View Full Version : Win32.ZBot infection
Dear all,
When I last scanned with Spybot, it found a Win32.ZBot infection. More specifically, it found the following entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\\Windows NT\CurrentVersion\\Winlogon\Userinit=...C:\WINDOWS\system32\sdra64.exe...
- C:\WINDOWS\system32\sdra64.exe
- C:\WINDOWS\system32\lowsec\local.ds
- C:\WINDOWS\system32\lowsec\user.ds
- C:\WINDOWS\system32\lowsec
I read in some posts on this forum that the best way to get rid of this infection is by formatting and reinstalling the OS. However, I do not have time to do this at the moment, so any advice for removing this infection would be greatly appreciated.
Many thanks in advance.
Husky_
--------------------------------------------------------------------------
DDS-log:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Dieter at 18:19:34,85 on wo 05/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.1023.334 [GMT 1:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Dieter\Bureaublad\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\dieter\menust~1\progra~1\opstar~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260633159265
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258899714453
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\dieter\applic~1\mozilla\firefox\profiles\0mc4fh6m.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\documents and settings\dieter\application data\mozilla\firefox\profiles\0mc4fh6m.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\dieter\application data\mozilla\firefox\profiles\0mc4fh6m.default\extensions\mintrayr@tn123.ath.cx\components\trayToolkit.dll
FF - plugin: c:\documents and settings\dieter\application data\mozilla\firefox\profiles\0mc4fh6m.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-16 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-22 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-22 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-22 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-22 40384]
S2 Asusgio;Asusgio;\??\c:\program files\asus\cool & quiet\asusgio.sys --> c:\program files\asus\cool & quiet\Asusgio.sys [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-22 40384]
S3 DUMeterSvc;DU Meter Service;c:\program files\du meter\DUMeterSvc.exe [2010-4-12 1391136]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1181328]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2009-5-24 91841]
S4 gupdate1c9da137525aa2a;Google Update Service (gupdate1c9da137525aa2a);c:\program files\google\update\GoogleUpdate.exe [2009-5-21 133104]
S4 vsdatant;vsdatant; [x]
=============== Created Last 30 ================
2010-05-05 14:33:08 0 d--h--r- c:\documents and settings\dieter\Onlangs geopend
2010-05-04 08:11:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-04 08:11:54 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-26 07:20:14 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-22 11:50:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-04-12 10:13:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Hagel Technologies
2010-04-12 10:13:37 0 d-----w- c:\program files\DU Meter
==================== Find3M ====================
2010-03-28 09:27:30 533928 ----a-w- c:\windows\system32\perfh013.dat
2010-03-28 09:27:30 100060 ----a-w- c:\windows\system32\perfc013.dat
2010-03-10 06:17:43 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:20:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-17 13:09:58 2194304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09:57 2071168 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35:06 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-07-10 12:39:00 350720 -c--a-w- c:\program files\hjsplit.exe
============= FINISH: 18:20:36,01 ===============
shelf life
2010-05-08, 22:35
hi,
sdra64.exe. is a backdoor trojan. I would not use the computer until its clean. Power it off or pull the ethernet cable so there is no connectivity.
If you still need help reply to my post from another computer if possible.
Hi shelf life,
Many thanks for your reply.
Yes, I still need help. Could you tell me what the risks are of keeping my computer connected with this type of infection?
Husky
shelf life
2010-05-09, 01:38
Hi,
The risk is someone could be all over your machine, remotely that is. We can get a better look with Malwarebytes:
Please download Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected.*
*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4080
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/05/2010 9:53:28
mbam-log-2010-05-09 (09-53-28).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 192798
Time elapsed: 31 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 6
Folders Infected: 1
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
Files Infected:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
shelf life
2010-05-09, 14:22
ok good. After the scan was finished you rebooted your machine?.
Run Malwarebytes once more and post the log.
Yes, I rebooted after the scan finished.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4080
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
9/05/2010 13:40:35
mbam-log-2010-05-09 (13-40-35).txt
Scan type: Full scan (C:\|)
Objects scanned: 157235
Time elapsed: 16 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
shelf life
2010-05-09, 15:55
ok looks good. May has well run this tool also:
Please download zbotkiller (http://support.kaspersky.com/downloads/utils/zbotkiller.zip) and save it to your desktop
Extract the ZBotkiller.exe file to your desktop
go to start>run and copy/paste in the run box whats below:
"%userprofile%\desktop\zbotkiller.exe" -y -l report.txt -v
click ok or enter
it should produce a report.txt on your desktop, post the log
20:3:48:46 2880 Scanning Threads ...
20:3:48:78 2880 KillThreads: Scan process PID: 624 Name "smss.exe" ThreadCount 3
20:3:48:78 2880 ScanThread: Thread 628 base addr: 4858A4C8
20:3:48:109 2880 ScanThread: Thread 632 base addr: 485893B2
20:3:48:109 2880 ScanThread: Thread 636 base addr: 3D8A
20:3:48:109 2880 KillThreads: Scan process PID: 672 Name "csrss.exe" ThreadCount 12
20:3:48:109 2880 ScanThread: Thread 680 base addr: F709FC49
20:3:48:109 2880 ScanThread: VirtualQueryEx error 87
20:3:48:109 2880 ScanThread: Thread 688 base addr: 75B07D63
20:3:48:140 2880 ScanThread: Thread 692 base addr: 75B0BEBD
20:3:48:140 2880 ScanThread: Thread 696 base addr: 75AE461A
20:3:48:156 2880 ScanThread: Thread 700 base addr: 75AE3B3A
20:3:48:156 2880 ScanThread: Thread 716 base addr: 163A0A
20:3:48:171 2880 ScanThread: Thread 720 base addr: 75B07CDF
20:3:48:171 2880 ScanThread: Thread 724 base addr: 75B07CDF
20:3:48:171 2880 ScanThread: Thread 772 base addr: 75B07CDF
20:3:48:171 2880 ScanThread: Thread 168 base addr: 163A09
20:3:48:171 2880 ScanThread: Thread 1672 base addr: 75B07FD4
20:3:48:187 2880 ScanThread: Thread 3900 base addr: 75B01E82
20:3:48:187 2880 KillThreads: Scan process PID: 704 Name "winlogon.exe" ThreadCount 20
20:3:48:187 2880 ScanThread: Thread 708 base addr: 103E5E1
20:3:48:203 2880 ScanThread: Thread 732 base addr: 7C7E06F9
20:3:48:250 2880 ScanThread: Thread 736 base addr: 77DA6C7D
20:3:48:250 2880 ScanThread: Thread 740 base addr: 7C927EDB
20:3:48:312 2880 ScanThread: Thread 744 base addr: 7C910250
20:3:48:312 2880 ScanThread: Thread 748 base addr: 77DA6C7D
20:3:48:328 2880 ScanThread: Thread 760 base addr: 7C929B8F
20:3:48:328 2880 ScanThread: Thread 972 base addr: 76C2C80B
20:3:48:375 2880 ScanThread: Thread 976 base addr: 76C2C54E
20:3:48:375 2880 ScanThread: Thread 980 base addr: 76C2C54E
20:3:48:375 2880 ScanThread: Thread 1204 base addr: 100016A0
20:3:48:390 2880 ScanThread: Thread 1220 base addr: 1039E58
20:3:48:390 2880 ScanThread: Thread 1228 base addr: 765A2D3C
20:3:48:406 2880 ScanThread: Thread 1272 base addr: 72C930E8
20:3:48:406 2880 ScanThread: Thread 1256 base addr: 76AF4DCA
20:3:48:421 2880 ScanThread: Thread 1236 base addr: 77DA6C7D
20:3:48:437 2880 ScanThread: Thread 3716 base addr: 77DA6C7D
20:3:48:437 2880 ScanThread: Thread 3728 base addr: 77DA6C7D
20:3:48:437 2880 ScanThread: Thread 1064 base addr: 77DA6C7D
20:3:48:453 2880 ScanThread: Thread 3464 base addr: 77DA6C7D
20:3:48:453 2880 KillThreads: Scan process PID: 752 Name "services.exe" ThreadCount 15
20:3:48:453 2880 ScanThread: Thread 776 base addr: 7C927EDB
20:3:48:468 2880 ScanThread: Thread 820 base addr: 7C9105BA
20:3:48:484 2880 ScanThread: Thread 824 base addr: 7C929B8F
20:3:48:484 2880 ScanThread: Thread 892 base addr: 7C910250
20:3:48:500 2880 ScanThread: Thread 900 base addr: 77DA6C7D
20:3:48:500 2880 ScanThread: Thread 908 base addr: 77683AB8
20:3:48:500 2880 ScanThread: Thread 932 base addr: 100A4D2
20:3:48:515 2880 ScanThread: Thread 988 base addr: 3D2A
20:3:48:515 2880 ScanThread: Thread 1144 base addr: 7DBB35A1
20:3:48:515 2880 ScanThread: Thread 1148 base addr: 7DBB5D5B
20:3:48:515 2880 ScanThread: Thread 592 base addr: 7C7E06F9
20:3:48:546 2880 ScanThread: Thread 940 base addr: 7C7E06F9
20:3:48:546 2880 ScanThread: Thread 2968 base addr: 5FBD3E24
20:3:48:578 2880 ScanThread: Thread 2972 base addr: 5FBD1D97
20:3:48:578 2880 ScanThread: Thread 896 base addr: 7C7E06F9
20:3:48:578 2880 KillThreads: Scan process PID: 764 Name "lsass.exe" ThreadCount 22
20:3:48:578 2880 ScanThread: Thread 780 base addr: 753F3F58
20:3:48:640 2880 ScanThread: Thread 784 base addr: 7C927EDB
20:3:48:671 2880 ScanThread: Thread 788 base addr: 7C910250
20:3:48:671 2880 ScanThread: Thread 792 base addr: 7C929B8F
20:3:48:687 2880 ScanThread: Thread 796 base addr: 228
20:3:48:687 2880 ScanThread: Thread 812 base addr: 7C9105BA
20:3:48:687 2880 ScanThread: Thread 836 base addr: 7C7E06F9
20:3:48:703 2880 ScanThread: Thread 848 base addr: 163885
20:3:48:765 2880 ScanThread: Thread 852 base addr: 753D8D6B
20:3:48:765 2880 ScanThread: Thread 856 base addr: 753D8D6B
20:3:48:781 2880 ScanThread: Thread 860 base addr: 753D8D6B
20:3:48:781 2880 ScanThread: Thread 864 base addr: 665EC
20:3:48:781 2880 ScanThread: Thread 868 base addr: 7C7E06F9
20:3:48:796 2880 ScanThread: Thread 936 base addr: 753D8D6B
20:3:48:796 2880 ScanThread: Thread 1876 base addr: 77F63539
20:3:48:812 2880 ScanThread: Thread 1136 base addr: 77C0A341
20:3:48:828 2880 ScanThread: Thread 1120 base addr: 77C0A341
20:3:48:828 2880 ScanThread: Thread 1140 base addr: 77C0A341
20:3:48:828 2880 ScanThread: Thread 1068 base addr: 77DA6C7D
20:3:48:828 2880 ScanThread: Thread 1744 base addr: 76978761
20:3:48:859 2880 ScanThread: Thread 2388 base addr: 7C7E06F9
20:3:48:875 2880 ScanThread: Thread 2280 base addr: 77DA6C7D
20:3:48:875 2880 KillThreads: Scan process PID: 920 Name "svchost.exe" ThreadCount 16
20:3:48:875 2880 ScanThread: Thread 924 base addr: 1002509
20:3:48:890 2880 ScanThread: Thread 956 base addr: 7C927EDB
20:3:48:906 2880 ScanThread: Thread 960 base addr: 7C910250
20:3:48:906 2880 ScanThread: Thread 964 base addr: 7C929B8F
20:3:48:921 2880 ScanThread: Thread 1528 base addr: 7C7E06F9
20:3:48:921 2880 ScanThread: Thread 1504 base addr: 766CFF2F
20:3:48:968 2880 ScanThread: Thread 1572 base addr: 3E0C
20:3:48:968 2880 ScanThread: Thread 1580 base addr: 3E04
20:3:48:968 2880 ScanThread: Thread 1216 base addr: 766BEA3C
20:3:48:968 2880 ScanThread: Thread 1212 base addr: 766BE934
20:3:48:968 2880 ScanThread: Thread 1584 base addr: 766BA7CE
20:3:48:968 2880 ScanThread: Thread 1588 base addr: 76978761
20:3:48:984 2880 ScanThread: Thread 1592 base addr: 7C7E06F9
20:3:49:0 2880 ScanThread: Thread 1596 base addr: 7C7E06F9
20:3:49:15 2880 ScanThread: Thread 1608 base addr: 7C7E06F9
20:3:49:31 2880 ScanThread: Thread 3344 base addr: 77DA6C7D
20:3:49:31 2880 KillThreads: Scan process PID: 996 Name "svchost.exe" ThreadCount 8
20:3:49:31 2880 ScanThread: Thread 1000 base addr: 1002509
20:3:49:31 2880 ScanThread: Thread 1004 base addr: 77F63539
20:3:49:31 2880 ScanThread: Thread 1008 base addr: 7C927EDB
20:3:49:46 2880 ScanThread: Thread 1012 base addr: 7C910250
20:3:49:46 2880 ScanThread: Thread 1016 base addr: 7C929B8F
20:3:49:62 2880 ScanThread: Thread 1028 base addr: 7C7E06F9
20:3:49:78 2880 ScanThread: Thread 3760 base addr: 77DA6C7D
20:3:49:78 2880 ScanThread: Thread 1044 base addr: 7C7E06F9
20:3:49:93 2880 KillThreads: Scan process PID: 1092 Name "svchost.exe" ThreadCount 69
20:3:49:93 2880 ScanThread: Thread 1096 base addr: 1002509
20:3:49:109 2880 ScanThread: Thread 1100 base addr: 163A07
20:3:49:296 2880 ScanThread: Thread 1104 base addr: 7C927EDB
20:3:49:312 2880 ScanThread: Thread 1108 base addr: 7C910250
20:3:49:328 2880 ScanThread: Thread 1160 base addr: 14F1CE
20:3:49:343 2880 ScanThread: Thread 1292 base addr: 77F63539
20:3:49:343 2880 ScanThread: Thread 1372 base addr: 7D4C98E0
20:3:49:359 2880 ScanThread: Thread 1620 base addr: 4DB450CC
20:3:49:375 2880 ScanThread: Thread 1624 base addr: 745B613A
20:3:49:390 2880 ScanThread: Thread 1724 base addr: 7C910250
20:3:49:390 2880 ScanThread: Thread 1836 base addr: 77F63539
20:3:49:406 2880 ScanThread: Thread 1840 base addr: 7C7E06F9
20:3:49:421 2880 ScanThread: Thread 596 base addr: 77F63539
20:3:49:421 2880 ScanThread: Thread 332 base addr: 51130
20:3:49:421 2880 ScanThread: Thread 604 base addr: 77DA6C7D
20:3:49:437 2880 ScanThread: Thread 608 base addr: 76B2B1B3
20:3:49:453 2880 ScanThread: Thread 612 base addr: 76B2A8FA
20:3:49:453 2880 ScanThread: Thread 648 base addr: 76B2A5F7
20:3:49:453 2880 ScanThread: Thread 1188 base addr: 7C9105BA
20:3:49:468 2880 ScanThread: Thread 480 base addr: 77F63539
20:3:49:468 2880 ScanThread: Thread 208 base addr: 77F63539
20:3:49:468 2880 ScanThread: Thread 640 base addr: 77DA6C7D
20:3:49:484 2880 ScanThread: Thread 944 base addr: 3D05
20:3:49:484 2880 ScanThread: Thread 948 base addr: 68DA1560
20:3:49:500 2880 ScanThread: Thread 1172 base addr: 68DA1AE0
20:3:49:500 2880 ScanThread: Thread 1132 base addr: 68DA1C90
20:3:49:515 2880 ScanThread: Thread 1268 base addr: 7C7E06F9
20:3:49:515 2880 ScanThread: Thread 1348 base addr: 68DA1C90
20:3:49:515 2880 ScanThread: Thread 1476 base addr: 77F63539
20:3:49:531 2880 ScanThread: Thread 1488 base addr: 77F63539
20:3:49:531 2880 ScanThread: Thread 1492 base addr: 76978761
20:3:49:546 2880 ScanThread: Thread 1516 base addr: 76772756
20:3:49:562 2880 ScanThread: Thread 1664 base addr: 77683AB8
20:3:49:562 2880 ScanThread: Thread 2192 base addr: 77F63539
20:3:49:578 2880 ScanThread: Thread 2248 base addr: 776B62C8
20:3:49:578 2880 ScanThread: Thread 2304 base addr: 774BE43B
20:3:49:625 2880 ScanThread: Thread 2608 base addr: 74E8742E
20:3:49:687 2880 ScanThread: Thread 2640 base addr: 73375A2B
20:3:49:703 2880 ScanThread: Thread 2652 base addr: 77F63539
20:3:49:718 2880 ScanThread: Thread 2708 base addr: 75EE7BB8
20:3:49:718 2880 ScanThread: Thread 2720 base addr: 7C7E06F9
20:3:49:734 2880 ScanThread: Thread 2724 base addr: 580AE236
20:3:49:750 2880 ScanThread: Thread 2752 base addr: 71F919F8
20:3:49:765 2880 ScanThread: Thread 2764 base addr: 58116DD4
20:3:49:781 2880 ScanThread: Thread 2768 base addr: 580F9BC0
20:3:49:781 2880 ScanThread: Thread 2772 base addr: 58161F91
20:3:49:781 2880 ScanThread: Thread 2776 base addr: 58133F47
20:3:49:781 2880 ScanThread: Thread 2780 base addr: 76E7E104
20:3:49:796 2880 ScanThread: Thread 2844 base addr: 4DAFDD34
20:3:49:812 2880 ScanThread: Thread 2848 base addr: 721EC362
20:3:49:828 2880 ScanThread: Thread 3000 base addr: 7C929B8F
20:3:49:828 2880 ScanThread: Thread 3012 base addr: 77F63539
20:3:49:843 2880 ScanThread: Thread 3024 base addr: 77C0A341
20:3:49:859 2880 ScanThread: Thread 3516 base addr: 74E82555
20:3:49:859 2880 ScanThread: Thread 3732 base addr: 77DA6C7D
20:3:49:859 2880 ScanThread: Thread 3860 base addr: 77DA6C7D
20:3:49:875 2880 ScanThread: Thread 2944 base addr: 5FBA3C44
20:3:49:890 2880 ScanThread: Thread 2952 base addr: 5FBD1C49
20:3:49:890 2880 ScanThread: Thread 2956 base addr: 5FBD1C49
20:3:49:890 2880 ScanThread: Thread 2392 base addr: 77DA6C7D
20:3:49:906 2880 ScanThread: Thread 3288 base addr: 7C7E06F9
20:3:49:906 2880 ScanThread: Thread 3208 base addr: 7C7E06F9
20:3:49:921 2880 ScanThread: Thread 3500 base addr: 7C7E06F9
20:3:49:937 2880 ScanThread: Thread 3624 base addr: 7C7E06F9
20:3:49:937 2880 ScanThread: Thread 4012 base addr: 1633B1
20:3:49:953 2880 ScanThread: Thread 1660 base addr: 7C7E06F9
20:3:49:968 2880 ScanThread: Thread 2804 base addr: 7C7E06F9
20:3:49:968 2880 ScanThread: Thread 2812 base addr: 7C910250
20:3:49:984 2880 ScanThread: Thread 3588 base addr: 77DA6C7D
20:3:49:984 2880 KillThreads: Scan process PID: 1124 Name "Smc.exe" ThreadCount 22
20:3:49:984 2880 ScanThread: Thread 1128 base addr: 5628B0
20:3:50:109 2880 ScanThread: Thread 1284 base addr: 77F63539
20:3:50:125 2880 ScanThread: Thread 1300 base addr: 5EAC3AB
20:3:50:140 2880 ScanThread: Thread 1548 base addr: 38EDB2
