-01 (00-41-36).txt   901bytes   1 downloads

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:04 PM

Posted 13 February 2011 - 08:33 AM

Hi

Please do the following:

  • Go to Start->Run and type in notepad and hit OK.
  • Then copy and paste the content of the following codebox into Notepad:

    @echo off 
    if exist "%temp%\log.txt" del "%temp%\log.txt"
    
    for %%g in ( 
    "C:\Documents and Settings\HanaAylani\My Documents\LimeWire\Saved\andyan na siya - best track ever.mp3"	
    "C:\Documents and Settings\HanaAylani\My Documents\LimeWire\Saved\pag andyan na siya yvan.mp3"
    ) do (
    del /a/f/q %%g >nul 2>&1
    if exist %%g echo.%%g>>"%temp%\log.txt"
    )
    if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
    ) else echo.Deleted Successfully !!
    pause
    del %0
  • Save the file to your DESKTOP as "find.bat". Make sure to save it with the quotes.
  • Once saved, the icon to click should look like this on your desktop:

    Posted Image
  • Double click find.bat. to run it. A small black box should open and close - this is normal.
  • Let me know if it deletes successfully.


NEXT

Please post a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 van1313van

van1313van
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:04 PM

Posted 13 February 2011 - 09:01 AM

Heres DSS log Attached File  DDS.txt   39.7KB   1 downloads

The computer seems ok now. i dont experience sudden CPU spikes. Thanks to you! haha




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users