20:3:50:281 2880 ScanThread: Thread 1628 base addr: 100088D9
20:3:50:296 2880 ScanThread: Thread 1632 base addr: 100088D9
20:3:50:296 2880 ScanThread: Thread 1812 base addr: 5DFA089
20:3:50:343 2880 ScanThread: Thread 1820 base addr: 7C929B8F
20:3:50:343 2880 ScanThread: Thread 1824 base addr: 76978761
20:3:50:359 2880 ScanThread: Thread 1952 base addr: 6272F07
20:3:50:375 2880 ScanThread: Thread 1964 base addr: 59B7FA2
20:3:50:421 2880 ScanThread: Thread 1968 base addr: 59B7FA2
20:3:50:437 2880 ScanThread: Thread 1972 base addr: 59B7FA2
20:3:50:453 2880 ScanThread: Thread 1976 base addr: 59B7FA2
20:3:50:453 2880 ScanThread: Thread 1992 base addr: 5D19816
20:3:50:515 2880 ScanThread: Thread 2000 base addr: 6A24B7D
20:3:50:562 2880 ScanThread: Thread 2016 base addr: 55749E8
20:3:50:578 2880 ScanThread: Thread 2024 base addr: 6272F07
20:3:50:578 2880 ScanThread: Thread 2032 base addr: 6272F07
20:3:50:578 2880 ScanThread: Thread 472 base addr: 561CCF
20:3:50:609 2880 ScanThread: Thread 1260 base addr: 40CCDE9E
20:3:50:625 2880 ScanThread: Thread 1248 base addr: 7C927EDB
20:3:50:640 2880 KillThreads: Scan process PID: 1312 Name "svchost.exe" ThreadCount 6
20:3:50:640 2880 ScanThread: Thread 1316 base addr: 1002509
20:3:50:656 2880 ScanThread: Thread 1416 base addr: 76725597
20:3:50:671 2880 ScanThread: Thread 1420 base addr: 767244BB
20:3:50:671 2880 ScanThread: Thread 2568 base addr: 163A98
20:3:50:671 2880 ScanThread: Thread 3892 base addr: 7C7E06F9
20:3:50:703 2880 ScanThread: Thread 2272 base addr: 7C7E06F9
20:3:50:703 2880 KillThreads: Scan process PID: 1480 Name "svchost.exe" ThreadCount 10
20:3:50:703 2880 ScanThread: Thread 1484 base addr: 1002509
20:3:50:718 2880 ScanThread: Thread 1508 base addr: 77F63539
20:3:50:734 2880 ScanThread: Thread 1556 base addr: 74BC1AC0
20:3:50:750 2880 ScanThread: Thread 2344 base addr: 77F63539
20:3:50:765 2880 ScanThread: Thread 2364 base addr: 7C927EDB
20:3:50:765 2880 ScanThread: Thread 2372 base addr: 7C910250
20:3:50:781 2880 ScanThread: Thread 2376 base addr: 7C929B8F
20:3:50:781 2880 ScanThread: Thread 2552 base addr: 7691721F
20:3:50:812 2880 ScanThread: Thread 2676 base addr: 5380
20:3:50:812 2880 ScanThread: Thread 1456 base addr: 77DA6C7D
20:3:50:812 2880 KillThreads: Scan process PID: 1788 Name "explorer.exe" ThreadCount 21
20:3:50:812 2880 ScanThread: Thread 1792 base addr: 101A55F
20:3:50:890 2880 ScanThread: Thread 1856 base addr: 77EA6F13
20:3:50:906 2880 ScanThread: Thread 1864 base addr: 7C927EDB
20:3:50:906 2880 ScanThread: Thread 1872 base addr: 7C929B8F
20:3:50:921 2880 ScanThread: Thread 148 base addr: 77EA6F13
20:3:50:921 2880 ScanThread: Thread 1432 base addr: 765535DF
20:3:50:953 2880 ScanThread: Thread 1436 base addr: 77EA6F13
20:3:50:953 2880 ScanThread: Thread 1440 base addr: 77EA6F13
20:3:50:953 2880 ScanThread: Thread 1500 base addr: 72C930E8
20:3:50:953 2880 ScanThread: Thread 2524 base addr: 76AF4DCA
20:3:50:953 2880 ScanThread: Thread 2604 base addr: 76978761
20:3:50:984 2880 ScanThread: Thread 2936 base addr: 4EB98361
20:3:51:125 2880 ScanThread: Thread 3476 base addr: 7C7E06F9
20:3:51:125 2880 ScanThread: Thread 1776 base addr: 75F45339
20:3:51:187 2880 ScanThread: Thread 3100 base addr: 7C910250
20:3:51:187 2880 ScanThread: Thread 3812 base addr: 7C910250
20:3:51:203 2880 ScanThread: Thread 2140 base addr: 75F45339
20:3:51:203 2880 ScanThread: Thread 544 base addr: 7C910250
20:3:51:218 2880 ScanThread: Thread 2416 base addr: 77F6848A
20:3:51:218 2880 ScanThread: Thread 2040 base addr: 774BE43B
20:3:51:234 2880 ScanThread: Thread 3260 base addr: 163AA8
20:3:51:312 2880 KillThreads: Scan process PID: 1920 Name "AvastSvc.exe" ThreadCount 50
20:3:51:312 2880 ScanThread: Thread 1924 base addr: 4052B2
20:3:51:328 2880 ScanThread: Thread 1984 base addr: 77F63539
20:3:51:343 2880 ScanThread: Thread 172 base addr: 7854345E
20:3:51:390 2880 ScanThread: Thread 176 base addr: 6500EB30
20:3:51:390 2880 ScanThread: Thread 228 base addr: 65006E70
20:3:51:406 2880 ScanThread: Thread 232 base addr: 65006E70
20:3:51:406 2880 ScanThread: Thread 236 base addr: 65007AD0
20:3:51:406 2880 ScanThread: Thread 240 base addr: 650076D0
20:3:51:406 2880 ScanThread: Thread 256 base addr: 650184E0
20:3:51:406 2880 ScanThread: Thread 264 base addr: 65017350
20:3:51:406 2880 ScanThread: Thread 268 base addr: 65017720
20:3:51:406 2880 ScanThread: Thread 272 base addr: 650082C0
20:3:51:406 2880 ScanThread: Thread 276 base addr: 650082C0
20:3:51:421 2880 ScanThread: Thread 284 base addr: 65921190
20:3:51:437 2880 ScanThread: Thread 288 base addr: 65841060
20:3:51:453 2880 ScanThread: Thread 304 base addr: 7854345E
20:3:51:453 2880 ScanThread: Thread 372 base addr: 7854345E
20:3:51:453 2880 ScanThread: Thread 384 base addr: 658012F0
20:3:51:468 2880 ScanThread: Thread 388 base addr: 658E1020
20:3:51:484 2880 ScanThread: Thread 396 base addr: 6500F530
20:3:51:484 2880 ScanThread: Thread 492 base addr: 65008090
20:3:51:484 2880 ScanThread: Thread 508 base addr: 7854345E
20:3:51:500 2880 ScanThread: Thread 556 base addr: 64704B70
20:3:51:500 2880 ScanThread: Thread 564 base addr: 650822F0
20:3:51:515 2880 ScanThread: Thread 560 base addr: 7854345E
20:3:51:515 2880 ScanThread: Thread 260 base addr: 65086730
20:3:51:515 2880 ScanThread: Thread 580 base addr: 650895D0
20:3:51:515 2880 ScanThread: Thread 576 base addr: 6508A940
20:3:51:515 2880 ScanThread: Thread 828 base addr: 7C7E06F9
20:3:51:531 2880 ScanThread: Thread 2224 base addr: 77F63539
20:3:51:546 2880 ScanThread: Thread 2456 base addr: 68301660
20:3:51:562 2880 ScanThread: Thread 2460 base addr: 68301820
20:3:51:562 2880 ScanThread: Thread 2464 base addr: 785432CE
20:3:51:562 2880 ScanThread: Thread 2472 base addr: 785432CE
20:3:51:562 2880 ScanThread: Thread 2476 base addr: 785432CE
20:3:51:578 2880 ScanThread: Thread 2480 base addr: 785432CE
20:3:51:578 2880 ScanThread: Thread 2484 base addr: 785432CE
20:3:51:578 2880 ScanThread: Thread 2488 base addr: 785432CE
20:3:51:593 2880 ScanThread: Thread 2492 base addr: 785432CE
20:3:51:593 2880 ScanThread: Thread 2496 base addr: 785432CE
20:3:51:609 2880 ScanThread: Thread 2504 base addr: 785432CE
20:3:51:609 2880 ScanThread: Thread 3592 base addr: 7C7E06F9
20:3:51:625 2880 ScanThread: Thread 2284 base addr: 63B23710
20:3:51:656 2880 ScanThread: Thread 2316 base addr: 63B23740
20:3:51:656 2880 ScanThread: Thread 2288 base addr: 63B24270
20:3:51:656 2880 ScanThread: Thread 1280 base addr: 785432CE
20:3:51:656 2880 ScanThread: Thread 1692 base addr: 785432CE
20:3:51:671 2880 ScanThread: Thread 1612 base addr: 785432CE
20:3:51:671 2880 ScanThread: Thread 3640 base addr: 785432CE
20:3:51:671 2880 ScanThread: Thread 1948 base addr: 785432CE
20:3:51:687 2880 KillThreads: Scan process PID: 200 Name "iTouch.exe" ThreadCount 4
20:3:51:687 2880 ScanThread: Thread 204 base addr: 47C58A
20:3:51:734 2880 ScanThread: Thread 468 base addr: 40A0B5
20:3:51:750 2880 ScanThread: Thread 476 base addr: 474BEF
20:3:51:750 2880 ScanThread: Thread 1328 base addr: 72C930E8
20:3:51:765 2880 KillThreads: Scan process PID: 248 Name "rundll32.exe" ThreadCount 1
20:3:51:765 2880 ScanThread: Thread 252 base addr: 1001BDC
20:3:51:765 2880 KillThreads: Scan process PID: 280 Name "AvastUI.exe" ThreadCount 7
20:3:51:765 2880 ScanThread: Thread 292 base addr: 5C7C4A
20:3:51:859 2880 ScanThread: Thread 536 base addr: 7854345E
20:3:51:875 2880 ScanThread: Thread 768 base addr: 64681360
20:3:51:890 2880 ScanThread: Thread 884 base addr: 65013EB0
20:3:51:890 2880 ScanThread: Thread 880 base addr: 7854345E
20:3:51:890 2880 ScanThread: Thread 952 base addr: 5C35D0
20:3:51:921 2880 ScanThread: Thread 3308 base addr: 9619
20:3:51:921 2880 KillThreads: Scan process PID: 300 Name "RocketDock.exe" ThreadCount 4
20:3:51:921 2880 ScanThread: Thread 308 base addr: 434081
20:3:51:953 2880 ScanThread: Thread 444 base addr: 4EB98361
20:3:51:968 2880 ScanThread: Thread 532 base addr: 4269D0
20:3:51:968 2880 ScanThread: Thread 1980 base addr: 7C7E06F9
20:3:51:984 2880 KillThreads: Scan process PID: 376 Name "ctfmon.exe" ThreadCount 1
20:3:51:984 2880 ScanThread: Thread 380 base addr: 402E35
20:3:51:984 2880 KillThreads: Scan process PID: 424 Name "WindowsSearch.exe" ThreadCount 9
20:3:51:984 2880 ScanThread: Thread 428 base addr: 1012F91
20:3:52:15 2880 ScanThread: Thread 484 base addr: 163AE7
20:3:52:156 2880 ScanThread: Thread 2252 base addr: 163B03
20:3:52:171 2880 ScanThread: Thread 2276 base addr: 163B05
20:3:52:171 2880 ScanThread: Thread 2536 base addr: 100CBA6
20:3:52:171 2880 ScanThread: Thread 2736 base addr: 100EBAC
20:3:52:171 2880 ScanThread: Thread 2740 base addr: 408DF1
20:3:52:187 2880 ScanThread: Thread 2744 base addr: 408CFF
20:3:52:187 2880 ScanThread: Thread 2748 base addr: 412F88
20:3:52:187 2880 KillThreads: Scan process PID: 496 Name "EM_EXEC.EXE" ThreadCount 2
20:3:52:187 2880 ScanThread: Thread 500 base addr: 406522
20:3:52:203 2880 ScanThread: Thread 600 base addr: 33CD22
20:3:52:218 2880 KillThreads: Scan process PID: 616 Name "spoolsv.exe" ThreadCount 12
20:3:52:218 2880 ScanThread: Thread 620 base addr: 100461B
20:3:52:234 2880 ScanThread: Thread 652 base addr: 77F63539
20:3:52:250 2880 ScanThread: Thread 116 base addr: 1003DAA
20:3:52:250 2880 ScanThread: Thread 3228 base addr: 100429C
20:3:52:250 2880 ScanThread: Thread 3240 base addr: 7238172D
20:3:52:281 2880 ScanThread: Thread 3244 base addr: 761D29DB
20:3:52:296 2880 ScanThread: Thread 3248 base addr: 761D5C3A
20:3:52:312 2880 ScanThread: Thread 3268 base addr: 77DA6C7D
20:3:52:312 2880 ScanThread: Thread 3404 base addr: 1492FD
20:3:52:343 2880 ScanThread: Thread 408 base addr: 1003DAA
20:3:52:343 2880 ScanThread: Thread 2564 base addr: 77DA6C7D
20:3:52:343 2880 ScanThread: Thread 3036 base addr: 77DA6C7D
20:3:52:359 2880 KillThreads: Scan process PID: 400 Name "svchost.exe" ThreadCount 5
20:3:52:359 2880 ScanThread: Thread 420 base addr: 1002509
20:3:52:375 2880 ScanThread: Thread 440 base addr: 5AAF587C
20:3:52:406 2880 ScanThread: Thread 448 base addr: 5AAF587C
20:3:52:406 2880 ScanThread: Thread 2732 base addr: 77DA6C7D
20:3:52:406 2880 ScanThread: Thread 3648 base addr: 77DA6C7D
20:3:52:406 2880 KillThreads: Scan process PID: 1152 Name "svchost.exe" ThreadCount 5
20:3:52:406 2880 ScanThread: Thread 1176 base addr: 1002509
20:3:52:421 2880 ScanThread: Thread 1392 base addr: 77F63539
20:3:52:437 2880 ScanThread: Thread 1544 base addr: 7C7E06F9
20:3:52:468 2880 ScanThread: Thread 1564 base addr: 75BAC5E7
20:3:52:500 2880 ScanThread: Thread 3948 base addr: 77DA6C7D
20:3:52:500 2880 KillThreads: Scan process PID: 1496 Name "searchindexer.exe" ThreadCount 22
20:3:52:500 2880 ScanThread: Thread 1520 base addr: 100E504
20:3:52:531 2880 ScanThread: Thread 1644 base addr: 77F63539
20:3:52:531 2880 ScanThread: Thread 1680 base addr: 101D79A
20:3:52:531 2880 ScanThread: Thread 1804 base addr: 5E297356
20:3:52:593 2880 ScanThread: Thread 1512 base addr: 5E297356
20:3:52:593 2880 ScanThread: Thread 1884 base addr: 5E297356
20:3:52:609 2880 ScanThread: Thread 1888 base addr: 5E297356
20:3:52:625 2880 ScanThread: Thread 2092 base addr: 7C927EDB
20:3:52:640 2880 ScanThread: Thread 2104 base addr: 60030590
20:3:52:671 2880 ScanThread: Thread 2112 base addr: 4FFC3C
20:3:52:921 2880 ScanThread: Thread 2116 base addr: 500DEC
20:3:52:937 2880 ScanThread: Thread 2120 base addr: 4FFCB8
20:3:52:937 2880 ScanThread: Thread 2128 base addr: 500294
20:3:52:953 2880 ScanThread: Thread 2132 base addr: 77FAE9AD
20:3:52:953 2880 ScanThread: Thread 2576 base addr: 7C929B8F
20:3:52:968 2880 ScanThread: Thread 1832 base addr: 60030590
20:3:52:984 2880 ScanThread: Thread 2584 base addr: 60030590
20:3:53:0 2880 ScanThread: Thread 1640 base addr: 163B17
20:3:53:15 2880 ScanThread: Thread 2696 base addr: 163B13
20:3:53:15 2880 ScanThread: Thread 3580 base addr: 163B15
20:3:53:31 2880 ScanThread: Thread 1688 base addr: 7C910250
20:3:53:31 2880 ScanThread: Thread 1860 base addr: 7C910250
20:3:53:31 2880 KillThreads: Scan process PID: 2100 Name "WINWORD.EXE" ThreadCount 5
20:3:53:31 2880 ScanThread: Thread 2664 base addr: 300018FC
20:3:54:78 2880 ScanThread: Thread 3496 base addr: 30B7194C
20:3:54:343 2880 ScanThread: Thread 2884 base addr: 7C927EDB
20:3:54:343 2880 ScanThread: Thread 3112 base addr: 40CCDE9E
20:3:54:359 2880 ScanThread: Thread 3432 base addr: 1492FA
20:3:54:359 2880 KillThreads: Scan process PID: 2964 Name "realsched.exe" ThreadCount 5
20:3:54:359 2880 ScanThread: Thread 4032 base addr: 418F7E
20:3:54:375 2880 ScanThread: Thread 1940 base addr: 402FCB
20:3:54:375 2880 ScanThread: Thread 1072 base addr: 7C7E06F9
20:3:54:390 2880 ScanThread: Thread 3380 base addr: 415160
20:3:54:390 2880 KillThreads: OpenThread 1540 in process 2964 error 87
20:3:54:390 2880 KillThreads: Scan process PID: 2168 Name "thunderbird.exe" ThreadCount 23
20:3:54:390 2880 ScanThread: Thread 3372 base addr: BA4A50
20:3:54:703 2880 ScanThread: Thread 3120 base addr: 40DA1F
20:3:54:796 2880 ScanThread: Thread 3920 base addr: 78132C50
20:3:54:828 2880 ScanThread: Thread 2232 base addr: 719DD2C6
20:3:54:843 2880 ScanThread: Thread 296 base addr: 78132C50
20:3:54:843 2880 ScanThread: Thread 3212 base addr: 78132C50
20:3:54:843 2880 ScanThread: Thread 3216 base addr: 78132C50
20:3:54:859 2880 ScanThread: Thread 2704 base addr: 78132C50
20:3:54:859 2880 ScanThread: Thread 3412 base addr: 78132C50
20:3:54:859 2880 ScanThread: Thread 4008 base addr: 78132C50
20:3:54:875 2880 ScanThread: Thread 3488 base addr: 78132C50
20:3:54:875 2880 ScanThread: Thread 3084 base addr: 78132C50
20:3:54:875 2880 ScanThread: Thread 3080 base addr: 78132C50
20:3:54:890 2880 ScanThread: Thread 816 base addr: 78132C50
20:3:54:890 2880 ScanThread: Thread 3252 base addr: 72C930E8
20:3:54:890 2880 ScanThread: Thread 3912 base addr: 76AF4DCA
20:3:54:890 2880 ScanThread: Thread 3004 base addr: 78132C50
20:3:54:890 2880 ScanThread: Thread 1616 base addr: 78132C50
20:3:54:906 2880 ScanThread: Thread 3292 base addr: 78132C50
20:3:54:906 2880 ScanThread: Thread 3832 base addr: 160F64
20:3:54:953 2880 ScanThread: Thread 1224 base addr: 161B22
20:3:54:953 2880 ScanThread: Thread 2020 base addr: 78132C50
20:3:54:953 2880 ScanThread: Thread 3712 base addr: 78132C50
20:3:54:953 2880 KillThreads: Scan process PID: 3064 Name "firefox.exe" ThreadCount 18
20:3:54:953 2880 ScanThread: Thread 2600 base addr: 401840
20:3:55:0 2880 ScanThread: Thread 3272 base addr: 1025D7E7
20:3:55:296 2880 ScanThread: Thread 660 base addr: 78132C50
20:3:55:328 2880 ScanThread: Thread 2816 base addr: 78132C50
20:3:55:328 2880 ScanThread: Thread 728 base addr: 78132C50
20:3:55:343 2880 ScanThread: Thread 3396 base addr: 78132C50
20:3:55:343 2880 ScanThread: Thread 2380 base addr: 78132C50
20:3:55:343 2880 ScanThread: Thread 2620 base addr: 78132C50
20:3:55:359 2880 ScanThread: Thread 1168 base addr: 78132C50
20:3:55:359 2880 ScanThread: Thread 3828 base addr: 78132C50
20:3:55:359 2880 ScanThread: Thread 3608 base addr: 78132C50
20:3:55:375 2880 ScanThread: Thread 2348 base addr: 72C930E8
20:3:55:375 2880 ScanThread: Thread 336 base addr: 78132C50
20:3:55:375 2880 ScanThread: Thread 2932 base addr: 76AF4DCA
20:3:55:375 2880 ScanThread: Thread 4016 base addr: 76B0AEAF
20:3:55:375 2880 ScanThread: Thread 2800 base addr: 7C927EDB
20:3:55:390 2880 ScanThread: Thread 3428 base addr: 162E07
20:3:55:421 2880 ScanThread: Thread 2356 base addr: 162E05
20:3:55:421 2880 KillThreads: Scan process PID: 3552 Name "winamp.exe" ThreadCount 20
20:3:55:421 2880 ScanThread: Thread 3956 base addr: 488B5B
20:3:55:468 2880 ScanThread: Thread 872 base addr: 4570DA
20:3:55:484 2880 ScanThread: Thread 2916 base addr: 463E82
20:3:55:500 2880 ScanThread: Thread 2760 base addr: 463E82
20:3:55:500 2880 ScanThread: Thread 1988 base addr: 464777
20:3:55:515 2880 ScanThread: Thread 2712 base addr: 436659
20:3:55:531 2880 ScanThread: Thread 3616 base addr: 72C930E8
20:3:55:531 2880 ScanThread: Thread 2852 base addr: 463E82
20:3:55:546 2880 ScanThread: Thread 1084 base addr: 463E82
20:3:55:562 2880 ScanThread: Thread 3848 base addr: 774BE43B
20:3:55:562 2880 ScanThread: Thread 3160 base addr: E522C7F
20:3:55:578 2880 ScanThread: Thread 3124 base addr: 7C7E06F9
20:3:55:593 2880 ScanThread: Thread 3612 base addr: 7C927EDB
20:3:55:593 2880 ScanThread: Thread 1308 base addr: 40CCDE9E
20:3:55:609 2880 ScanThread: Thread 3196 base addr: 78556E5
20:3:55:625 2880 ScanThread: Thread 3736 base addr: 73E8B2A1
20:3:55:640 2880 ScanThread: Thread 1388 base addr: 73E8B2A1
20:3:55:640 2880 ScanThread: Thread 3556 base addr: 463E82
20:3:55:656 2880 ScanThread: Thread 1400 base addr: 463E82
20:3:55:671 2880 ScanThread: Thread 3676 base addr: 77548E6
20:3:55:671 2880 KillThreads: Scan process PID: 3836 Name "ZBotKiller.exe" ThreadCount 1
20:3:55:671 2880 KillThreads: Current thread, skipping...
20:3:55:671 2880
20:3:55:671 2880 Scanning Hooks ...
20:3:55:796 2880 ScanProcess: OpenProcess (PID 0) error 87
20:3:55:796 2880 ScanProcess: CreateToolhelp32Snapshot(PID: 4) error 8
20:3:55:812 2880 Process 624: Module smss.exe:
20:3:55:828 2880 Process 624: Module ntdll.dll:
20:3:55:843 2880 Process 672: Module csrss.exe:
20:3:55:859 2880 Process 672: Module ntdll.dll:
20:3:55:859 2880 Process 672: Module CSRSRV.dll:
20:3:55:875 2880 Process 672: Module basesrv.dll:
20:3:55:875 2880 Process 672: Module winsrv.dll:
20:3:55:890 2880 Process 672: Module GDI32.dll:
20:3:55:906 2880 Process 672: Module KERNEL32.dll:
20:3:55:921 2880 Process 672: Module USER32.dll:
20:3:55:937 2880 Process 672: Module LPK.DLL:
20:3:55:968 2880 Process 672: Module USP10.dll:
20:3:55:968 2880 Process 672: Module ADVAPI32.dll:
20:3:55:968 2880 Process 672: Module RPCRT4.dll:
20:3:55:968 2880 Process 672: Module Secur32.dll:
20:3:56:31 2880 Process 672: Module sxs.dll:
20:3:56:31 2880 Process 672: Module Apphelp.dll:
20:3:56:46 2880 Process 672: Module VERSION.dll:
20:3:56:62 2880 Process 704: Module winlogon.exe:
20:3:56:62 2880 Process 704: Module ntdll.dll:
20:3:56:62 2880 Process 704: Module kernel32.dll:
20:3:56:78 2880 Process 704: Module ADVAPI32.dll:
20:3:56:93 2880 Process 704: Module RPCRT4.dll:
20:3:56:93 2880 Process 704: Module Secur32.dll:
20:3:56:93 2880 Process 704: Module AUTHZ.dll:
20:3:56:93 2880 Process 704: Module msvcrt.dll:
20:3:56:140 2880 Process 704: Module CRYPT32.dll:
20:3:56:156 2880 Process 704: Module MSASN1.dll:
20:3:56:156 2880 Process 704: Module USER32.dll:
20:3:56:171 2880 Process 704: Module GDI32.dll:
20:3:56:171 2880 Process 704: Module NDdeApi.dll:
20:3:56:187 2880 Process 704: Module PROFMAP.dll:
20:3:56:203 2880 Process 704: Module NETAPI32.dll:
20:3:56:203 2880 Process 704: Module USERENV.dll:
20:3:56:218 2880 Process 704: Module PSAPI.DLL:
20:3:56:234 2880 Process 704: Module REGAPI.dll:
20:3:56:265 2880 Process 704: Module SETUPAPI.dll:
20:3:56:265 2880 Process 704: Module VERSION.dll:
20:3:56:281 2880 Process 704: Module WINSTA.dll:
20:3:56:312 2880 Process 704: Module WINTRUST.dll:
20:3:56:328 2880 Process 704: Module IMAGEHLP.dll:
20:3:56:343 2880 Process 704: Module WS2_32.dll:
20:3:56:359 2880 Process 704: Module WS2HELP.dll:
20:3:56:359 2880 Process 704: Module IMM32.DLL:
20:3:56:375 2880 Process 704: Module LPK.DLL:
20:3:56:390 2880 Process 704: Module USP10.dll:
20:3:56:406 2880 Process 704: Module MSGINA.dll:
20:3:56:453 2880 Process 704: Module COMCTL32.dll:
20:3:56:468 2880 Process 704: Module ODBC32.dll:
20:3:56:484 2880 Process 704: Module comdlg32.dll:
20:3:56:640 2880 Process 704: Module SHELL32.dll:
20:3:56:640 2880 Process 704: Module SHLWAPI.dll:
20:3:56:671 2880 Process 704: Module comctl32.dll:
20:3:56:687 2880 Process 704: Module odbcint.dll:
20:3:56:687 2880 Process 704: Module SHSVCS.dll:
20:3:56:718 2880 Process 704: Module sfc.dll:
20:3:56:718 2880 Process 704: Module sfc_os.dll:
20:3:56:734 2880 Process 704: Module ole32.dll:
20:3:56:750 2880 Process 704: Module Apphelp.dll:
20:3:56:796 2880 Process 704: Module msctfime.ime:
20:3:56:812 2880 Process 704: Module WINSCARD.DLL:
20:3:56:843 2880 Process 704: Module WTSAPI32.dll:
20:3:56:859 2880 Process 704: Module sxs.dll:
20:3:56:875 2880 Process 704: Module uxtheme.dll:
20:3:56:875 2880 Process 704: Module WINMM.dll:
20:3:56:906 2880 Process 704: Module SYNCOR11.DLL:
20:3:56:906 2880 Process 704: Module Ati2evxx.dll:
20:3:56:953 2880 Process 704: Module OLEAUT32.dll:
20:3:56:953 2880 Process 704: Module cscdll.dll:
20:3:56:984 2880 Process 704: Module dimsntfy.dll:
20:3:57:0 2880 Process 704: Module WlNotify.dll:
20:3:57:0 2880 Process 704: Module MPR.dll:
20:3:57:15 2880 Process 704: Module WINSPOOL.DRV:
20:3:57:31 2880 Process 704: Module rsaenh.dll:
20:3:57:46 2880 Process 704: Module SAMLIB.dll:
20:3:57:62 2880 Process 704: Module cscui.dll:
20:3:57:78 2880 Process 704: Module MPRAPI.dll:
20:3:57:109 2880 Process 704: Module ACTIVEDS.dll:
20:3:57:109 2880 Process 704: Module adsldpc.dll:
20:3:57:156 2880 Process 704: Module WLDAP32.dll:
20:3:57:156 2880 Process 704: Module ATL.DLL:
20:3:57:171 2880 Process 704: Module rtutils.dll:
20:3:57:234 2880 Process 704: Module xpsp2res.dll:
20:3:57:234 2880 Process 704: Module NTMARTA.DLL:
20:3:57:250 2880 Process 704: Module msv1_0.dll:
20:3:57:250 2880 Process 704: Module cryptdll.dll:
20:3:57:265 2880 Process 704: Module iphlpapi.dll:
20:3:57:265 2880 Process 704: Module wdmaud.drv:
20:3:57:265 2880 Process 704: Module msacm32.drv:
20:3:57:281 2880 Process 704: Module MSACM32.dll:
20:3:57:281 2880 Process 704: Module midimap.dll:
20:3:57:312 2880 Process 704: Module COMRes.dll:
20:3:57:359 2880 Process 704: Module CLBCATQ.DLL:
20:3:57:359 2880 Process 752: Module services.exe:
20:3:57:359 2880 Process 752: Module ntdll.dll:
20:3:57:359 2880 Process 752: Module kernel32.dll:
20:3:57:359 2880 Process 752: Module ADVAPI32.dll:
20:3:57:375 2880 Process 752: Module RPCRT4.dll:
20:3:57:390 2880 Process 752: Module Secur32.dll:
20:3:57:390 2880 Process 752: Module msvcrt.dll:
20:3:57:390 2880 Process 752: Module NCObjAPI.DLL:
20:3:57:406 2880 Process 752: Module MSVCP60.dll:
20:3:57:421 2880 Process 752: Module SCESRV.dll:
20:3:57:421 2880 Process 752: Module AUTHZ.dll:
20:3:57:421 2880 Process 752: Module USER32.dll:
20:3:57:437 2880 Process 752: Module GDI32.dll:
20:3:57:437 2880 Process 752: Module USERENV.dll:
20:3:57:437 2880 Process 752: Module umpnpmgr.dll:
20:3:57:437 2880 Process 752: Module WINSTA.dll:
20:3:57:437 2880 Process 752: Module NETAPI32.dll:
20:3:57:468 2880 Process 752: Module ShimEng.dll:
20:3:57:468 2880 Process 752: Module AcAdProc.dll:
20:3:57:468 2880 Process 752: Module IMM32.DLL:
20:3:57:468 2880 Process 752: Module LPK.DLL:
20:3:57:468 2880 Process 752: Module USP10.dll:
20:3:57:468 2880 Process 752: Module Apphelp.dll:
20:3:57:468 2880 Process 752: Module VERSION.dll:
20:3:57:500 2880 Process 752: Module eventlog.dll:
20:3:57:500 2880 Process 752: Module PSAPI.DLL:
20:3:57:500 2880 Process 752: Module WS2_32.dll:
20:3:57:515 2880 Process 752: Module WS2HELP.dll:
20:3:57:515 2880 Process 752: Module wtsapi32.dll:
20:3:57:546 2880 Process 764: Module lsass.exe:
20:3:57:546 2880 Process 764: Module ntdll.dll:
20:3:57:546 2880 Process 764: Module kernel32.dll:
20:3:57:562 2880 Process 764: Module ADVAPI32.dll:
20:3:57:562 2880 Process 764: Module RPCRT4.dll:
20:3:57:562 2880 Process 764: Module Secur32.dll:
20:3:57:562 2880 Process 764: Module LSASRV.dll:
20:3:57:578 2880 Process 764: Module MPR.dll:
20:3:57:578 2880 Process 764: Module USER32.dll:
20:3:57:578 2880 Process 764: Module GDI32.dll:
20:3:57:578 2880 Process 764: Module MSASN1.dll:
20:3:57:593 2880 Process 764: Module msvcrt.dll:
20:3:57:593 2880 Process 764: Module NETAPI32.dll:
20:3:57:625 2880 Process 764: Module NTDSAPI.dll:
20:3:57:625 2880 Process 764: Module DNSAPI.dll:
20:3:57:625 2880 Process 764: Module WS2_32.dll:
20:3:57:625 2880 Process 764: Module WS2HELP.dll:
20:3:57:625 2880 Process 764: Module WLDAP32.dll:
20:3:57:640 2880 Process 764: Module SAMLIB.dll:
20:3:57:656 2880 Process 764: Module SAMSRV.dll:
20:3:57:656 2880 Process 764: Module cryptdll.dll:
20:3:57:656 2880 Process 764: Module ShimEng.dll:
20:3:57:703 2880 Process 764: Module AcGenral.DLL:
20:3:57:703 2880 Process 764: Module WINMM.dll:
20:3:57:703 2880 Process 764: Module ole32.dll:
20:3:57:718 2880 Process 764: Module OLEAUT32.dll:
20:3:57:718 2880 Process 764: Module MSACM32.dll:
20:3:57:718 2880 Process 764: Module VERSION.dll:
20:3:57:734 2880 Process 764: Module SHELL32.dll:
20:3:57:750 2880 Process 764: Module SHLWAPI.dll:
20:3:57:750 2880 Process 764: Module USERENV.dll:
20:3:57:750 2880 Process 764: Module UxTheme.dll:
20:3:57:750 2880 Process 764: Module IMM32.DLL:
20:3:57:750 2880 Process 764: Module LPK.DLL:
20:3:57:781 2880 Process 764: Module USP10.dll:
20:3:57:781 2880 Process 764: Module SYNCOR11.DLL:
20:3:57:781 2880 Process 764: Module comctl32.dll:
20:3:57:812 2880 Process 764: Module comctl32.dll:
20:3:57:828 2880 Process 764: Module msprivs.dll:
20:3:57:843 2880 Process 764: Module kerberos.dll:
20:3:57:843 2880 Process 764: Module msv1_0.dll:
20:3:57:843 2880 Process 764: Module iphlpapi.dll:
20:3:57:859 2880 Process 764: Module netlogon.dll:
20:3:57:875 2880 Process 764: Module w32time.dll:
20:3:57:875 2880 Process 764: Module MSVCP60.dll:
20:3:57:875 2880 Process 764: Module schannel.dll:
20:3:57:875 2880 Process 764: Module CRYPT32.dll:
20:3:57:890 2880 Process 764: Module wdigest.dll:
20:3:57:890 2880 Process 764: Module rsaenh.dll:
20:3:57:921 2880 Process 764: Module scecli.dll:
20:3:57:921 2880 Process 764: Module SETUPAPI.dll:
20:3:57:953 2880 Process 764: Module ipsecsvc.dll:
20:3:57:953 2880 Process 764: Module AUTHZ.dll:
20:3:57:968 2880 Process 764: Module oakley.DLL:
20:3:57:968 2880 Process 764: Module WINIPSEC.DLL:
20:3:57:984 2880 Process 764: Module mswsock.dll:
20:3:57:984 2880 Process 764: Module pstorsvc.dll:
20:3:58:0 2880 Process 764: Module hnetcfg.dll:
20:3:58:15 2880 Process 764: Module wshtcpip.dll:
20:3:58:31 2880 Process 764: Module psbase.dll:
20:3:58:46 2880 Process 764: Module dssenh.dll:
20:3:58:46 2880 Process 920: Module svchost.exe:
20:3:58:46 2880 Process 920: Module ntdll.dll:
20:3:58:46 2880 Process 920: Module kernel32.dll:
20:3:58:78 2880 Process 920: Module ADVAPI32.dll:
20:3:58:78 2880 Process 920: Module RPCRT4.dll:
20:3:58:93 2880 Process 920: Module Secur32.dll:
20:3:58:93 2880 Process 920: Module ShimEng.dll:
20:3:58:109 2880 Process 920: Module AcGenral.DLL:
20:3:58:109 2880 Process 920: Module USER32.dll:
20:3:58:109 2880 Process 920: Module GDI32.dll:
20:3:58:109 2880 Process 920: Module WINMM.dll:
20:3:58:125 2880 Process 920: Module ole32.dll:
20:3:58:125 2880 Process 920: Module msvcrt.dll:
20:3:58:125 2880 Process 920: Module OLEAUT32.dll:
20:3:58:125 2880 Process 920: Module MSACM32.dll:
20:3:58:125 2880 Process 920: Module VERSION.dll:
20:3:58:171 2880 Process 920: Module SHELL32.dll:
20:3:58:187 2880 Process 920: Module SHLWAPI.dll:
20:3:58:203 2880 Process 920: Module USERENV.dll:
20:3:58:203 2880 Process 920: Module UxTheme.dll:
20:3:58:203 2880 Process 920: Module IMM32.DLL:
20:3:58:203 2880 Process 920: Module LPK.DLL:
20:3:58:203 2880 Process 920: Module USP10.dll:
20:3:58:203 2880 Process 920: Module SYNCOR11.DLL:
20:3:58:203 2880 Process 920: Module comctl32.dll:
20:3:58:218 2880 Process 920: Module comctl32.dll:
20:3:58:218 2880 Process 920: Module NTMARTA.DLL:
20:3:58:218 2880 Process 920: Module SAMLIB.dll:
20:3:58:218 2880 Process 920: Module WLDAP32.dll:
20:3:58:281 2880 Process 920: Module rpcss.dll:
20:3:58:281 2880 Process 920: Module WS2_32.dll:
20:3:58:281 2880 Process 920: Module WS2HELP.dll:
20:3:58:281 2880 Process 920: Module xpsp2res.dll:
20:3:58:281 2880 Process 920: Module CLBCATQ.DLL:
20:3:58:296 2880 Process 920: Module COMRes.dll:
20:3:58:296 2880 Process 920: Module termsrv.dll:
20:3:58:343 2880 Process 920: Module ICAAPI.dll:
20:3:58:343 2880 Process 920: Module SETUPAPI.dll:
20:3:58:343 2880 Process 920: Module WINTRUST.dll:
20:3:58:359 2880 Process 920: Module CRYPT32.dll:
20:3:58:359 2880 Process 920: Module MSASN1.dll:
20:3:58:359 2880 Process 920: Module IMAGEHLP.dll:
20:3:58:359 2880 Process 920: Module AUTHZ.dll:
20:3:58:453 2880 Process 920: Module mstlsapi.dll:
20:3:58:453 2880 Process 920: Module ACTIVEDS.dll:
20:3:58:453 2880 Process 920: Module adsldpc.dll:
20:3:58:453 2880 Process 920: Module NETAPI32.dll:
20:3:58:468 2880 Process 920: Module ATL.DLL:
20:3:58:468 2880 Process 920: Module REGAPI.dll:
20:3:58:468 2880 Process 920: Module rsaenh.dll:
20:3:58:468 2880 Process 920: Module Apphelp.dll:
20:3:58:468 2880 Process 920: Module WTSAPI32.dll:
20:3:58:468 2880 Process 920: Module WINSTA.dll:
20:3:58:468 2880 Process 920: Module msv1_0.dll:
20:3:58:468 2880 Process 920: Module cryptdll.dll:
20:3:58:468 2880 Process 920: Module iphlpapi.dll:
20:3:58:468 2880 Process 996: Module svchost.exe:
20:3:58:468 2880 Process 996: Module ntdll.dll:
20:3:58:484 2880 Process 996: Module kernel32.dll:
20:3:58:484 2880 Process 996: Module ADVAPI32.dll:
20:3:58:484 2880 Process 996: Module RPCRT4.dll:
20:3:58:515 2880 Process 996: Module Secur32.dll:
20:3:58:515 2880 Process 996: Module ShimEng.dll:
20:3:58:515 2880 Process 996: Module AcGenral.DLL:
20:3:58:531 2880 Process 996: Module USER32.dll:
20:3:58:531 2880 Process 996: Module GDI32.dll:
20:3:58:531 2880 Process 996: Module WINMM.dll:
20:3:58:531 2880 Process 996: Module ole32.dll:
20:3:58:531 2880 Process 996: Module msvcrt.dll:
20:3:58:546 2880 Process 996: Module OLEAUT32.dll:
20:3:58:546 2880 Process 996: Module MSACM32.dll:
20:3:58:546 2880 Process 996: Module VERSION.dll:
20:3:58:562 2880 Process 996: Module SHELL32.dll:
20:3:58:562 2880 Process 996: Module SHLWAPI.dll:
20:3:58:578 2880 Process 996: Module USERENV.dll:
20:3:58:578 2880 Process 996: Module UxTheme.dll:
20:3:58:578 2880 Process 996: Module IMM32.DLL:
20:3:58:578 2880 Process 996: Module LPK.DLL:
20:3:58:578 2880 Process 996: Module USP10.dll:
20:3:58:578 2880 Process 996: Module SYNCOR11.DLL:
20:3:58:593 2880 Process 996: Module comctl32.dll:
20:3:58:609 2880 Process 996: Module comctl32.dll:
20:3:58:609 2880 Process 996: Module rpcss.dll:
20:3:58:609 2880 Process 996: Module WS2_32.dll:
20:3:58:609 2880 Process 996: Module WS2HELP.dll:
20:3:58:625 2880 Process 996: Module xpsp2res.dll:
20:3:58:625 2880 Process 996: Module rsaenh.dll:
20:3:58:625 2880 Process 996: Module mswsock.dll:
20:3:58:625 2880 Process 996: Module hnetcfg.dll:
20:3:58:625 2880 Process 996: Module wshtcpip.dll:
20:3:58:625 2880 Process 996: Module DNSAPI.dll:
20:3:58:625 2880 Process 996: Module iphlpapi.dll:
20:3:58:656 2880 Process 996: Module winrnr.dll:
20:3:58:656 2880 Process 996: Module WLDAP32.dll:
20:3:58:656 2880 Process 996: Module rasadhlp.dll:
20:3:58:656 2880 Process 996: Module CLBCATQ.DLL:
20:3:58:656 2880 Process 996: Module COMRes.dll:
20:3:58:796 2880 Process 996: Module msi.dll:
20:3:58:796 2880 Process 1092: Module svchost.exe:
20:3:58:796 2880 Process 1092: Module ntdll.dll:
20:3:58:796 2880 Process 1092: Module kernel32.dll:
20:3:58:812 2880 Process 1092: Module ADVAPI32.dll:
20:3:58:812 2880 Process 1092: Module RPCRT4.dll:
20:3:58:812 2880 Process 1092: Module Secur32.dll:
20:3:58:812 2880 Process 1092: Module ShimEng.dll:
20:3:58:828 2880 Process 1092: Module AcGenral.DLL:
20:3:58:843 2880 Process 1092: Module USER32.dll:
20:3:58:843 2880 Process 1092: Module GDI32.dll:
20:3:58:843 2880 Process 1092: Module WINMM.dll:
20:3:58:859 2880 Process 1092: Module ole32.dll:
20:3:58:859 2880 Process 1092: Module msvcrt.dll:
20:3:58:875 2880 Process 1092: Module OLEAUT32.dll:
20:3:58:875 2880 Process 1092: Module MSACM32.dll:
20:3:58:875 2880 Process 1092: Module VERSION.dll:
20:3:58:921 2880 Process 1092: Module SHELL32.dll:
20:3:58:937 2880 Process 1092: Module SHLWAPI.dll:
20:3:58:937 2880 Process 1092: Module USERENV.dll:
20:3:58:937 2880 Process 1092: Module UxTheme.dll:
20:3:58:937 2880 Process 1092: Module IMM32.DLL:
20:3:58:953 2880 Process 1092: Module LPK.DLL:
20:3:58:968 2880 Process 1092: Module USP10.dll:
20:3:58:984 2880 Process 1092: Module SYNCOR11.DLL:
20:3:58:984 2880 Process 1092: Module comctl32.dll:
20:3:58:984 2880 Process 1092: Module comctl32.dll:
20:3:58:984 2880 Process 1092: Module NTMARTA.DLL:
20:3:58:984 2880 Process 1092: Module SAMLIB.dll:
20:3:58:984 2880 Process 1092: Module WLDAP32.dll:
20:3:59:0 2880 Process 1092: Module xpsp2res.dll:
20:3:59:0 2880 Process 1092: Module shsvcs.dll:
20:3:59:0 2880 Process 1092: Module WINSTA.dll:
20:3:59:0 2880 Process 1092: Module NETAPI32.dll:
20:3:59:0 2880 Process 1092: Module rsaenh.dll:
20:3:59:0 2880 Process 1092: Module dhcpcsvc.dll:
20:3:59:0 2880 Process 1092: Module DNSAPI.dll:
20:3:59:0 2880 Process 1092: Module WS2_32.dll:
20:3:59:0 2880 Process 1092: Module WS2HELP.dll:
20:3:59:0 2880 Process 1092: Module iphlpapi.dll:
20:3:59:15 2880 Process 1092: Module mswsock.dll:
20:3:59:15 2880 Process 1092: Module hnetcfg.dll:
20:3:59:46 2880 Process 1092: Module wshtcpip.dll:
20:3:59:93 2880 Process 1092: Module wzcsvc.dll:
20:3:59:93 2880 Process 1092: Module rtutils.dll:
20:3:59:93 2880 Process 1092: Module WMI.dll:
20:3:59:109 2880 Process 1092: Module CRYPT32.dll:
20:3:59:109 2880 Process 1092: Module MSASN1.dll:
20:3:59:109 2880 Process 1092: Module EapolQec.dll:
20:3:59:109 2880 Process 1092: Module ATL.DLL:
20:3:59:109 2880 Process 1092: Module QUtil.dll:
20:3:59:125 2880 Process 1092: Module MSVCP60.dll:
20:3:59:125 2880 Process 1092: Module dot3api.dll:
20:3:59:125 2880 Process 1092: Module WTSAPI32.dll:
20:3:59:171 2880 Process 1092: Module ESENT.dll:
20:3:59:171 2880 Process 1092: Module CLBCATQ.DLL:
20:3:59:171 2880 Process 1092: Module COMRes.dll:
20:3:59:218 2880 Process 1092: Module rastls.dll:
20:3:59:234 2880 Process 1092: Module CRYPTUI.dll:
20:3:59:250 2880 Process 1092: Module WININET.dll:
20:3:59:312 2880 Process 1092: Module Normaliz.dll:
20:3:59:343 2880 Process 1092: Module urlmon.dll:
20:3:59:390 2880 Process 1092: Module iertutil.dll:
20:3:59:390 2880 Process 1092: Module WINTRUST.dll:
20:3:59:390 2880 Process 1092: Module IMAGEHLP.dll:
20:3:59:390 2880 Process 1092: Module MPRAPI.dll:
20:3:59:390 2880 Process 1092: Module ACTIVEDS.dll:
20:3:59:390 2880 Process 1092: Module adsldpc.dll:
20:3:59:390 2880 Process 1092: Module SETUPAPI.dll:
20:3:59:437 2880 Process 1092: Module RASAPI32.dll:
20:3:59:453 2880 Process 1092: Module rasman.dll:
20:3:59:453 2880 Process 1092: Module TAPI32.dll:
20:3:59:453 2880 Process 1092: Module SCHANNEL.dll:
20:3:59:453 2880 Process 1092: Module WinSCard.dll:
20:3:59:453 2880 Process 1092: Module PSAPI.DLL:
20:3:59:468 2880 Process 1092: Module raschap.dll:
20:3:59:468 2880 Process 1092: Module msv1_0.dll:
20:3:59:484 2880 Process 1092: Module cryptdll.dll:
20:3:59:484 2880 Process 1092: Module schedsvc.dll:
20:3:59:500 2880 Process 1092: Module NTDSAPI.dll:
20:3:59:500 2880 Process 1092: Module MSIDLE.DLL:
20:3:59:515 2880 Process 1092: Module audiosrv.dll:
20:3:59:531 2880 Process 1092: Module wkssvc.dll:
20:3:59:546 2880 Process 1092: Module cryptsvc.dll:
20:3:59:578 2880 Process 1092: Module certcli.dll:
20:3:59:578 2880 Process 1092: Module es.dll:
20:3:59:593 2880 Process 1092: Module ersvc.dll:
20:3:59:609 2880 Process 1092: Module pchsvc.dll:
20:3:59:609 2880 Process 1092: Module hidserv.dll:
20:3:59:625 2880 Process 1092: Module HID.DLL:
20:3:59:625 2880 Process 1092: Module srvsvc.dll:
20:3:59:656 2880 Process 1092: Module netman.dll:
20:3:59:703 2880 Process 1092: Module netshell.dll:
20:3:59:750 2880 Process 1092: Module credui.dll:
20:3:59:765 2880 Process 1092: Module dot3dlg.dll:
20:3:59:796 2880 Process 1092: Module OneX.DLL:
20:3:59:812 2880 Process 1092: Module eappcfg.dll:
20:3:59:859 2880 Process 1092: Module eappprxy.dll:
20:3:59:890 2880 Process 1092: Module WZCSAPI.DLL:
20:3:59:921 2880 Process 1092: Module srsvc.dll:
20:3:59:937 2880 Process 1092: Module POWRPROF.dll:
20:3:59:953 2880 Process 1092: Module sens.dll:
20:3:59:968 2880 Process 1092: Module seclogon.dll:
20:3:59:968 2880 Process 1092: Module SXS.DLL:
20:3:59:984 2880 Process 1092: Module trkwks.dll:
20:3:59:984 2880 Process 1092: Module w32time.dll:
20:4:0:0 2880 Process 1092: Module wmisvc.dll:
20:4:0:15 2880 Process 1092: Module VSSAPI.DLL:
20:4:0:31 2880 Process 1092: Module wuauserv.dll:
20:4:0:93 2880 Process 1092: Module wuaueng.dll:
20:4:0:93 2880 Process 1092: Module WINSPOOL.DRV:
20:4:0:109 2880 Process 1092: Module WINHTTP.dll:
20:4:0:109 2880 Process 1092: Module Cabinet.dll:
20:4:0:140 2880 Process 1092: Module mspatcha.dll:
20:4:0:156 2880 Process 1092: Module sfc.dll:
20:4:0:156 2880 Process 1092: Module sfc_os.dll:
20:4:0:234 2880 Process 1092: Module comsvcs.dll:
20:4:0:250 2880 Process 1092: Module colbact.DLL:
20:4:0:250 2880 Process 1092: Module MTXCLU.DLL:
20:4:0:265 2880 Process 1092: Module WSOCK32.dll:
20:4:0:265 2880 Process 1092: Module CLUSAPI.DLL:
20:4:0:281 2880 Process 1092: Module RESUTILS.DLL:
20:4:0:281 2880 Process 1092: Module Apphelp.dll:
20:4:0:296 2880 Process 1092: Module ipnathlp.dll:
20:4:0:296 2880 Process 1092: Module AUTHZ.dll:
20:4:0:328 2880 Process 1092: Module wbemcore.dll:
20:4:0:343 2880 Process 1092: Module esscli.dll:
20:4:0:359 2880 Process 1092: Module wbemcomn.dll:
20:4:0:375 2880 Process 1092: Module FastProx.dll:
20:4:0:390 2880 Process 1092: Module upnp.dll:
20:4:0:390 2880 Process 1092: Module SSDPAPI.dll:
20:4:0:406 2880 Process 1092: Module wmiutils.dll:
20:4:0:421 2880 Process 1092: Module repdrvfs.dll:
20:4:0:437 2880 Process 1092: Module rasadhlp.dll:
20:4:0:453 2880 Process 1092: Module wmiprvsd.dll:
20:4:0:453 2880 Process 1092: Module NCObjAPI.DLL:
20:4:0:468 2880 Process 1092: Module wbemess.dll:
20:4:0:593 2880 Process 1092: Module netcfgx.dll:
20:4:0:625 2880 Process 1092: Module msi.dll:
20:4:0:640 2880 Process 1092: Module rasmans.dll:
20:4:0:640 2880 Process 1092: Module WINIPSEC.DLL:
20:4:0:656 2880 Process 1092: Module tapisrv.dll:
20:4:0:656 2880 Process 1092: Module rastapi.dll:
20:4:0:656 2880 Process 1092: Module unimdm.tsp:
20:4:0:656 2880 Process 1092: Module uniplat.dll:
20:4:0:656 2880 Process 1092: Module kmddsp.tsp:
20:4:0:656 2880 Process 1092: Module ndptsp.tsp:
20:4:0:671 2880 Process 1092: Module ipconf.tsp:
20:4:0:671 2880 Process 1092: Module h323.tsp:
20:4:0:671 2880 Process 1092: Module hidphone.tsp:
20:4:0:671 2880 Process 1092: Module rasppp.dll:
20:4:0:671 2880 Process 1092: Module ntlsapi.dll:
20:4:0:687 2880 Process 1092: Module kerberos.dll:
20:4:0:687 2880 Process 1092: Module RASQEC.DLL:
20:4:0:718 2880 Process 1092: Module RASDLG.dll:
20:4:0:734 2880 Process 1092: Module browser.dll:
20:4:0:734 2880 Process 1092: Module ncprov.dll:
20:4:1:515 2880 Process 1092: Module msxml3.dll:
20:4:1:531 2880 Process 1092: Module advpack.dll:
20:4:1:531 2880 Process 1092: Module dssenh.dll:
20:4:1:593 2880 Process 1092: Module catsrvut.dll:
20:4:1:625 2880 Process 1092: Module catsrv.dll:
20:4:1:640 2880 Process 1092: Module MfcSubs.dll:
20:4:1:640 2880 Process 1092: Module MPR.dll:
20:4:1:656 2880 Process 1124: Module smc.exe:
20:4:1:656 2880 Process 1124: Module ntdll.dll:
20:4:1:671 2880 Process 1124: Module kernel32.dll:
20:4:1:671 2880 Process 1124: Module Trident.dll:
20:4:1:671 2880 Process 1124: Module tfman.dll:
20:4:1:687 2880 Process 1124: Module USER32.dll:
20:4:1:687 2880 Process 1124: Module GDI32.dll:
20:4:1:687 2880 Process 1124: Module ADVAPI32.dll:
20:4:1:687 2880 Process 1124: Module RPCRT4.dll:
20:4:1:687 2880 Process 1124: Module Secur32.dll:
20:4:1:687 2880 Process 1124: Module SHLWAPI.dll:
20:4:1:703 2880 Process 1124: Module msvcrt.dll:
20:4:1:703 2880 Process 1124: Module tse.dll:
20:4:1:781 2880 Process 1124: Module DataMan.dll:
20:4:1:796 2880 Process 1124: Module ole32.dll:
20:4:1:796 2880 Process 1124: Module OLEAUT32.dll:
20:4:1:875 2880 Process 1124: Module PSSensor.dll:
20:4:1:875 2880 Process 1124: Module SSSensor.dll:
20:4:1:875 2880 Process 1124: Module SpNet.dll:
20:4:1:875 2880 Process 1124: Module WS2_32.dll:
20:4:1:906 2880 Process 1124: Module WS2HELP.dll:
20:4:1:937 2880 Process 1124: Module SHELL32.dll:
20:4:1:937 2880 Process 1124: Module comdlg32.dll:
20:4:1:937 2880 Process 1124: Module COMCTL32.dll:
20:4:1:968 2880 Process 1124: Module WINSPOOL.DRV:
20:4:1:968 2880 Process 1124: Module VERSION.dll:
20:4:1:984 2880 Process 1124: Module IdsTrafficPipe.dll:
20:4:1:984 2880 Process 1124: Module wpsman.dll:
20:4:2:0 2880 Process 1124: Module wsman.dll:
20:4:2:15 2880 Process 1124: Module snmpapi.dll:
20:4:2:15 2880 Process 1124: Module wgman.dll:
20:4:2:15 2880 Process 1124: Module SyLog.dll:
20:4:2:15 2880 Process 1124: Module Netport.dll:
20:4:2:31 2880 Process 1124: Module WSOCK32.dll:
20:4:2:203 2880 Process 1124: Module SyLink.dll:
20:4:2:203 2880 Process 1124: Module NETAPI32.dll:
20:4:2:218 2880 Process 1124: Module WININET.dll:
20:4:2:218 2880 Process 1124: Module Normaliz.dll:
20:4:2:250 2880 Process 1124: Module urlmon.dll:
20:4:2:250 2880 Process 1124: Module iertutil.dll:
20:4:2:312 2880 Process 1124: Module oledlg.dll:
20:4:2:343 2880 Process 1124: Module OLEPRO32.DLL:
20:4:2:343 2880 Process 1124: Module IMM32.DLL:
20:4:2:343 2880 Process 1124: Module LPK.DLL:
20:4:2:359 2880 Process 1124: Module USP10.dll:
20:4:2:359 2880 Process 1124: Module uxtheme.dll:
20:4:2:406 2880 Process 1124: Module CLBCATQ.DLL:
20:4:2:421 2880 Process 1124: Module COMRes.dll:
20:4:2:421 2880 Process 1124: Module NTMARTA.DLL:
20:4:2:421 2880 Process 1124: Module SAMLIB.dll:
20:4:2:468 2880 Process 1124: Module WLDAP32.dll:
20:4:2:468 2880 Process 1124: Module PsApi.dll:
20:4:2:468 2880 Process 1124: Module iphlpapi.dll:
20:4:2:468 2880 Process 1124: Module rasapi32.dll:
20:4:2:468 2880 Process 1124: Module rasman.dll:
20:4:2:468 2880 Process 1124: Module TAPI32.dll:
20:4:2:468 2880 Process 1124: Module rtutils.dll:
20:4:2:468 2880 Process 1124: Module WINMM.dll:
20:4:2:468 2880 Process 1124: Module SYNCOR11.DLL:
20:4:2:468 2880 Process 1124: Module MPRAPI.dll:
20:4:2:468 2880 Process 1124: Module ACTIVEDS.dll:
20:4:2:484 2880 Process 1124: Module adsldpc.dll:
20:4:2:484 2880 Process 1124: Module ATL.DLL:
20:4:2:484 2880 Process 1124: Module SETUPAPI.dll:
20:4:2:484 2880 Process 1124: Module mswsock.dll:
20:4:2:484 2880 Process 1124: Module hnetcfg.dll:
20:4:2:484 2880 Process 1124: Module wshtcpip.dll:
20:4:2:531 2880 Process 1124: Module CRYPT32.dll:
20:4:2:531 2880 Process 1124: Module MSASN1.dll:
20:4:2:531 2880 Process 1124: Module rsaenh.dll:
20:4:2:531 2880 Process 1124: Module xpsp2res.dll:
20:4:2:546 2880 Process 1124: Module userenv.dll:
20:4:2:578 2880 Process 1124: Module cryptnet.dll:
20:4:2:625 2880 Process 1124: Module SensApi.dll:
20:4:2:640 2880 Process 1124: Module WINHTTP.dll:
20:4:2:687 2880 Process 1124: Module DNSAPI.dll:
20:4:2:687 2880 Process 1124: Module rasadhlp.dll:
20:4:2:796 2880 Process 1124: Module VDMDBG.DLL:
20:4:2:796 2880 Process 1124: Module winrnr.dll:
20:4:2:796 2880 Process 1124: Module msctfime.ime:
20:4:2:875 2880 Process 1124: Module RICHED32.DLL:
20:4:3:0 2880 Process 1124: Module RICHED20.dll:
20:4:3:0 2880 Process 1124: Module msv1_0.dll:
20:4:3:0 2880 Process 1124: Module cryptdll.dll:
20:4:3:46 2880 Process 1312: Module svchost.exe:
20:4:3:93 2880 Process 1312: Module ntdll.dll:
20:4:3:93 2880 Process 1312: Module kernel32.dll:
20:4:3:109 2880 Process 1312: Module ADVAPI32.dll:
20:4:3:125 2880 Process 1312: Module RPCRT4.dll:
20:4:3:140 2880 Process 1312: Module Secur32.dll:
20:4:3:156 2880 Process 1312: Module ShimEng.dll:
20:4:3:171 2880 Process 1312: Module AcGenral.DLL:
20:4:3:187 2880 Process 1312: Module USER32.dll:
20:4:3:187 2880 Process 1312: Module GDI32.dll:
20:4:3:203 2880 Process 1312: Module WINMM.dll:
20:4:3:218 2880 Process 1312: Module ole32.dll:
20:4:3:218 2880 Process 1312: Module msvcrt.dll:
20:4:3:234 2880 Process 1312: Module OLEAUT32.dll:
20:4:3:250 2880 Process 1312: Module MSACM32.dll:
20:4:3:250 2880 Process 1312: Module VERSION.dll:
20:4:3:312 2880 Process 1312: Module SHELL32.dll:
20:4:3:312 2880 Process 1312: Module SHLWAPI.dll:
20:4:3:312 2880 Process 1312: Module USERENV.dll:
20:4:3:312 2880 Process 1312: Module UxTheme.dll:
20:4:3:312 2880 Process 1312: Module IMM32.DLL:
20:4:3:328 2880 Process 1312: Module LPK.DLL:
20:4:3:328 2880 Process 1312: Module USP10.dll:
20:4:3:328 2880 Process 1312: Module SYNCOR11.DLL:
20:4:3:328 2880 Process 1312: Module comctl32.dll:
20:4:3:328 2880 Process 1312: Module comctl32.dll:
20:4:3:328 2880 Process 1312: Module dnsrslvr.dll:
20:4:3:328 2880 Process 1312: Module DNSAPI.dll:
20:4:3:328 2880 Process 1312: Module WS2_32.dll:
20:4:3:328 2880 Process 1312: Module WS2HELP.dll:
20:4:3:328 2880 Process 1312: Module iphlpapi.dll:
20:4:3:328 2880 Process 1312: Module rsaenh.dll:
20:4:3:343 2880 Process 1312: Module mswsock.dll:
20:4:3:343 2880 Process 1312: Module hnetcfg.dll:
20:4:3:343 2880 Process 1312: Module wshtcpip.dll:
20:4:3:343 2880 Process 1480: Module svchost.exe:
20:4:3:343 2880 Process 1480: Module ntdll.dll:
20:4:3:359 2880 Process 1480: Module kernel32.dll:
20:4:3:359 2880 Process 1480: Module ADVAPI32.dll:
20:4:3:359 2880 Process 1480: Module RPCRT4.dll:
20:4:3:375 2880 Process 1480: Module Secur32.dll:
20:4:3:390 2880 Process 1480: Module ShimEng.dll:
20:4:3:390 2880 Process 1480: Module AcGenral.DLL:
20:4:3:390 2880 Process 1480: Module USER32.dll:
20:4:3:390 2880 Process 1480: Module GDI32.dll:
20:4:3:390 2880 Process 1480: Module WINMM.dll:
20:4:3:421 2880 Process 1480: Module ole32.dll:
20:4:3:421 2880 Process 1480: Module msvcrt.dll:
20:4:3:421 2880 Process 1480: Module OLEAUT32.dll:
20:4:3:421 2880 Process 1480: Module MSACM32.dll:
20:4:3:421 2880 Process 1480: Module VERSION.dll:
20:4:3:453 2880 Process 1480: Module SHELL32.dll:
20:4:3:453 2880 Process 1480: Module SHLWAPI.dll:
20:4:3:453 2880 Process 1480: Module USERENV.dll:
20:4:3:468 2880 Process 1480: Module UxTheme.dll:
20:4:3:468 2880 Process 1480: Module IMM32.DLL:
20:4:3:468 2880 Process 1480: Module LPK.DLL:
20:4:3:468 2880 Process 1480: Module USP10.dll:
20:4:3:468 2880 Process 1480: Module SYNCOR11.DLL:
20:4:3:468 2880 Process 1480: Module comctl32.dll:
20:4:3:468 2880 Process 1480: Module comctl32.dll:
20:4:3:468 2880 Process 1480: Module NTMARTA.DLL:
20:4:3:468 2880 Process 1480: Module SAMLIB.dll:
20:4:3:484 2880 Process 1480: Module WLDAP32.dll:
20:4:3:484 2880 Process 1480: Module xpsp2res.dll:
20:4:3:484 2880 Process 1480: Module lmhsvc.dll:
20:4:3:484 2880 Process 1480: Module iphlpapi.dll:
20:4:3:484 2880 Process 1480: Module WS2_32.dll:
20:4:3:484 2880 Process 1480: Module WS2HELP.dll:
20:4:3:484 2880 Process 1480: Module ssdpsrv.dll:
20:4:3:484 2880 Process 1480: Module hnetcfg.dll:
20:4:3:484 2880 Process 1480: Module CLBCATQ.DLL:
20:4:3:500 2880 Process 1480: Module COMRes.dll:
20:4:3:500 2880 Process 1480: Module mswsock.dll:
20:4:3:500 2880 Process 1480: Module wshtcpip.dll:
20:4:3:500 2880 Process 1788: Module Explorer.EXE:
20:4:3:515 2880 Process 1788: Module ntdll.dll:
20:4:3:515 2880 Process 1788: Module kernel32.dll:
20:4:3:515 2880 Process 1788: Module ADVAPI32.dll:
20:4:3:515 2880 Process 1788: Module RPCRT4.dll:
20:4:3:515 2880 Process 1788: Module Secur32.dll:
20:4:3:531 2880 Process 1788: Module BROWSEUI.dll:
20:4:3:531 2880 Process 1788: Module GDI32.dll:
20:4:3:531 2880 Process 1788: Module USER32.dll:
20:4:3:531 2880 Process 1788: Module msvcrt.dll:
20:4:3:531 2880 Process 1788: Module ole32.dll:
20:4:3:531 2880 Process 1788: Module SHLWAPI.dll:
20:4:3:531 2880 Process 1788: Module OLEAUT32.dll:
20:4:3:609 2880 Process 1788: Module SHDOCVW.dll:
20:4:3:625 2880 Process 1788: Module CRYPT32.dll:
20:4:3:625 2880 Process 1788: Module MSASN1.dll:
20:4:3:625 2880 Process 1788: Module CRYPTUI.dll:
20:4:3:625 2880 Process 1788: Module NETAPI32.dll:
20:4:3:640 2880 Process 1788: Module VERSION.dll:
20:4:3:640 2880 Process 1788: Module WININET.dll:
20:4:3:640 2880 Process 1788: Module Normaliz.dll:
20:4:3:656 2880 Process 1788: Module urlmon.dll:
20:4:3:656 2880 Process 1788: Module iertutil.dll:
20:4:3:656 2880 Process 1788: Module WINTRUST.dll:
20:4:3:656 2880 Process 1788: Module IMAGEHLP.dll:
20:4:3:656 2880 Process 1788: Module WLDAP32.dll:
20:4:3:687 2880 Process 1788: Module SHELL32.dll:
20:4:3:687 2880 Process 1788: Module UxTheme.dll:
20:4:3:703 2880 Process 1788: Module ShimEng.dll:
20:4:3:703 2880 Process 1788: Module AcGenral.DLL:
20:4:3:703 2880 Process 1788: Module WINMM.dll:
20:4:3:703 2880 Process 1788: Module MSACM32.dll:
20:4:3:718 2880 Process 1788: Module USERENV.dll:
20:4:3:718 2880 Process 1788: Module IMM32.DLL:
20:4:3:718 2880 Process 1788: Module LPK.DLL:
20:4:3:718 2880 Process 1788: Module USP10.dll:
20:4:3:718 2880 Process 1788: Module comctl32.dll:
20:4:3:734 2880 Process 1788: Module comctl32.dll:
20:4:3:734 2880 Process 1788: Module SYNCOR11.DLL:
20:4:3:734 2880 Process 1788: Module apphelp.dll:
20:4:3:734 2880 Process 1788: Module msctfime.ime:
20:4:3:750 2880 Process 1788: Module CLBCATQ.DLL:
20:4:3:765 2880 Process 1788: Module COMRes.dll:
20:4:3:765 2880 Process 1788: Module cscui.dll:
20:4:3:765 2880 Process 1788: Module CSCDLL.dll:
20:4:3:781 2880 Process 1788: Module themeui.dll:
20:4:3:796 2880 Process 1788: Module MSIMG32.dll:
20:4:3:796 2880 Process 1788: Module xpsp2res.dll:
20:4:3:812 2880 Process 1788: Module SSSensor.dll:
20:4:3:812 2880 Process 1788: Module SAMLIB.dll:
20:4:3:828 2880 Process 1788: Module msi.dll:
20:4:3:828 2880 Process 1788: Module SETUPAPI.dll:
20:4:3:875 2880 Process 1788: Module LINKINFO.dll:
20:4:3:875 2880 Process 1788: Module ntshrui.dll:
20:4:3:890 2880 Process 1788: Module ATL.DLL:
20:4:4:109 2880 Process 1788: Module ieframe.dll:
20:4:4:140 2880 Process 1788: Module MLANG.dll:
20:4:4:140 2880 Process 1788: Module rsaenh.dll:
20:4:4:156 2880 Process 1788: Module MSVCP60.DLL:
20:4:4:171 2880 Process 1788: Module MSCTF.dll:
20:4:4:187 2880 Process 1788: Module LgMsgHk.dll:
20:4:4:187 2880 Process 1788: Module RocketDock.dll:
20:4:4:187 2880 Process 1788: Module PSAPI.DLL:
20:4:4:203 2880 Process 1788: Module LgWndHk.dll:
20:4:4:203 2880 Process 1788: Module WINSTA.dll:
20:4:4:296 2880 Process 1788: Module webcheck.dll:
20:4:4:296 2880 Process 1788: Module stobject.dll:
20:4:4:328 2880 Process 1788: Module BatMeter.dll:
20:4:4:328 2880 Process 1788: Module POWRPROF.dll:
20:4:4:328 2880 Process 1788: Module WTSAPI32.dll:
20:4:4:328 2880 Process 1788: Module WPDShServiceObj.dll:
20:4:4:328 2880 Process 1788: Module WINHTTP.dll:
20:4:4:343 2880 Process 1788: Module mydocs.dll:
20:4:4:359 2880 Process 1788: Module PortableDeviceTypes.dll:
20:4:4:359 2880 Process 1788: Module PortableDeviceApi.dll:
20:4:4:359 2880 Process 1788: Module wdmaud.drv:
20:4:4:359 2880 Process 1788: Module msacm32.drv:
20:4:4:375 2880 Process 1788: Module midimap.dll:
20:4:4:375 2880 Process 1788: Module NETSHELL.dll:
20:4:4:375 2880 Process 1788: Module credui.dll:
20:4:4:375 2880 Process 1788: Module dot3api.dll:
20:4:4:375 2880 Process 1788: Module rtutils.dll:
20:4:4:375 2880 Process 1788: Module dot3dlg.dll:
20:4:4:390 2880 Process 1788: Module OneX.DLL:
20:4:4:390 2880 Process 1788: Module eappcfg.dll:
20:4:4:390 2880 Process 1788: Module eappprxy.dll:
20:4:4:390 2880 Process 1788: Module iphlpapi.dll:
20:4:4:390 2880 Process 1788: Module WS2_32.dll:
20:4:4:390 2880 Process 1788: Module WS2HELP.dll:
20:4:4:390 2880 Process 1788: Module MPR.dll:
20:4:4:437 2880 Process 1788: Module drprov.dll:
20:4:4:468 2880 Process 1788: Module ntlanman.dll:
20:4:4:484 2880 Process 1788: Module NETUI0.dll:
20:4:4:500 2880 Process 1788: Module NETUI1.dll:
20:4:4:515 2880 Process 1788: Module NETRAP.dll:
20:4:4:531 2880 Process 1788: Module davclnt.dll:
20:4:4:531 2880 Process 1788: Module iTchHk.dll:
20:4:6:593 2880 Process 1788: Module XCShInfo.dll:
20:4:6:640 2880 Process 1788: Module mscms.dll:
20:4:6:687 2880 Process 1788: Module WINSPOOL.DRV:
20:4:6:765 2880 Process 1788: Module MSNLNamespaceMgr.dll:
20:4:6:812 2880 Process 1788: Module browselc.dll:
20:4:6:890 2880 Process 1788: Module shdoclc.dll:
20:4:6:906 2880 Process 1788: Module MSGINA.dll:
20:4:6:937 2880 Process 1788: Module ODBC32.dll:
20:4:6:937 2880 Process 1788: Module comdlg32.dll:
20:4:6:953 2880 Process 1788: Module odbcint.dll:
20:4:6:953 2880 Process 1788: Module SXS.DLL:
20:4:7:0 2880 Process 1788: Module kbdhook.dll:
20:4:7:0 2880 Process 1788: Module cryptnet.dll:
20:4:7:0 2880 Process 1788: Module SensApi.dll:
20:4:7:0 2880 Process 1788: Module mswsock.dll:
20:4:7:31 2880 Process 1788: Module hnetcfg.dll:
20:4:7:31 2880 Process 1788: Module wshtcpip.dll:
20:4:7:31 2880 Process 1788: Module RASAPI32.DLL:
20:4:7:46 2880 Process 1788: Module rasman.dll:
20:4:7:46 2880 Process 1788: Module TAPI32.dll:
20:4:7:46 2880 Process 1788: Module msv1_0.dll:
20:4:7:93 2880 Process 1788: Module cryptdll.dll:
20:4:7:93 2880 Process 1788: Module DNSAPI.dll:
20:4:7:93 2880 Process 1788: Module rasadhlp.dll:
20:4:7:218 2880 Process 1788: Module wdsShell.dll:
20:4:7:265 2880 Process 1788: Module msnlExt.dll:
20:4:7:281 2880 Process 1788: Module msnlExtRes.dll.mui:
20:4:7:296 2880 Process 1788: Module msnlExtRes.dll:
20:4:7:421 2880 Process 1788: Module PROPSYS.dll:
20:4:7:437 2880 Process 1788: Module infosoft.dll:
20:4:7:500 2880 Process 1788: Module query.dll:
20:4:7:609 2880 Process 1788: Module mshtml.dll:
20:4:7:671 2880 Process 1788: Module msls31.dll:
20:4:7:687 2880 Process 1788: Module msxml3.dll:
20:4:7:687 2880 Process 1788: Module DDRAW.dll:
20:4:7:703 2880 Process 1788: Module DCIMAN32.dll:
20:4:7:718 2880 Process 1788: Module jscript.dll:
20:4:7:734 2880 Process 1788: Module msimtf.dll:
20:4:7:734 2880 Process 1788: Module gdiplus.dll:
20:4:7:796 2880 Process 1788: Module D3DIM700.DLL:
20:4:7:812 2880 Process 1788: Module MSDART.DLL:
20:4:7:859 2880 Process 1788: Module oledb32.dll:
20:4:7:875 2880 Process 1788: Module OLEDB32R.DLL:
20:4:7:906 2880 Process 1788: Module dfshim.dll:
20:4:7:921 2880 Process 1788: Module mscoree.dll:
20:4:7:953 2880 Process 1788: Module MSVCR80.dll:
20:4:8:140 2880 Process 1788: Module mscorwks.dll:
20:4:8:156 2880 Process 1788: Module msadp32.acm:
20:4:8:171 2880 Process 1788: Module rarext.dll:
20:4:8:187 2880 Process 1788: Module FlashRenHelper.dll:
20:4:8:218 2880 Process 1788: Module MSVBVM60.DLL:
20:4:8:234 2880 Process 1788: Module Mp3tagShell32.dll:
20:4:8:250 2880 Process 1788: Module mbamext.dll:
20:4:8:265 2880 Process 1788: Module ashShell.dll:
20:4:8:281 2880 Process 1788: Module MSCOMCTL.OCX:
20:4:8:296 2880 Process 1788: Module tquery.dll:
20:4:8:296 2880 Process 1788: Module msshsq.dll:
20:4:8:312 2880 Process 1788: Module mstime.dll:
20:4:8:328 2880 Process 1788: Module Dxtrans.dll:
20:4:8:328 2880 Process 1788: Module ddrawex.dll:
20:4:8:343 2880 Process 1788: Module Dxtmsft.dll:
20:4:8:359 2880 Process 1920: Module AvastSvc.exe:
20:4:8:359 2880 Process 1920: Module ntdll.dll:
20:4:8:359 2880 Process 1920: Module kernel32.dll:
20:4:8:359 2880 Process 1920: Module WS2_32.dll:
20:4:8:359 2880 Process 1920: Module ADVAPI32.dll:
20:4:8:375 2880 Process 1920: Module RPCRT4.dll:
20:4:8:390 2880 Process 1920: Module Secur32.dll:
20:4:8:390 2880 Process 1920: Module msvcrt.dll:
20:4:8:390 2880 Process 1920: Module WS2HELP.dll:
20:4:8:406 2880 Process 1920: Module aswCmnBS.dll:
20:4:8:421 2880 Process 1920: Module aswCmnOS.dll:
20:4:8:437 2880 Process 1920: Module aswCmnIS.dll:
20:4:8:437 2880 Process 1920: Module MSVCR90.dll:
20:4:8:437 2880 Process 1920: Module USER32.dll:
20:4:8:437 2880 Process 1920: Module GDI32.dll:
20:4:8:468 2880 Process 1920: Module MSVCP90.dll:
20:4:8:468 2880 Process 1920: Module IMM32.DLL:
20:4:8:484 2880 Process 1920: Module LPK.DLL:
20:4:8:484 2880 Process 1920: Module USP10.dll:
20:4:8:484 2880 Process 1920: Module ashServ.dll:
20:4:8:515 2880 Process 1920: Module aswAux.dll:
20:4:8:531 2880 Process 1920: Module WSOCK32.dll:
20:4:8:531 2880 Process 1920: Module aswEngLdr.dll:
20:4:8:546 2880 Process 1920: Module ashBase.dll:
20:4:8:546 2880 Process 1920: Module VERSION.dll:
20:4:8:562 2880 Process 1920: Module SHLWAPI.dll:
20:4:8:609 2880 Process 1920: Module SHELL32.dll:
20:4:8:625 2880 Process 1920: Module ashTask.dll:
20:4:8:640 2880 Process 1920: Module ashTaskEx.dll:
20:4:8:640 2880 Process 1920: Module aswLog.dll:
20:4:8:656 2880 Process 1920: Module aswSqLt.dll:
20:4:8:687 2880 Process 1920: Module aswProperty.dll:
20:4:8:734 2880 Process 1920: Module ole32.dll:
20:4:8:734 2880 Process 1920: Module Aavm4h.dll:
20:4:8:734 2880 Process 1920: Module AavmRpch.dll:
20:4:8:750 2880 Process 1920: Module aswIdle.dll:
20:4:8:765 2880 Process 1920: Module comctl32.dll:
20:4:8:781 2880 Process 1920: Module comctl32.dll:
20:4:8:796 2880 Process 1920: Module dbghelp.dll:
20:4:8:828 2880 Process 1920: Module Base.dll:
20:4:8:828 2880 Process 1920: Module Wtsapi32.dll:
20:4:8:828 2880 Process 1920: Module WINSTA.dll:
20:4:8:843 2880 Process 1920: Module NETAPI32.dll:
20:4:8:843 2880 Process 1920: Module AhResBhv.dll:
20:4:8:843 2880 Process 1920: Module AhResMai.dll:
20:4:8:859 2880 Process 1920: Module ahResMes.dll:
20:4:8:875 2880 Process 1920: Module AhResNS.dll:
20:4:8:875 2880 Process 1920: Module ahResP2P.dll:
20:4:8:875 2880 Process 1920: Module AhResStd.dll:
20:4:8:875 2880 Process 1920: Module AhResWS.dll:
20:4:8:890 2880 Process 1920: Module CLBCATQ.DLL:
20:4:8:890 2880 Process 1920: Module COMRes.dll:
20:4:8:890 2880 Process 1920: Module OLEAUT32.dll:
20:4:8:906 2880 Process 1920: Module xpsp2res.dll:
20:4:8:906 2880 Process 1920: Module uxtheme.dll:
20:4:8:921 2880 Process 1920: Module ashWebSv.dll:
20:4:8:921 2880 Process 1920: Module PSAPI.dll:
20:4:8:921 2880 Process 1920: Module mswsock.dll:
20:4:8:921 2880 Process 1920: Module DNSAPI.dll:
20:4:8:921 2880 Process 1920: Module winrnr.dll:
20:4:8:921 2880 Process 1920: Module WLDAP32.dll:
20:4:8:937 2880 Process 1920: Module rasadhlp.dll:
20:4:8:937 2880 Process 1920: Module hnetcfg.dll:
20:4:8:937 2880 Process 1920: Module wshtcpip.dll:
20:4:8:953 2880 Process 1920: Module security.dll:
20:4:8:953 2880 Process 1920: Module ashWsFtr.dll:
20:4:9:46 2880 Process 1920: Module aswEngin.dll:
20:4:9:78 2880 Process 1920: Module aswCmnOS.dll:
20:4:9:93 2880 Process 1920: Module aswCmnIS.dll:
20:4:9:125 2880 Process 1920: Module aswCmnBS.dll:
20:4:9:156 2880 Process 1920: Module aswScan.dll:
20:4:9:156 2880 LoadPeImageFromProcess: ReadProcessMemory(Base) error 299
20:4:9:156 2880 Process 1920: Module arPot.dll:
20:4:9:171 2880 Process 1920: Module Apphelp.dll:
20:4:9:171 2880 Process 1920: Module NTMARTA.DLL:
20:4:9:171 2880 Process 1920: Module SAMLIB.dll:
20:4:9:187 2880 Process 200: Module iTouch.exe:
20:4:9:187 2880 Process 200: Module ntdll.dll:
20:4:9:218 2880 Process 200: Module kernel32.dll:
20:4:9:218 2880 Process 200: Module WINMM.dll:
20:4:9:218 2880 Process 200: Module ADVAPI32.dll:
20:4:9:234 2880 Process 200: Module RPCRT4.dll:
20:4:9:234 2880 Process 200: Module Secur32.dll:
20:4:9:234 2880 Process 200: Module GDI32.dll:
20:4:9:250 2880 Process 200: Module USER32.dll:
20:4:9:250 2880 Process 200: Module VERSION.dll:
20:4:9:250 2880 Process 200: Module iTchHk.dll:
20:4:9:281 2880 Process 200: Module MFC71.DLL:
20:4:9:312 2880 Process 200: Module MSVCR71.dll:
20:4:9:328 2880 Process 200: Module SHLWAPI.dll:
20:4:9:328 2880 Process 200: Module msvcrt.dll:
20:4:9:328 2880 Process 200: Module comdlg32.dll:
20:4:9:343 2880 Process 200: Module COMCTL32.dll:
20:4:9:375 2880 Process 200: Module SHELL32.dll:
20:4:9:375 2880 Process 200: Module ole32.dll:
20:4:9:375 2880 Process 200: Module OLEAUT32.dll:
20:4:9:406 2880 Process 200: Module MSVCP71.dll:
20:4:9:406 2880 Process 200: Module IMM32.DLL:
20:4:9:406 2880 Process 200: Module LPK.DLL:
20:4:9:406 2880 Process 200: Module USP10.dll:
20:4:9:406 2880 Process 200: Module SYNCOR11.DLL:
20:4:9:421 2880 Process 200: Module comctl32.dll:
20:4:9:500 2880 Process 200: Module iTouchrc.dll:
20:4:9:531 2880 Process 200: Module uxtheme.dll:
20:4:9:531 2880 Process 200: Module apphelp.dll:
20:4:9:531 2880 Process 200: Module msctfime.ime:
20:4:9:531 2880 Process 200: Module wtsapi32.DLL:
20:4:9:531 2880 Process 200: Module WINSTA.dll:
20:4:9:531 2880 Process 200: Module NETAPI32.dll:
20:4:9:531 2880 Process 200: Module HID.DLL:
20:4:9:546 2880 Process 200: Module SETUPAPI.DLL:
20:4:9:578 2880 Process 200: Module WINTRUST.dll:
20:4:9:593 2880 Process 200: Module CRYPT32.dll:
20:4:9:593 2880 Process 200: Module MSASN1.dll:
20:4:9:593 2880 Process 200: Module IMAGEHLP.dll:
20:4:9:593 2880 Process 200: Module MSCTF.dll:
20:4:9:734 2880 Process 200: Module LgMsgHk.dll:
20:4:9:734 2880 Process 200: Module wdmaud.drv:
20:4:9:734 2880 Process 200: Module msacm32.drv:
20:4:9:734 2880 Process 200: Module MSACM32.dll:
20:4:9:734 2880 Process 200: Module midimap.dll:
20:4:9:781 2880 Process 200: Module kbdhook.dll:
20:4:9:796 2880 Process 200: Module SSSensor.dll:
20:4:9:796 2880 Process 248: Module RunDLL32.exe:
20:4:9:828 2880 Process 248: Module ntdll.dll:
20:4:9:843 2880 Process 248: Module kernel32.dll:
20:4:9:859 2880 Process 248: Module msvcrt.dll:
20:4:9:875 2880 Process 248: Module GDI32.dll:
20:4:9:875 2880 Process 248: Module USER32.dll:
20:4:9:875 2880 Process 248: Module IMAGEHLP.dll:
20:4:9:906 2880 Process 248: Module ShimEng.dll:
20:4:9:906 2880 Process 248: Module AcGenral.DLL:
20:4:9:906 2880 Process 248: Module ADVAPI32.dll:
20:4:9:921 2880 Process 248: Module RPCRT4.dll:
20:4:9:921 2880 Process 248: Module Secur32.dll:
20:4:9:921 2880 Process 248: Module WINMM.dll:
20:4:9:937 2880 Process 248: Module ole32.dll:
20:4:9:953 2880 Process 248: Module OLEAUT32.dll:
20:4:9:953 2880 Process 248: Module MSACM32.dll:
20:4:9:953 2880 Process 248: Module VERSION.dll:
20:4:10:0 2880 Process 248: Module SHELL32.dll:
20:4:10:0 2880 Process 248: Module SHLWAPI.dll:
20:4:10:0 2880 Process 248: Module USERENV.dll:
20:4:10:0 2880 Process 248: Module UxTheme.dll:
20:4:10:0 2880 Process 248: Module IMM32.DLL:
20:4:10:0 2880 Process 248: Module LPK.DLL:
20:4:10:31 2880 Process 248: Module USP10.dll:
20:4:10:31 2880 Process 248: Module SYNCOR11.DLL:
20:4:10:31 2880 Process 248: Module comctl32.dll:
20:4:10:31 2880 Process 248: Module comctl32.dll:
20:4:10:46 2880 Process 248: Module P0630Pin.dll:
20:4:10:62 2880 Process 248: Module CFGMGR32.dll:
20:4:10:62 2880 Process 248: Module setupapi.dll:
20:4:10:78 2880 Process 248: Module P0630Pin.crl:
20:4:10:78 2880 Process 248: Module msctfime.ime:
20:4:10:93 2880 Process 248: Module LgMsgHk.dll:
20:4:10:93 2880 Process 248: Module MSCTF.dll:
20:4:10:93 2880 Process 248: Module SSSensor.dll:
20:4:10:93 2880 Process 248: Module WINTRUST.dll:
20:4:10:93 2880 Process 248: Module CRYPT32.dll:
20:4:10:93 2880 Process 248: Module MSASN1.dll:
20:4:10:109 2880 Process 280: Module avastUI.exe:
20:4:10:109 2880 Process 280: Module ntdll.dll:
20:4:10:125 2880 Process 280: Module kernel32.dll:
20:4:10:156 2880 Process 280: Module aswUtil.dll:
20:4:10:156 2880 Process 280: Module ashBase.dll:
20:4:10:156 2880 Process 280: Module WSOCK32.dll:
20:4:10:156 2880 Process 280: Module WS2_32.dll:
20:4:10:156 2880 Process 280: Module ADVAPI32.dll:
20:4:10:171 2880 Process 280: Module RPCRT4.dll:
20:4:10:171 2880 Process 280: Module Secur32.dll:
20:4:10:187 2880 Process 280: Module msvcrt.dll:
20:4:10:203 2880 Process 280: Module WS2HELP.dll:
20:4:10:203 2880 Process 280: Module VERSION.dll:
20:4:10:203 2880 Process 280: Module aswEngLdr.dll:
20:4:10:203 2880 Process 280: Module aswCmnOS.dll:
20:4:10:218 2880 Process 280: Module aswCmnIS.dll:
20:4:10:218 2880 Process 280: Module MSVCR90.dll:
20:4:10:218 2880 Process 280: Module USER32.dll:
20:4:10:218 2880 Process 280: Module GDI32.dll:
20:4:10:218 2880 Process 280: Module MSVCP90.dll:
20:4:10:218 2880 Process 280: Module aswCmnBS.dll:
20:4:10:234 2880 Process 280: Module SHLWAPI.dll:
20:4:10:250 2880 Process 280: Module SHELL32.dll:
20:4:10:265 2880 Process 280: Module ashTask.dll:
20:4:10:265 2880 Process 280: Module aswAux.dll:
20:4:10:265 2880 Process 280: Module DNSAPI.dll:
20:4:10:265 2880 Process 280: Module aswLog.dll:
20:4:10:265 2880 Process 280: Module aswSqLt.dll:
20:4:10:265 2880 Process 280: Module aswProperty.dll:
20:4:10:265 2880 Process 280: Module ole32.dll:
20:4:10:375 2880 Process 280: Module mfc90u.dll:
20:4:10:375 2880 Process 280: Module COMCTL32.dll:
20:4:10:375 2880 Process 280: Module MSIMG32.dll:
20:4:10:375 2880 Process 280: Module OLEAUT32.dll:
20:4:10:390 2880 Process 280: Module WINMM.dll:
20:4:10:390 2880 Process 280: Module WININET.dll:
20:4:10:390 2880 Process 280: Module Normaliz.dll:
20:4:10:406 2880 Process 280: Module urlmon.dll:
20:4:10:421 2880 Process 280: Module iertutil.dll:
20:4:10:437 2880 Process 280: Module OLEACC.dll:
20:4:10:437 2880 Process 280: Module MSVCP60.dll:
20:4:10:437 2880 Process 280: Module IMM32.DLL:
20:4:10:437 2880 Process 280: Module LPK.DLL:
20:4:10:437 2880 Process 280: Module USP10.dll:
20:4:10:453 2880 Process 280: Module comctl32.dll:
20:4:10:453 2880 Process 280: Module UxTheme.dll:
20:4:10:453 2880 Process 280: Module SYNCOR11.DLL:
20:4:10:453 2880 Process 280: Module dbghelp.dll:
20:4:10:453 2880 Process 280: Module Base.dll:
20:4:10:453 2880 Process 280: Module comdlg32.dll:
20:4:10:453 2880 Process 280: Module LgWndHk.dll:
20:4:10:453 2880 Process 280: Module RocketDock.dll:
20:4:10:453 2880 Process 280: Module PSAPI.DLL:
20:4:10:468 2880 Process 280: Module MSCTF.dll:
20:4:10:468 2880 Process 280: Module aswData.dll:
20:4:10:468 2880 Process 280: Module ashTaskEx.dll:
20:4:10:468 2880 Process 280: Module Aavm4h.dll:
20:4:10:468 2880 Process 280: Module AavmRpch.dll:
20:4:10:484 2880 Process 280: Module apphelp.dll:
20:4:10:484 2880 Process 280: Module msctfime.ime:
20:4:10:500 2880 Process 280: Module UILangRes.dll:
20:4:10:546 2880 Process 280: Module CommonRes.dll:
20:4:10:562 2880 Process 280: Module LgMsgHk.dll:
20:4:10:562 2880 Process 280: Module SSSensor.dll:
20:4:10:562 2880 Process 300: Module RocketDock.exe:
20:4:10:562 2880 Process 300: Module ntdll.dll:
20:4:10:562 2880 Process 300: Module kernel32.dll:
20:4:10:578 2880 Process 300: Module USER32.dll:
20:4:10:578 2880 Process 300: Module GDI32.dll:
20:4:10:578 2880 Process 300: Module COMDLG32.dll:
20:4:10:593 2880 Process 300: Module ADVAPI32.dll:
20:4:10:593 2880 Process 300: Module RPCRT4.dll:
20:4:10:593 2880 Process 300: Module Secur32.dll:
20:4:10:593 2880 Process 300: Module COMCTL32.dll:
20:4:10:593 2880 Process 300: Module msvcrt.dll:
20:4:10:593 2880 Process 300: Module SHLWAPI.dll:
20:4:10:625 2880 Process 300: Module SHELL32.dll:
20:4:10:640 2880 Process 300: Module ole32.dll:
20:4:10:640 2880 Process 300: Module OLEAUT32.dll:
20:4:10:640 2880 Process 300: Module gdiplus.dll:
20:4:10:640 2880 Process 300: Module PSAPI.DLL:
20:4:10:640 2880 Process 300: Module SETUPAPI.dll:
20:4:10:640 2880 Process 300: Module IMM32.DLL:
20:4:10:656 2880 Process 300: Module LPK.DLL:
20:4:10:656 2880 Process 300: Module USP10.dll:
20:4:10:656 2880 Process 300: Module uxtheme.dll:
20:4:10:656 2880 Process 300: Module apphelp.dll:
20:4:10:656 2880 Process 300: Module msctfime.ime:
20:4:10:656 2880 Process 300: Module iTchHk.dll:
20:4:10:671 2880 Process 300: Module xpsp2res.dll:
20:4:10:671 2880 Process 300: Module MSCTF.dll:
20:4:10:671 2880 Process 300: Module CLBCATQ.DLL:
20:4:10:671 2880 Process 300: Module COMRes.dll:
20:4:10:671 2880 Process 300: Module VERSION.dll:
20:4:10:671 2880 Process 300: Module cscui.dll:
20:4:10:671 2880 Process 300: Module CSCDLL.dll:
20:4:10:671 2880 Process 300: Module RocketDock.dll:
20:4:10:687 2880 Process 300: Module LgMsgHk.dll:
20:4:10:687 2880 Process 300: Module SSSensor.dll:
20:4:10:687 2880 Process 300: Module LgWndHk.dll:
20:4:10:687 2880 Process 300: Module netapi32.dll:
20:4:10:687 2880 Process 300: Module urlmon.dll:
20:4:10:703 2880 Process 300: Module iertutil.dll:
20:4:10:703 2880 Process 376: Module ctfmon.exe:
20:4:10:703 2880 Process 376: Module ntdll.dll:
20:4:10:703 2880 Process 376: Module kernel32.dll:
20:4:10:703 2880 Process 376: Module msvcrt.dll:
20:4:10:718 2880 Process 376: Module ADVAPI32.dll:
20:4:10:734 2880 Process 376: Module RPCRT4.dll:
20:4:10:734 2880 Process 376: Module Secur32.dll:
20:4:10:734 2880 Process 376: Module USER32.dll:
20:4:10:734 2880 Process 376: Module GDI32.dll:
20:4:10:734 2880 Process 376: Module MSCTF.dll:
20:4:10:750 2880 Process 376: Module MSUTB.dll:
20:4:10:750 2880 Process 376: Module ShimEng.dll:
20:4:10:765 2880 Process 376: Module AcGenral.DLL:
20:4:10:765 2880 Process 376: Module WINMM.dll:
20:4:10:781 2880 Process 376: Module ole32.dll:
20:4:10:781 2880 Process 376: Module OLEAUT32.dll:
20:4:10:781 2880 Process 376: Module MSACM32.dll:
20:4:10:781 2880 Process 376: Module VERSION.dll:
20:4:10:796 2880 Process 376: Module SHELL32.dll:
20:4:10:812 2880 Process 376: Module SHLWAPI.dll:
20:4:10:812 2880 Process 376: Module USERENV.dll:
20:4:10:812 2880 Process 376: Module UxTheme.dll:
20:4:10:812 2880 Process 376: Module IMM32.DLL:
20:4:10:812 2880 Process 376: Module LPK.DLL:
20:4:10:812 2880 Process 376: Module USP10.dll:
20:4:10:812 2880 Process 376: Module SYNCOR11.DLL:
20:4:10:812 2880 Process 376: Module comctl32.dll:
20:4:10:828 2880 Process 376: Module msctfime.ime:
20:4:10:828 2880 Process 376: Module RocketDock.dll:
20:4:10:828 2880 Process 376: Module PSAPI.DLL:
20:4:10:828 2880 Process 376: Module SSSensor.dll:
20:4:10:843 2880 Process 376: Module LgMsgHk.dll:
20:4:10:843 2880 Process 376: Module iTchHk.dll:
20:4:10:843 2880 Process 424: Module WindowsSearch.exe:
20:4:10:859 2880 Process 424: Module ntdll.dll:
20:4:10:859 2880 Process 424: Module kernel32.dll:
20:4:10:875 2880 Process 424: Module ADVAPI32.dll:
20:4:10:890 2880 Process 424: Module RPCRT4.dll:
20:4:10:906 2880 Process 424: Module Secur32.dll:
20:4:10:906 2880 Process 424: Module GDI32.dll:
20:4:10:921 2880 Process 424: Module USER32.dll:
20:4:10:921 2880 Process 424: Module msvcrt.dll:
20:4:10:921 2880 Process 424: Module COMCTL32.dll:
20:4:10:921 2880 Process 424: Module SHLWAPI.dll:
20:4:10:921 2880 Process 424: Module ole32.dll:
20:4:10:937 2880 Process 424: Module OLEAUT32.dll:
20:4:10:937 2880 Process 424: Module MSIMG32.dll:
20:4:10:968 2880 Process 424: Module SHELL32.dll:
20:4:10:984 2880 Process 424: Module MPR.dll:
20:4:10:984 2880 Process 424: Module uncdms.dll:
20:4:10:984 2880 Process 424: Module IMM32.DLL:
20:4:10:984 2880 Process 424: Module LPK.DLL:
20:4:10:984 2880 Process 424: Module USP10.dll:
20:4:10:984 2880 Process 424: Module uxtheme.dll:
20:4:10:984 2880 Process 424: Module MSCTF.dll:
20:4:11:0 2880 Process 424: Module CLBCATQ.DLL:
20:4:11:0 2880 Process 424: Module COMRes.dll:
20:4:11:15 2880 Process 424: Module VERSION.dll:
20:4:11:15 2880 Process 424: Module xpsp2res.dll:
20:4:11:78 2880 Process 424: Module mssprxy.dll:
20:4:11:203 2880 Process 424: Module oeph.dll:
20:4:11:203 2880 Process 424: Module urlmon.dll:
20:4:11:234 2880 Process 424: Module iertutil.dll:
20:4:11:312 2880 Process 424: Module mssph.dll:
20:4:11:625 2880 Process 424: Module TQUERY.DLL:
20:4:11:656 2880 Process 424: Module PROPSYS.dll:
20:4:11:656 2880 Process 424: Module WINTRUST.dll:
20:4:11:656 2880 Process 424: Module CRYPT32.dll:
20:4:11:656 2880 Process 424: Module MSASN1.dll:
20:4:11:656 2880 Process 424: Module IMAGEHLP.dll:
20:4:11:656 2880 Process 424: Module NETAPI32.dll:
20:4:11:656 2880 Process 424: Module AUTHZ.dll:
20:4:11:671 2880 Process 424: Module MAPI32.dll:
20:4:11:687 2880 Process 424: Module WindowsSearchRes.dll.mui:
20:4:11:703 2880 Process 424: Module WindowsSearchRes.dll:
20:4:11:734 2880 Process 424: Module WdsMktTools.dll:
20:4:11:750 2880 Process 424: Module WININET.dll:
20:4:11:750 2880 Process 424: Module Normaliz.dll:
20:4:11:750 2880 Process 424: Module mlang.dll:
20:4:11:750 2880 Process 424: Module msxml3.dll:
20:4:11:750 2880 Process 424: Module ws2_32.dll:
20:4:11:765 2880 Process 424: Module WS2HELP.dll:
20:4:11:765 2880 Process 424: Module LgWndHk.dll:
20:4:11:781 2880 Process 424: Module RocketDock.dll:
20:4:11:781 2880 Process 424: Module PSAPI.DLL:
20:4:11:781 2880 Process 424: Module LgMsgHk.dll:
20:4:11:796 2880 Process 424: Module SSSensor.dll:
20:4:11:812 2880 Process 424: Module msi.dll:
20:4:11:875 2880 Process 424: Module msoe.dll:
20:4:11:875 2880 Process 424: Module ATL.DLL:
20:4:11:890 2880 Process 424: Module MSOERT2.dll:
20:4:11:906 2880 Process 424: Module MSOEACCT.dll:
20:4:11:921 2880 Process 424: Module INETCOMM.dll:
20:4:11:937 2880 Process 424: Module acctres.dll:
20:4:11:953 2880 Process 424: Module inetres.dll:
20:4:12:109 2880 Process 424: Module msoeres.dll:
20:4:12:125 2880 Process 424: Module SXS.DLL:
20:4:12:125 2880 Process 424: Module SHDOCVW.DLL:
20:4:12:125 2880 Process 424: Module CRYPTUI.dll:
20:4:12:125 2880 Process 424: Module WLDAP32.dll:
20:4:12:171 2880 Process 424: Module ieframe.dll:
20:4:12:187 2880 Process 424: Module msident.dll:
20:4:12:187 2880 Process 424: Module msidntld.dll:
20:4:12:203 2880 Process 424: Module PSTOREC.DLL:
20:4:12:218 2880 Process 424: Module directdb.dll:
20:4:12:218 2880 Process 424: Module apphelp.dll:
20:4:12:218 2880 Process 424: Module msctfime.ime:
20:4:12:218 2880 Process 424: Module iTchHk.dll:
20:4:12:218 2880 Process 496: Module em_exec.exe:
20:4:12:250 2880 Process 496: Module ntdll.dll:
20:4:12:250 2880 Process 496: Module kernel32.dll:
20:4:12:281 2880 Process 496: Module EVENTEX.dll:
20:4:12:281 2880 Process 496: Module COMNCTR.dll:
20:4:12:328 2880 Process 496: Module MFC42.DLL:
20:4:12:328 2880 Process 496: Module MSVCRT.dll:
20:4:12:328 2880 Process 496: Module GDI32.dll:
20:4:12:328 2880 Process 496: Module USER32.dll:
20:4:12:343 2880 Process 496: Module ADVAPI32.dll:
20:4:12:343 2880 Process 496: Module RPCRT4.dll:
20:4:12:343 2880 Process 496: Module Secur32.dll:
20:4:12:375 2880 Process 496: Module SHELL32.dll:
20:4:12:375 2880 Process 496: Module SHLWAPI.dll:
20:4:12:375 2880 Process 496: Module COMCTL32.dll:
20:4:12:406 2880 Process 496: Module ole32.dll:
20:4:12:421 2880 Process 496: Module OLEAUT32.dll:
20:4:12:421 2880 Process 496: Module IMM32.dll:
20:4:12:437 2880 Process 496: Module MSVCP60.dll:
20:4:12:437 2880 Process 496: Module LPK.DLL:
20:4:12:437 2880 Process 496: Module USP10.dll:
20:4:12:453 2880 Process 496: Module MFC42LOC.DLL:
20:4:12:453 2880 Process 496: Module comctl32.dll:
20:4:12:453 2880 Process 496: Module uxtheme.dll:
20:4:12:453 2880 Process 496: Module MSCTF.dll:
20:4:12:484 2880 Process 496: Module ccresrce.dll:
20:4:12:484 2880 Process 496: Module msctfime.ime:
20:4:12:484 2880 Process 496: Module RocketDock.dll:
20:4:12:484 2880 Process 496: Module PSAPI.DLL:
20:4:12:500 2880 Process 496: Module GlbResLt.dll:
20:4:12:500 2880 Process 496: Module LgMsgHk.dll:
20:4:12:515 2880 Process 496: Module CLBCATQ.DLL:
20:4:12:515 2880 Process 496: Module COMRes.dll:
20:4:12:515 2880 Process 496: Module VERSION.dll:
20:4:12:546 2880 Process 496: Module devices.dll:
20:4:12:562 2880 Process 496: Module ccstmglb.dll:
20:4:12:593 2880 Process 496: Module ccustom.dll:
20:4:12:609 2880 Process 496: Module ccmsghk.dll:
20:4:12:625 2880 Process 496: Module LgWndHk.dll:
20:4:12:625 2880 Process 496: Module SSSensor.dll:
20:4:12:625 2880 Process 616: Module spoolsv.exe:
20:4:12:640 2880 Process 616: Module ntdll.dll:
20:4:12:640 2880 Process 616: Module kernel32.dll:
20:4:12:640 2880 Process 616: Module ADVAPI32.dll:
20:4:12:656 2880 Process 616: Module RPCRT4.dll:
20:4:12:656 2880 Process 616: Module Secur32.dll:
20:4:12:656 2880 Process 616: Module GDI32.dll:
20:4:12:656 2880 Process 616: Module USER32.dll:
20:4:12:671 2880 Process 616: Module msvcrt.dll:
20:4:12:671 2880 Process 616: Module ShimEng.dll:
20:4:12:687 2880 Process 616: Module AcGenral.DLL:
20:4:12:687 2880 Process 616: Module WINMM.dll:
20:4:12:703 2880 Process 616: Module ole32.dll:
20:4:12:703 2880 Process 616: Module OLEAUT32.dll:
20:4:12:703 2880 Process 616: Module MSACM32.dll:
20:4:12:703 2880 Process 616: Module VERSION.dll:
20:4:12:718 2880 Process 616: Module SHELL32.dll:
20:4:12:734 2880 Process 616: Module SHLWAPI.dll:
20:4:12:750 2880 Process 616: Module USERENV.dll:
20:4:12:750 2880 Process 616: Module UxTheme.dll:
20:4:12:750 2880 Process 616: Module IMM32.DLL:
20:4:12:750 2880 Process 616: Module LPK.DLL:
20:4:12:750 2880 Process 616: Module USP10.dll:
20:4:12:750 2880 Process 616: Module SYNCOR11.DLL:
20:4:12:765 2880 Process 616: Module comctl32.dll:
20:4:12:765 2880 Process 616: Module comctl32.dll:
20:4:12:781 2880 Process 616: Module SPOOLSS.DLL:
20:4:12:781 2880 Process 616: Module WS2_32.dll:
20:4:12:781 2880 Process 616: Module WS2HELP.dll:
20:4:12:781 2880 Process 616: Module DNSAPI.dll:
20:4:12:781 2880 Process 616: Module rasadhlp.dll:
20:4:12:796 2880 Process 616: Module localspl.dll:
20:4:12:796 2880 Process 616: Module sfc_os.dll:
20:4:12:796 2880 Process 616: Module WINTRUST.dll:
20:4:12:796 2880 Process 616: Module CRYPT32.dll:
20:4:12:796 2880 Process 616: Module MSASN1.dll:
20:4:12:796 2880 Process 616: Module IMAGEHLP.dll:
20:4:12:796 2880 Process 616: Module winspool.drv:
20:4:12:796 2880 Process 616: Module netapi32.dll:
20:4:12:906 2880 Process 616: Module cnbjmon.dll:
20:4:12:968 2880 Process 616: Module cpwmon2k.dll:
20:4:13:15 2880 Process 616: Module hpzlnt09.dll:
20:4:13:46 2880 Process 616: Module pjlmon.dll:
20:4:13:46 2880 Process 616: Module tcpmon.dll:
20:4:13:46 2880 Process 616: Module usbmon.dll:
20:4:13:62 2880 Process 616: Module filterpipelineprintproc.dll:
20:4:13:62 2880 Process 616: Module mswsock.dll:
20:4:13:62 2880 Process 616: Module winrnr.dll:
20:4:13:62 2880 Process 616: Module WLDAP32.dll:
20:4:13:78 2880 Process 616: Module win32spl.dll:
20:4:13:78 2880 Process 616: Module NETRAP.dll:
20:4:13:78 2880 Process 616: Module NTDSAPI.dll:
20:4:13:78 2880 Process 616: Module CLBCATQ.DLL:
20:4:13:93 2880 Process 616: Module COMRes.dll:
20:4:13:93 2880 Process 616: Module inetpp.dll:
20:4:13:109 2880 Process 616: Module xpsp2res.dll:
20:4:13:109 2880 Process 400: Module svchost.exe:
20:4:13:125 2880 Process 400: Module ntdll.dll:
20:4:13:125 2880 Process 400: Module kernel32.dll:
20:4:13:125 2880 Process 400: Module ADVAPI32.dll:
20:4:13:140 2880 Process 400: Module RPCRT4.dll:
20:4:13:140 2880 Process 400: Module Secur32.dll:
20:4:13:156 2880 Process 400: Module ShimEng.dll:
20:4:13:156 2880 Process 400: Module AcGenral.DLL:
20:4:13:156 2880 Process 400: Module USER32.dll:
20:4:13:156 2880 Process 400: Module GDI32.dll:
20:4:13:171 2880 Process 400: Module WINMM.dll:
20:4:13:171 2880 Process 400: Module ole32.dll:
20:4:13:171 2880 Process 400: Module msvcrt.dll:
20:4:13:171 2880 Process 400: Module OLEAUT32.dll:
20:4:13:187 2880 Process 400: Module MSACM32.dll:
20:4:13:187 2880 Process 400: Module VERSION.dll:
20:4:13:203 2880 Process 400: Module SHELL32.dll:
20:4:13:203 2880 Process 400: Module SHLWAPI.dll:
20:4:13:218 2880 Process 400: Module USERENV.dll:
20:4:13:218 2880 Process 400: Module UxTheme.dll:
20:4:13:218 2880 Process 400: Module IMM32.DLL:
20:4:13:218 2880 Process 400: Module LPK.DLL:
20:4:13:218 2880 Process 400: Module USP10.dll:
20:4:13:218 2880 Process 400: Module SYNCOR11.DLL:
20:4:13:218 2880 Process 400: Module comctl32.dll:
20:4:13:234 2880 Process 400: Module comctl32.dll:
20:4:13:234 2880 Process 400: Module NTMARTA.DLL:
20:4:13:234 2880 Process 400: Module SAMLIB.dll:
20:4:13:234 2880 Process 400: Module WLDAP32.dll:
20:4:13:250 2880 Process 400: Module xpsp2res.dll:
20:4:13:250 2880 Process 400: Module webclnt.dll:
20:4:13:250 2880 Process 400: Module WININET.dll:
20:4:13:250 2880 Process 400: Module Normaliz.dll:
20:4:13:250 2880 Process 400: Module urlmon.dll:
20:4:13:265 2880 Process 400: Module iertutil.dll:
20:4:13:265 2880 Process 400: Module WS2_32.dll:
20:4:13:265 2880 Process 400: Module WS2HELP.dll:
20:4:13:265 2880 Process 1152: Module svchost.exe:
20:4:13:265 2880 Process 1152: Module ntdll.dll:
20:4:13:265 2880 Process 1152: Module kernel32.dll:
20:4:13:281 2880 Process 1152: Module ADVAPI32.dll:
20:4:13:281 2880 Process 1152: Module RPCRT4.dll:
20:4:13:281 2880 Process 1152: Module Secur32.dll:
20:4:13:296 2880 Process 1152: Module ShimEng.dll:
20:4:13:312 2880 Process 1152: Module AcGenral.DLL:
20:4:13:312 2880 Process 1152: Module USER32.dll:
20:4:13:312 2880 Process 1152: Module GDI32.dll:
20:4:13:312 2880 Process 1152: Module WINMM.dll:
20:4:13:328 2880 Process 1152: Module ole32.dll:
20:4:13:328 2880 Process 1152: Module msvcrt.dll:
20:4:13:328 2880 Process 1152: Module OLEAUT32.dll:
20:4:13:328 2880 Process 1152: Module MSACM32.dll:
20:4:13:328 2880 Process 1152: Module VERSION.dll:
20:4:13:359 2880 Process 1152: Module SHELL32.dll:
20:4:13:359 2880 Process 1152: Module SHLWAPI.dll:
20:4:13:359 2880 Process 1152: Module USERENV.dll:
20:4:13:359 2880 Process 1152: Module UxTheme.dll:
20:4:13:359 2880 Process 1152: Module IMM32.DLL:
20:4:13:359 2880 Process 1152: Module LPK.DLL:
20:4:13:359 2880 Process 1152: Module USP10.dll:
20:4:13:359 2880 Process 1152: Module SYNCOR11.DLL:
20:4:13:375 2880 Process 1152: Module comctl32.dll:
20:4:13:375 2880 Process 1152: Module comctl32.dll:
20:4:13:375 2880 Process 1152: Module wiaservc.dll:
20:4:13:375 2880 Process 1152: Module CFGMGR32.dll:
20:4:13:375 2880 Process 1152: Module setupapi.DLL:
20:4:13:375 2880 Process 1152: Module mscms.dll:
20:4:13:375 2880 Process 1152: Module WINSPOOL.DRV:
20:4:13:375 2880 Process 1152: Module WINSTA.dll:
20:4:13:390 2880 Process 1152: Module NETAPI32.dll:
20:4:13:390 2880 Process 1152: Module xpsp2res.dll:
20:4:13:406 2880 Process 1152: Module CLBCATQ.DLL:
20:4:13:406 2880 Process 1152: Module COMRes.dll:
20:4:13:406 2880 Process 1152: Module WINTRUST.dll:
20:4:13:406 2880 Process 1152: Module CRYPT32.dll:
20:4:13:406 2880 Process 1152: Module MSASN1.dll:
20:4:13:406 2880 Process 1152: Module IMAGEHLP.dll:
20:4:13:437 2880 Process 1152: Module actxprxy.dll:
20:4:13:453 2880 Process 1496: Module SearchIndexer.exe:
20:4:13:453 2880 Process 1496: Module ntdll.dll:
20:4:13:468 2880 Process 1496: Module kernel32.dll:
20:4:13:468 2880 Process 1496: Module ADVAPI32.dll:
20:4:13:468 2880 Process 1496: Module RPCRT4.dll:
20:4:13:468 2880 Process 1496: Module Secur32.dll:
20:4:13:468 2880 Process 1496: Module USER32.dll:
20:4:13:484 2880 Process 1496: Module GDI32.dll:
20:4:13:484 2880 Process 1496: Module msvcrt.dll:
20:4:13:500 2880 Process 1496: Module ole32.dll:
20:4:13:500 2880 Process 1496: Module OLEAUT32.dll:
20:4:13:500 2880 Process 1496: Module WTSAPI32.dll:
20:4:13:500 2880 Process 1496: Module WINSTA.dll:
20:4:13:500 2880 Process 1496: Module NETAPI32.dll:
20:4:13:515 2880 Process 1496: Module TQUERY.DLL:
20:4:13:546 2880 Process 1496: Module PROPSYS.dll:
20:4:13:562 2880 Process 1496: Module WINTRUST.dll:
20:4:13:562 2880 Process 1496: Module CRYPT32.dll:
20:4:13:562 2880 Process 1496: Module MSASN1.dll:
20:4:13:562 2880 Process 1496: Module IMAGEHLP.dll:
20:4:13:562 2880 Process 1496: Module SHLWAPI.dll:
20:4:13:593 2880 Process 1496: Module SHELL32.dll:
20:4:13:609 2880 Process 1496: Module USERENV.dll:
20:4:13:609 2880 Process 1496: Module MPR.dll:
20:4:13:609 2880 Process 1496: Module MSSRCH.DLL:
20:4:13:609 2880 Process 1496: Module PSAPI.DLL:
20:4:13:625 2880 Process 1496: Module WSOCK32.dll:
20:4:13:625 2880 Process 1496: Module WS2_32.dll:
20:4:13:640 2880 Process 1496: Module WS2HELP.dll:
20:4:13:656 2880 Process 1496: Module dbghelp.dll:
20:4:13:656 2880 Process 1496: Module VERSION.dll:
20:4:13:656 2880 Process 1496: Module IMM32.DLL:
20:4:13:671 2880 Process 1496: Module LPK.DLL:
20:4:13:687 2880 Process 1496: Module USP10.dll:
20:4:13:687 2880 Process 1496: Module comctl32.dll:
20:4:13:687 2880 Process 1496: Module comctl32.dll:
20:4:13:703 2880 Process 1496: Module xpsp2res.dll:
20:4:13:703 2880 Process 1496: Module CLBCATQ.DLL:
20:4:13:703 2880 Process 1496: Module COMRes.dll:
20:4:13:703 2880 Process 1496: Module Msidle.dll:
20:4:13:703 2880 Process 1496: Module uxtheme.dll:
20:4:13:718 2880 Process 1496: Module query.dll:
20:4:13:734 2880 Process 1496: Module XmlLite.dll:
20:4:13:750 2880 Process 1496: Module tQuery.dll.mui:
20:4:13:750 2880 Process 1496: Module esent.dll:
20:4:13:796 2880 Process 1496: Module msscb.dll:
20:4:13:812 2880 Process 1496: Module NTMARTA.DLL:
20:4:13:812 2880 Process 1496: Module SAMLIB.dll:
20:4:13:812 2880 Process 1496: Module WLDAP32.dll:
20:4:13:828 2880 Process 1496: Module perfproc.dll:
20:4:13:843 2880 Process 1496: Module mssprxy.dll:
20:4:13:859 2880 Process 1496: Module msi.dll:
20:4:13:859 2880 Process 1496: Module SXS.DLL:
20:4:13:859 2880 Process 1496: Module msv1_0.dll:
20:4:13:859 2880 Process 1496: Module cryptdll.dll:
20:4:13:859 2880 Process 1496: Module iphlpapi.dll:
20:4:13:859 2880 Process 1496: Module infosoft.dll:
20:4:13:859 2880 Process 1496: Module SETUPAPI.dll:
20:4:13:875 2880 Process 1496: Module LangWrbk.dll:
20:4:13:906 2880 Process 2100: Module WINWORD.EXE:
20:4:13:906 2880 Process 2100: Module ntdll.dll:
20:4:13:921 2880 Process 2100: Module kernel32.dll:
20:4:13:937 2880 Process 2100: Module ADVAPI32.DLL:
20:4:13:937 2880 Process 2100: Module RPCRT4.dll:
20:4:13:953 2880 Process 2100: Module Secur32.dll:
20:4:13:953 2880 Process 2100: Module GDI32.DLL:
20:4:13:953 2880 Process 2100: Module USER32.dll:
20:4:13:984 2880 Process 2100: Module OLE32.DLL:
20:4:13:984 2880 Process 2100: Module msvcrt.dll:
20:4:13:984 2880 Process 2100: Module IMM32.DLL:
20:4:13:984 2880 Process 2100: Module LPK.DLL:
20:4:14:0 2880 Process 2100: Module USP10.dll:
20:4:14:15 2880 Process 2100: Module mso.dll:
20:4:14:15 2880 Process 2100: Module uxtheme.dll:
20:4:14:15 2880 Process 2100: Module LgWndHk.dll:
20:4:14:31 2880 Process 2100: Module RocketDock.dll:
20:4:14:31 2880 Process 2100: Module PSAPI.DLL:
20:4:14:31 2880 Process 2100: Module MSCTF.dll:
20:4:14:31 2880 Process 2100: Module apphelp.dll:
20:4:14:31 2880 Process 2100: Module msctfime.ime:
20:4:14:78 2880 Process 2100: Module SHELL32.dll:
20:4:14:109 2880 Process 2100: Module SHLWAPI.dll:
20:4:14:109 2880 Process 2100: Module comctl32.dll:
20:4:14:125 2880 Process 2100: Module comctl32.dll:
20:4:14:125 2880 Process 2100: Module CLBCATQ.DLL:
20:4:14:125 2880 Process 2100: Module COMRes.dll:
20:4:14:140 2880 Process 2100: Module OLEAUT32.dll:
20:4:14:140 2880 Process 2100: Module VERSION.dll:
20:4:14:156 2880 Process 2100: Module msi.dll:
20:4:14:171 2880 Process 2100: Module xpsp2res.dll:
20:4:14:187 2880 Process 2100: Module riched20.dll:
20:4:14:187 2880 Process 2100: Module SXS.DLL:
20:4:14:203 2880 Process 2100: Module iTchHk.dll:
20:4:14:218 2880 Process 2100: Module LgMsgHk.dll:
20:4:14:218 2880 Process 2100: Module SSSensor.dll:
20:4:14:218 2880 Process 2100: Module wtsapi32.dll:
20:4:14:218 2880 Process 2100: Module WINSTA.dll:
20:4:14:218 2880 Process 2100: Module NETAPI32.dll:
20:4:14:234 2880 Process 2100: Module WINTRUST.dll:
20:4:14:234 2880 Process 2100: Module CRYPT32.dll:
20:4:14:250 2880 Process 2100: Module MSASN1.dll:
20:4:14:250 2880 Process 2100: Module IMAGEHLP.dll:
20:4:14:250 2880 Process 2100: Module SETUPAPI.dll:
20:4:14:265 2880 Process 2100: Module FPERSON.DLL:
20:4:14:281 2880 Process 2100: Module WINSPOOL.DRV:
20:4:14:296 2880 Process 2100: Module MOFL.DLL:
20:4:14:296 2880 Process 2100: Module COMDLG32.DLL:
20:4:14:312 2880 Process 2100: Module USERENV.dll:
20:4:14:312 2880 Process 2100: Module LINKINFO.dll:
20:4:14:312 2880 Process 2100: Module ntshrui.dll:
20:4:14:328 2880 Process 2100: Module ATL.DLL:
20:4:14:343 2880 Process 2100: Module FNAME.DLL:
20:4:14:390 2880 Process 2100: Module MSSP3NL.DLL:
20:4:14:421 2880 Process 2100: Module mslid.dll:
20:4:14:468 2880 Process 2100: Module MSSPELL3.DLL:
20:4:14:609 2880 Process 2100: Module MSGRNL32.DLL:
20:4:14:843 2880 Process 2100: Module MSGR3EN.DLL:
20:4:14:937 2880 Process 2100: Module MSSP3FR.DLL:
20:4:14:984 2880 Process 2100: Module hpzpm309.dll:
20:4:15:31 2880 Process 2100: Module hpz2ku09.dll:
20:4:15:46 2880 Process 2100: Module kbdhook.dll:
20:4:15:93 2880 Process 2100: Module hlink.dll:
20:4:15:93 2880 Process 2100: Module urlmon.dll:
20:4:15:140 2880 Process 2100: Module iertutil.dll:
20:4:15:156 2880 Process 2100: Module WININET.dll:
20:4:15:156 2880 Process 2100: Module Normaliz.dll:
20:4:15:156 2880 Process 2100: Module ws2_32.dll:
20:4:15:171 2880 Process 2100: Module WS2HELP.dll:
20:4:15:171 2880 Process 2100: Module RASAPI32.dll:
20:4:15:171 2880 Process 2100: Module rasman.dll:
20:4:15:171 2880 Process 2100: Module TAPI32.dll:
20:4:15:187 2880 Process 2100: Module rtutils.dll:
20:4:15:187 2880 Process 2100: Module WINMM.dll:
20:4:15:203 2880 Process 2100: Module SYNCOR11.DLL:
20:4:15:218 2880 Process 2100: Module msv1_0.dll:
20:4:15:218 2880 Process 2100: Module cryptdll.dll:
20:4:15:218 2880 Process 2100: Module iphlpapi.dll:
20:4:15:218 2880 Process 2100: Module sensapi.dll:
20:4:15:218 2880 Process 2100: Module mswsock.dll:
20:4:15:265 2880 Process 2100: Module hnetcfg.dll:
20:4:15:265 2880 Process 2100: Module wshtcpip.dll:
20:4:15:265 2880 Process 2100: Module rasadhlp.dll:
20:4:15:265 2880 Process 2100: Module DNSAPI.dll:
20:4:15:296 2880 Process 2100: Module CTDSPlayer.dll:
20:4:15:390 2880 Process 2100: Module ieframe.dll:
20:4:15:437 2880 Process 2100: Module MSNLNamespaceMgr.dll:
20:4:15:437 2880 Process 2100: Module NTMARTA.DLL:
20:4:15:468 2880 Process 2100: Module SAMLIB.dll:
20:4:15:468 2880 Process 2100: Module WLDAP32.dll:
20:4:15:531 2880 Process 2100: Module MSGR3FR.DLL:
20:4:15:546 2880 Process 2100: Module mscms.dll:
20:4:15:562 2880 Process 2100: Module dciman32.dll:
20:4:15:562 2880 Process 2964: Module realsched.exe:
20:4:15:562 2880 Process 2964: Module ntdll.dll:
20:4:15:562 2880 Process 2964: Module kernel32.dll:
20:4:15:593 2880 Process 2964: Module ole32.dll:
20:4:15:609 2880 Process 2964: Module ADVAPI32.dll:
20:4:15:625 2880 Process 2964: Module RPCRT4.dll:
20:4:15:640 2880 Process 2964: Module Secur32.dll:
20:4:15:640 2880 Process 2964: Module GDI32.dll:
20:4:15:640 2880 Process 2964: Module USER32.dll:
20:4:15:640 2880 Process 2964: Module msvcrt.dll:
20:4:15:640 2880 Process 2964: Module VERSION.dll:
20:4:15:671 2880 Process 2964: Module SHELL32.dll:
20:4:15:671 2880 Process 2964: Module SHLWAPI.dll:
20:4:15:671 2880 Process 2964: Module IMM32.DLL:
20:4:15:687 2880 Process 2964: Module LPK.DLL:
20:4:15:687 2880 Process 2964: Module USP10.dll:
20:4:15:687 2880 Process 2964: Module comctl32.dll:
20:4:15:703 2880 Process 2964: Module comctl32.dll:
20:4:15:703 2880 Process 2964: Module uxtheme.dll:
20:4:15:703 2880 Process 2964: Module LgWndHk.dll:
20:4:15:703 2880 Process 2964: Module RocketDock.dll:
20:4:15:703 2880 Process 2964: Module PSAPI.DLL:
20:4:15:703 2880 Process 2964: Module MSCTF.dll:
20:4:15:703 2880 Process 2964: Module SETUPAPI.dll:
20:4:15:703 2880 Process 2964: Module apphelp.dll:
20:4:15:703 2880 Process 2964: Module msctfime.ime:
20:4:15:718 2880 Process 2964: Module xpsp2res.dll:
20:4:15:718 2880 Process 2964: Module CLBCATQ.DLL:
20:4:15:718 2880 Process 2964: Module COMRes.dll:
20:4:15:718 2880 Process 2964: Module OLEAUT32.dll:
20:4:15:718 2880 Process 2964: Module NTMARTA.DLL:
20:4:15:734 2880 Process 2964: Module SAMLIB.dll:
20:4:15:734 2880 Process 2964: Module WLDAP32.dll:
20:4:15:734 2880 Process 2964: Module LgMsgHk.dll:
20:4:15:734 2880 Process 2964: Module SSSensor.dll:
20:4:15:843 2880 Process 2168: Module thunderbird.exe:
20:4:15:859 2880 Process 2168: Module ntdll.dll:
20:4:15:859 2880 Process 2168: Module kernel32.dll:
20:4:15:968 2880 Process 2168: Module js3250.dll:
20:4:16:15 2880 Process 2168: Module nspr4.dll:
20:4:16:15 2880 Process 2168: Module ADVAPI32.dll:
20:4:16:31 2880 Process 2168: Module RPCRT4.dll:
20:4:16:46 2880 Process 2168: Module Secur32.dll:
20:4:16:46 2880 Process 2168: Module WSOCK32.dll:
20:4:16:46 2880 Process 2168: Module WS2_32.dll:
20:4:16:46 2880 Process 2168: Module msvcrt.dll:
20:4:16:46 2880 Process 2168: Module WS2HELP.dll:
20:4:16:62 2880 Process 2168: Module WINMM.dll:
20:4:16:62 2880 Process 2168: Module GDI32.dll:
20:4:16:62 2880 Process 2168: Module USER32.dll:
20:4:16:62 2880 Process 2168: Module MOZCRT19.dll:
20:4:16:109 2880 Process 2168: Module xpcom_core.dll:
20:4:16:125 2880 Process 2168: Module plc4.dll:
20:4:16:125 2880 Process 2168: Module plds4.dll:
20:4:16:187 2880 Process 2168: Module SHELL32.dll:
20:4:16:203 2880 Process 2168: Module SHLWAPI.dll:
20:4:16:218 2880 Process 2168: Module ole32.dll:
20:4:16:218 2880 Process 2168: Module VERSION.dll:
20:4:16:265 2880 Process 2168: Module smime3.dll:
20:4:16:312 2880 Process 2168: Module nss3.dll:
20:4:16:343 2880 Process 2168: Module nssutil3.dll:
20:4:16:359 2880 Process 2168: Module ssl3.dll:
20:4:16:390 2880 Process 2168: Module NSLDAP32V60.dll:
20:4:16:421 2880 Process 2168: Module NSLDAPPR32V60.dll:
20:4:16:437 2880 Process 2168: Module sqlite3.dll:
20:4:16:437 2880 Process 2168: Module COMDLG32.dll:
20:4:16:437 2880 Process 2168: Module COMCTL32.dll:
20:4:16:437 2880 Process 2168: Module OLEAUT32.dll:
20:4:16:468 2880 Process 2168: Module WINSPOOL.DRV:
20:4:16:468 2880 Process 2168: Module IMM32.dll:
20:4:16:468 2880 Process 2168: Module USP10.dll:
20:4:16:468 2880 Process 2168: Module MSIMG32.dll:
20:4:16:468 2880 Process 2168: Module LPK.DLL:
20:4:16:500 2880 Process 2168: Module SYNCOR11.DLL:
20:4:16:500 2880 Process 2168: Module dbghelp.dll:
20:4:16:500 2880 Process 2168: Module uxtheme.dll:
20:4:16:500 2880 Process 2168: Module LgWndHk.dll:
20:4:16:500 2880 Process 2168: Module RocketDock.dll:
20:4:16:500 2880 Process 2168: Module PSAPI.DLL:
20:4:16:500 2880 Process 2168: Module MSCTF.dll:
20:4:16:500 2880 Process 2168: Module SETUPAPI.dll:
20:4:16:500 2880 Process 2168: Module apphelp.dll:
20:4:16:500 2880 Process 2168: Module msctfime.ime:
20:4:16:515 2880 Process 2168: Module CLBCATQ.DLL:
20:4:16:515 2880 Process 2168: Module COMRes.dll:
20:4:16:515 2880 Process 2168: Module mswsock.dll:
20:4:16:515 2880 Process 2168: Module hnetcfg.dll:
20:4:16:515 2880 Process 2168: Module wshtcpip.dll:
20:4:16:515 2880 Process 2168: Module iphlpapi.dll:
20:4:16:546 2880 Process 2168: Module jar50.dll:
20:4:16:546 2880 Process 2168: Module DNSAPI.dll:
20:4:16:546 2880 Process 2168: Module winrnr.dll:
20:4:16:546 2880 Process 2168: Module WLDAP32.dll:
20:4:16:562 2880 Process 2168: Module xpsp2res.dll:
20:4:16:609 2880 Process 2168: Module t2embed.dll:
20:4:16:625 2880 Process 2168: Module LZ32.dll:
20:4:16:656 2880 Process 2168: Module LgMsgHk.dll:
20:4:16:656 2880 Process 2168: Module SSSensor.dll:
20:4:16:656 2880 Process 2168: Module iTchHk.dll:
20:4:16:671 2880 Process 2168: Module trayToolkit.dll:
20:4:16:671 2880 Process 2168: Module xpcom.dll:
20:4:16:671 2880 Process 2168: Module calbscmp.dll:
20:4:16:671 2880 Process 2168: Module mscms.dll:
20:4:16:671 2880 Process 2168: Module softokn3.dll:
20:4:16:671 2880 Process 2168: Module nssdbm3.dll:
20:4:16:687 2880 Process 2168: Module freebl3.dll:
20:4:16:703 2880 Process 2168: Module nssckbi.dll:
20:4:16:703 2880 Process 2168: Module NTMARTA.DLL:
20:4:16:703 2880 Process 2168: Module SAMLIB.dll:
20:4:16:703 2880 Process 2168: Module rasadhlp.dll:
20:4:16:703 2880 Process 2168: Module WINTRUST.dll:
20:4:16:703 2880 Process 2168: Module CRYPT32.dll:
20:4:16:703 2880 Process 2168: Module MSASN1.dll:
20:4:16:703 2880 Process 2168: Module IMAGEHLP.dll:
20:4:16:703 2880 Process 2168: Module wdmaud.drv:
20:4:16:703 2880 Process 2168: Module msacm32.drv:
20:4:16:703 2880 Process 2168: Module MSACM32.dll:
20:4:16:703 2880 Process 2168: Module midimap.dll:
20:4:16:781 2880 Process 2168: Module ieframe.dll:
20:4:16:796 2880 Process 2168: Module iertutil.dll:
20:4:16:812 2880 Process 2168: Module urlmon.dll:
20:4:16:812 2880 Process 2168: Module netapi32.dll:
20:4:16:812 2880 Process 2168: Module MSNLNamespaceMgr.dll:
20:4:16:812 2880 Process 2168: Module WININET.dll:
20:4:16:812 2880 Process 2168: Module Normaliz.dll:
20:4:16:812 2880 Process 3064: Module firefox.exe:
20:4:16:812 2880 Process 3064: Module ntdll.dll:
20:4:16:828 2880 Process 3064: Module kernel32.dll:
20:4:16:843 2880 Process 3064: Module xul.dll:
20:4:16:937 2880 Process 3064: Module sqlite3.dll:
20:4:16:937 2880 Process 3064: Module MOZCRT19.dll:
20:4:16:937 2880 Process 3064: Module msvcrt.dll:
20:4:16:953 2880 Process 3064: Module js3250.dll:
20:4:16:984 2880 Process 3064: Module nspr4.dll:
20:4:16:984 2880 Process 3064: Module ADVAPI32.dll:
20:4:17:0 2880 Process 3064: Module RPCRT4.dll:
20:4:17:0 2880 Process 3064: Module Secur32.dll:
20:4:17:0 2880 Process 3064: Module WSOCK32.dll:
20:4:17:0 2880 Process 3064: Module WS2_32.dll:
20:4:17:0 2880 Process 3064: Module WS2HELP.dll:
20:4:17:0 2880 Process 3064: Module WINMM.dll:
20:4:17:0 2880 Process 3064: Module GDI32.dll:
20:4:17:0 2880 Process 3064: Module USER32.dll:
20:4:17:62 2880 Process 3064: Module smime3.dll:
20:4:17:265 2880 Process 3064: Module nss3.dll:
20:4:17:281 2880 Process 3064: Module nssutil3.dll:
20:4:17:296 2880 Process 3064: Module plc4.dll:
20:4:17:312 2880 Process 3064: Module plds4.dll:
20:4:17:359 2880 Process 3064: Module ssl3.dll:
20:4:17:375 2880 Process 3064: Module SHELL32.dll:
20:4:17:375 2880 Process 3064: Module SHLWAPI.dll:
20:4:17:390 2880 Process 3064: Module ole32.dll:
20:4:17:390 2880 Process 3064: Module VERSION.dll:
20:4:17:390 2880 Process 3064: Module WINSPOOL.DRV:
20:4:17:390 2880 Process 3064: Module COMDLG32.dll:
20:4:17:406 2880 Process 3064: Module COMCTL32.dll:
20:4:17:406 2880 Process 3064: Module IMM32.dll:
20:4:17:406 2880 Process 3064: Module MSIMG32.dll:
20:4:17:406 2880 Process 3064: Module USP10.dll:
20:4:17:406 2880 Process 3064: Module OLEAUT32.dll:
20:4:17:421 2880 Process 3064: Module xpcom.dll:
20:4:17:421 2880 Process 3064: Module LPK.DLL:
20:4:17:437 2880 Process 3064: Module SYNCOR11.DLL:
20:4:17:437 2880 Process 3064: Module uxtheme.dll:
20:4:17:437 2880 Process 3064: Module dbghelp.dll:
20:4:17:437 2880 Process 3064: Module LgWndHk.dll:
20:4:17:437 2880 Process 3064: Module RocketDock.dll:
20:4:17:437 2880 Process 3064: Module PSAPI.DLL:
20:4:17:437 2880 Process 3064: Module MSCTF.dll:
20:4:17:437 2880 Process 3064: Module SETUPAPI.dll:
20:4:17:437 2880 Process 3064: Module apphelp.dll:
20:4:17:437 2880 Process 3064: Module msctfime.ime:
20:4:17:437 2880 Process 3064: Module CLBCATQ.DLL:
20:4:17:453 2880 Process 3064: Module COMRes.dll:
20:4:17:468 2880 Process 3064: Module browserdirprovider.dll:
20:4:17:468 2880 Process 3064: Module mswsock.dll:
20:4:17:468 2880 Process 3064: Module hnetcfg.dll:
20:4:17:468 2880 Process 3064: Module wshtcpip.dll:
20:4:17:468 2880 Process 3064: Module iphlpapi.dll:
20:4:17:515 2880 Process 3064: Module brwsrcmp.dll:
20:4:17:515 2880 Process 3064: Module t2embed.dll:
20:4:17:531 2880 Process 3064: Module LZ32.dll:
20:4:17:531 2880 Process 3064: Module shdocvw.dll:
20:4:17:531 2880 Process 3064: Module CRYPT32.dll:
20:4:17:531 2880 Process 3064: Module MSASN1.dll:
20:4:17:531 2880 Process 3064: Module CRYPTUI.dll:
20:4:17:531 2880 Process 3064: Module NETAPI32.dll:
20:4:17:531 2880 Process 3064: Module WININET.dll:
20:4:17:531 2880 Process 3064: Module Normaliz.dll:
20:4:17:546 2880 Process 3064: Module urlmon.dll:
20:4:17:546 2880 Process 3064: Module iertutil.dll:
20:4:17:546 2880 Process 3064: Module WINTRUST.dll:
20:4:17:546 2880 Process 3064: Module IMAGEHLP.dll:
20:4:17:546 2880 Process 3064: Module WLDAP32.dll:
20:4:17:562 2880 Process 3064: Module DNSAPI.dll:
20:4:17:562 2880 Process 3064: Module winrnr.dll:
20:4:17:562 2880 Process 3064: Module xpsp2res.dll:
20:4:17:578 2880 Process 3064: Module LgMsgHk.dll:
20:4:17:593 2880 Process 3064: Module SSSensor.dll:
20:4:17:625 2880 Process 3064: Module softokn3.dll:
20:4:17:640 2880 Process 3064: Module nssdbm3.dll:
20:4:17:703 2880 Process 3064: Module freebl3.dll:
20:4:17:703 2880 Process 3064: Module nssckbi.dll:
20:4:17:703 2880 Process 3064: Module iTchHk.dll:
20:4:17:718 2880 Process 3064: Module mscms.dll:
20:4:17:718 2880 Process 3064: Module rasadhlp.dll:
20:4:17:812 2880 Process 3064: Module FoxyTunes.dll:
20:4:17:812 2880 Process 3064: Module NTMARTA.DLL:
20:4:17:812 2880 Process 3064: Module SAMLIB.dll:
20:4:17:828 2880 Process 3064: Module trayToolkit.dll:
20:4:17:828 2880 Process 3064: Module wdmaud.drv:
20:4:17:828 2880 Process 3064: Module msacm32.drv:
20:4:17:828 2880 Process 3064: Module MSACM32.dll:
20:4:17:828 2880 Process 3064: Module midimap.dll:
20:4:17:828 2880 Process 3064: Module kbdhook.dll:
20:4:17:828 2880 Process 3064: Module mlang.dll:
20:4:17:843 2880 Process 3064: Module schannel.dll:
20:4:17:843 2880 Process 3064: Module USERENV.dll:
20:4:17:843 2880 Process 3064: Module ddraw.dll:
20:4:17:843 2880 Process 3064: Module DCIMAN32.dll:
20:4:17:875 2880 Process 3064: Module devenum.dll:
20:4:17:875 2880 Process 3064: Module msdmo.dll:
20:4:17:906 2880 Process 3064: Module qcap.dll:
20:4:17:937 2880 Process 3064: Module MSVFW32.dll:
20:4:17:984 2880 Process 3064: Module quartz.dll:
20:4:18:31 2880 Process 3064: Module P0630Vfw.dll:
20:4:18:46 2880 Process 3064: Module CFGMGR32.dll:
20:4:18:46 2880 Process 3064: Module cscui.dll:
20:4:18:46 2880 Process 3064: Module CSCDLL.dll:
20:4:18:46 2880 Process 3064: Module RASAPI32.dll:
20:4:18:46 2880 Process 3064: Module rasman.dll:
20:4:18:46 2880 Process 3064: Module TAPI32.dll:
20:4:18:62 2880 Process 3064: Module rtutils.dll:
20:4:18:62 2880 Process 3064: Module msv1_0.dll:
20:4:18:62 2880 Process 3064: Module cryptdll.dll:
20:4:18:62 2880 Process 3064: Module sensapi.dll:
20:4:18:93 2880 Process 3064: Module MSNLNamespaceMgr.dll:
20:4:18:93 2880 Process 3064: Module msi.dll:
20:4:18:125 2880 Process 3064: Module wuapi.dll:
20:4:18:125 2880 Process 3064: Module Cabinet.dll:
20:4:18:125 2880 Process 3064: Module browseui.dll:
20:4:18:125 2880 Process 3064: Module ntshrui.dll:
20:4:18:125 2880 Process 3064: Module ATL.DLL:
20:4:18:156 2880 Process 3064: Module ieframe.dll:
20:4:18:156 2880 Process 3064: Module MPR.dll:
20:4:18:156 2880 Process 3064: Module drprov.dll:
20:4:18:156 2880 Process 3064: Module ntlanman.dll:
20:4:18:156 2880 Process 3064: Module NETUI0.dll:
20:4:18:156 2880 Process 3064: Module NETUI1.dll:
20:4:18:156 2880 Process 3064: Module NETRAP.dll:
20:4:18:156 2880 Process 3064: Module davclnt.dll:
20:4:18:234 2880 Process 3064: Module wpdshext.dll:
20:4:18:250 2880 Process 3064: Module gdiplus.dll:
20:4:18:250 2880 Process 3064: Module PortableDeviceApi.dll:
20:4:18:250 2880 Process 3064: Module shgina.dll:
20:4:18:250 2880 Process 3064: Module MSGINA.dll:
20:4:18:250 2880 Process 3064: Module ODBC32.dll:
20:4:18:250 2880 Process 3064: Module WINSTA.dll:
20:4:18:250 2880 Process 3064: Module odbcint.dll:
20:4:18:281 2880 Process 3064: Module Audiodev.dll:
20:4:18:328 2880 Process 3064: Module WMVCore.DLL:
20:4:18:343 2880 Process 3064: Module WMASF.DLL:
20:4:18:343 2880 Process 3064: Module LINKINFO.dll:
20:4:18:359 2880 Process 3064: Module shmedia.dll:
20:4:18:359 2880 Process 3064: Module AVIFIL32.dll:
20:4:18:375 2880 Process 3552: Module winamp.exe:
20:4:18:375 2880 Hook found 7E3BB144 2D01D43 user32.dll DialogBoxParamA
20:4:18:375 2880 Hook found 7E39EA3B 2D20334 user32.dll CreateDialogParamW
20:4:18:375 2880 Hook found 7E3BC702 2D025CB user32.dll DrawTextA
20:4:18:375 2880 Hook found 7E3BC7DB 2D01DF4 user32.dll CreateDialogParamA
20:4:18:375 2880 Process 3552: Module ntdll.dll:
20:4:18:375 2880 Process 3552: Module kernel32.dll:
20:4:18:375 2880 Process 3552: Module SHLWAPI.dll:
20:4:18:390 2880 Process 3552: Module ADVAPI32.dll:
20:4:18:390 2880 Process 3552: Module RPCRT4.dll:
20:4:18:390 2880 Process 3552: Module Secur32.dll:
20:4:18:406 2880 Process 3552: Module GDI32.dll:
20:4:18:406 2880 Process 3552: Module USER32.dll:
20:4:18:406 2880 Process 3552: Module msvcrt.dll:
20:4:18:406 2880 Process 3552: Module nsutil.dll:
20:4:18:421 2880 Process 3552: Module MSVCR90.dll:
20:4:18:437 2880 Process 3552: Module SHELL32.dll:
20:4:18:437 2880 Process 3552: Module ole32.dll:
20:4:18:453 2880 Process 3552: Module OLEAUT32.dll:
20:4:18:453 2880 Process 3552: Module IMM32.DLL:
20:4:18:453 2880 Process 3552: Module LPK.DLL:
20:4:18:453 2880 Process 3552: Module USP10.dll:
20:4:18:453 2880 Process 3552: Module comctl32.dll:
20:4:18:453 2880 Process 3552: Module rsaenh.dll:
20:4:18:468 2880 Process 3552: Module USERENV.dll:
20:4:18:468 2880 Process 3552: Module netapi32.dll:
20:4:18:468 2880 Process 3552: Module uxtheme.dll:
20:4:18:468 2880 Process 3552: Module LgWndHk.dll:
20:4:18:468 2880 Process 3552: Module RocketDock.dll:
20:4:18:468 2880 Process 3552: Module PSAPI.DLL:
20:4:18:468 2880 Process 3552: Module MSCTF.dll:
20:4:18:484 2880 Process 3552: Module nde.dll:
20:4:18:484 2880 Process 3552: Module auth.w5s:
20:4:18:484 2880 Process 3552: Module urlmon.dll:
20:4:18:500 2880 Process 3552: Module iertutil.dll:
20:4:18:500 2880 Process 3552: Module WININET.dll:
20:4:18:500 2880 Process 3552: Module Normaliz.dll:
20:4:18:515 2880 Process 3552: Module bmp.w5s:
20:4:18:515 2880 Process 3552: Module zlib.dll:
20:4:18:531 2880 Process 3552: Module dlmgr.w5s:
20:4:18:531 2880 Process 3552: Module filereader.w5s:
20:4:18:546 2880 Process 3552: Module gif.w5s:
20:4:18:546 2880 Process 3552: Module gracenote.w5s:
20:4:18:562 2880 Process 3552: Module jnetlib.w5s:
20:4:18:578 2880 Process 3552: Module jpeg.w5s:
20:4:18:593 2880 Process 3552: Module ombrowser.w5s:
20:4:18:593 2880 Process 3552: Module MSIMG32.dll:
20:4:18:609 2880 Process 3552: Module playlist.w5s:
20:4:18:625 2880 Process 3552: Module png.w5s:
20:4:18:625 2880 Process 3552: Module primo.w5s:
20:4:18:625 2880 Process 3552: Module tagz.w5s:
20:4:18:640 2880 Process 3552: Module timer.w5s:
20:4:18:640 2880 Process 3552: Module xml.w5s:
20:4:18:640 2880 Process 3552: Module apphelp.dll:
20:4:18:640 2880 Process 3552: Module msctfime.ime:
20:4:18:656 2880 Process 3552: Module in_avi.dll:
20:4:18:671 2880 Process 3552: Module in_cdda.dll:
20:4:18:671 2880 Process 3552: Module in_dshow.dll:
20:4:18:687 2880 Process 3552: Module in_flac.dll:
20:4:18:687 2880 Process 3552: Module in_flv.dll:
20:4:18:687 2880 Process 3552: Module in_linein.dll:
20:4:18:703 2880 Process 3552: Module in_midi.dll:
20:4:18:703 2880 Process 3552: Module COMDLG32.dll:
20:4:18:703 2880 Process 3552: Module in_mkv.dll:
20:4:18:703 2880 Process 3552: Module WS2_32.dll:
20:4:18:703 2880 Process 3552: Module WS2HELP.dll:
20:4:18:718 2880 Process 3552: Module in_mod.dll:
20:4:18:718 2880 Process 3552: Module in_mp3.dll:
20:4:18:734 2880 Process 3552: Module in_mp4.dll:
20:4:18:750 2880 Process 3552: Module in_nsv.dll:
20:4:18:765 2880 Process 3552: Module in_swf.dll:
20:4:18:812 2880 Process 3552: Module in_vorbis.dll:
20:4:18:828 2880 Process 3552: Module in_wave.dll:
20:4:18:859 2880 Process 3552: Module libsndfile.dll:
20:4:18:859 2880 Process 3552: Module in_wm.dll:
20:4:18:875 2880 Process 3552: Module WINMM.dll:
20:4:18:875 2880 Process 3552: Module SYNCOR11.DLL:
20:4:18:875 2880 Process 3552: Module WINTRUST.dll:
20:4:18:875 2880 Process 3552: Module CRYPT32.dll:
20:4:18:875 2880 Process 3552: Module MSASN1.dll:
20:4:18:875 2880 Process 3552: Module IMAGEHLP.dll:
20:4:18:875 2880 Process 3552: Module wdmaud.drv:
20:4:18:875 2880 Process 3552: Module msacm32.drv:
20:4:18:875 2880 Process 3552: Module MSACM32.dll:
20:4:18:875 2880 Process 3552: Module midimap.dll:
20:4:18:890 2880 Process 3552: Module out_disk.dll:
20:4:18:906 2880 Process 3552: Module out_ds.dll:
20:4:18:921 2880 Process 3552: Module out_wave.dll:
20:4:18:921 2880 Process 3552: Module iTchHk.dll:
20:4:18:921 2880 Process 3552: Module CLBCATQ.DLL:
20:4:18:921 2880 Process 3552: Module COMRes.dll:
20:4:18:921 2880 Process 3552: Module VERSION.dll:
20:4:18:937 2880 Process 3552: Module xpsp2res.dll:
20:4:18:953 2880 Process 3552: Module gen_dropbox.dll:
20:4:18:968 2880 Process 3552: Module NSCRT.dll:
20:4:19:31 2880 Process 3552: Module gen_ff.dll:
20:4:19:31 2880 Process 3552: Module tataki.dll:
20:4:19:46 2880 Process 3552: Module freetype.wac:
20:4:19:62 2880 Process 3552: Module gen_hotkeys.dll:
20:4:19:78 2880 Process 3552: Module gen_jumpex.dll:
20:4:19:78 2880 Process 3552: Module POWRPROF.DLL:
20:4:19:78 2880 Process 3552: Module gen_ml.dll:
20:4:19:93 2880 Process 3552: Module ml_nowplaying.dll:
20:4:19:109 2880 Process 3552: Module ml_local.dll:
20:4:19:109 2880 Process 3552: Module ml_playlists.dll:
20:4:19:125 2880 Process 3552: Module ml_addons.dll:
20:4:19:140 2880 Process 3552: Module ml_online.dll:
20:4:19:140 2880 Process 3552: Module ml_wire.dll:
20:4:19:140 2880 Process 3552: Module SETUPAPI.dll:
20:4:19:156 2880 Process 3552: Module ml_disc.dll:
20:4:19:171 2880 Process 3552: Module ml_pmp.dll:
20:4:19:171 2880 Process 3552: Module pmp_ipod.dll:
20:4:19:187 2880 Process 3552: Module pmp_njb.dll:
20:4:19:187 2880 Process 3552: Module LgMsgHk.dll:
20:4:19:187 2880 Process 3552: Module SSSensor.dll:
20:4:19:203 2880 Process 3552: Module pmp_p4s.dll:
20:4:19:203 2880 Process 3552: Module pmp_usb.dll:
20:4:19:218 2880 Process 3552: Module ml_bookmarks.dll:
20:4:19:218 2880 Process 3552: Module ml_history.dll:
20:4:19:218 2880 Process 3552: Module MSWMDM.dll:
20:4:19:234 2880 Process 3552: Module WMVCore.DLL:
20:4:19:234 2880 Process 3552: Module WMASF.DLL:
20:4:19:234 2880 Process 3552: Module ml_autotag.dll:
20:4:19:250 2880 Process 3552: Module ml_impex.dll:
20:4:19:250 2880 Process 3552: Module ml_plg.dll:
20:4:19:265 2880 Process 3552: Module WMDMPS.dll:
20:4:19:265 2880 Process 3552: Module ml_rg.dll:
20:4:19:265 2880 Process 3552: Module ml_transcode.dll:
20:4:19:281 2880 Process 3552: Module gen_orgler.dll:
20:4:19:281 2880 Process 3552: Module gen_tray.dll:
20:4:19:312 2880 Process 3552: Module MsPMSP.dll:
20:4:19:312 2880 Process 3552: Module msi.dll:
20:4:19:312 2880 Process 3552: Module actxprxy.dll:
20:4:19:312 2880 Process 3552: Module RASAPI32.dll:
20:4:19:312 2880 Process 3552: Module rasman.dll:
20:4:19:312 2880 Process 3552: Module TAPI32.dll:
20:4:19:312 2880 Process 3552: Module rtutils.dll:
20:4:19:312 2880 Process 3552: Module msv1_0.dll:
20:4:19:312 2880 Process 3552: Module cryptdll.dll:
20:4:19:312 2880 Process 3552: Module iphlpapi.dll:
20:4:19:312 2880 Process 3552: Module sensapi.dll:
20:4:19:312 2880 Process 3552: Module WSOCK32.dll:
20:4:19:359 2880 Process 3552: Module ieframe.dll:
20:4:19:359 2880 Process 3552: Module mswsock.dll:
20:4:19:359 2880 Process 3552: Module DNSAPI.dll:
20:4:19:359 2880 Process 3552: Module rasadhlp.dll:
20:4:19:359 2880 Process 3552: Module hnetcfg.dll:
20:4:19:390 2880 Process 3552: Module mshtml.dll:
20:4:19:390 2880 Process 3552: Module msls31.dll:
20:4:19:390 2880 Process 3552: Module wshtcpip.dll:
20:4:19:390 2880 Process 3552: Module MLANG.dll:
20:4:19:390 2880 Process 3552: Module msimtf.dll:
20:4:19:390 2880 Process 3552: Module winrnr.dll:
20:4:19:390 2880 Process 3552: Module WLDAP32.dll:
20:4:19:390 2880 Process 3552: Module MPRAPI.dll:
20:4:19:390 2880 Process 3552: Module ACTIVEDS.dll:
20:4:19:406 2880 Process 3552: Module adsldpc.dll:
20:4:19:406 2880 Process 3552: Module ATL.DLL:
20:4:19:406 2880 Process 3552: Module SAMLIB.dll:
20:4:19:406 2880 Process 3552: Module jscript.dll:
20:4:19:406 2880 Process 3552: Module SXS.DLL:
20:4:19:421 2880 Process 3552: Module ImgUtil.dll:
20:4:19:421 2880 Process 3552: Module schannel.dll:
20:4:19:421 2880 Process 3552: Module DDRAW.dll:
20:4:19:421 2880 Process 3552: Module DCIMAN32.dll:
20:4:19:421 2880 Process 3552: Module kbdhook.dll:
20:4:19:421 2880 Process 3552: Module aacPlusDecoder.w5s:
20:4:19:421 2880 Process 3552: Module dsound.dll:
20:4:19:437 2880 Process 3552: Module KsUser.dll:
20:4:19:437 2880 AntiIAT: Current process, skipping...
20:4:19:437 2880
20:4:19:437 2880 Scanning Files ...
20:4:19:437 2880 ZBotMainCure System dir scanning
20:4:19:437 2880 ScanDir: Scanning directory: C:\WINDOWS\system32
20:4:19:437 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:437 2880 ZBotMainCure AppData dir scanning
20:4:19:437 2880 ScanDir: Scanning directory: C:\Documents and Settings\Dieter\Application Data
20:4:19:437 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:437 2880 ScanDir: Scanning directory: C:\Documents and Settings\Dieter\Local Settings\Application Data
20:4:19:437 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:437 2880 ZBotMainCure CommonAppData dir scanning
20:4:19:437 2880 ScanDir: Scanning directory: C:\Documents and Settings\All Users\Application Data
20:4:19:437 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:437 2880 ZBotMainCure Enumerating local profiles dirs
20:4:19:437 2880 ZBotMainCure Processing enum on profile S-1-5-18
20:4:19:437 2880 ScanDir: Scanning directory: C:\WINDOWS\system32\config\systemprofile\Application Data
20:4:19:437 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:453 2880 ScanDir: Scanning directory: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
20:4:19:468 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:468 2880 ScanDir: Scanning directory: C:\WINDOWS\system32\config\systemprofile\Application Data
20:4:19:468 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:468 2880 ScanDir: Scanning directory: C:\Documents and Settings\Dieter\Local Settings\Application Data
20:4:19:468 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:468 2880 ZBotMainCure Processing enum on profile S-1-5-19
20:4:19:468 2880 ScanDir: Scanning directory: C:\Documents and Settings\LocalService\Application Data
20:4:19:468 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:468 2880 ScanDir: Scanning directory: C:\Documents and Settings\LocalService\Local Settings\Application Data
20:4:19:468 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:484 2880 ScanDir: Scanning directory: C:\Documents and Settings\LocalService\Application Data
20:4:19:484 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:484 2880 ScanDir: Scanning directory: C:\Documents and Settings\LocalService\Local Settings\Application Data
20:4:19:484 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:484 2880 ZBotMainCure Processing enum on profile S-1-5-20
20:4:19:484 2880 ScanDir: Scanning directory: C:\Documents and Settings\NetworkService\Application Data
20:4:19:500 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:500 2880 ScanDir: Scanning directory: C:\Documents and Settings\NetworkService\Local Settings\Application Data
20:4:19:500 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:500 2880 ScanDir: Scanning directory: C:\Documents and Settings\NetworkService\Application Data
20:4:19:500 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:500 2880 ScanDir: Scanning directory: C:\Documents and Settings\NetworkService\Local Settings\Application Data
20:4:19:500 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:500 2880 ZBotMainCure Processing enum on profile S-1-5-21-1715567821-746137067-839522115-1004
20:4:19:500 2880 ScanDir: Scanning directory: C:\Documents and Settings\Dieter\Application Data
20:4:19:500 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:500 2880 ScanDir: Scanning directory: C:\Documents and Settings\Dieter\Local Settings\Application Data
20:4:19:500 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:500 2880 ScanDir: Scanning directory: C:\Documents and Settings\Dieter\Application Data
20:4:19:500 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:500 2880 ScanDir: Scanning directory: C:\Documents and Settings\Dieter\Local Settings\Application Data
20:4:19:500 2880 MyNtCreateFile: NtCreateFile returned status 0
20:4:19:500 2880 ZBotMainCure: Enum stopped on index 4 and status 259
20:4:19:500 2880
20:4:19:500 2880
Completed
Results:
20:4:19:500 2880 Infected files: 0
20:4:19:500 2880 Infected threads: 0
20:4:19:500 2880 Hooked imports: 4
20:4:19:500 2880 Deleted files: 0
20:4:19:500 2880 Fixed registry keys: 0
shelf life
2010-05-10, 01:11
ok thanks for the info. All looks good. You can delete the zbotkiller.exe from your desktop.
Last thing to do is make a new restore point. The how and the why:
One of the features of Windows XP, Vista and Windows 7 is the System Restore option. However, if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore. (deletes old possibly infected restore points)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.(creates a new restore point on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot
If all is good on your end, some tips to help stay malware free:
10 Tips for Reducing/Preventing Your Risk To Malware:
In no special order
1) It is essential to keep your OS (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us),(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the auto-update feature. Staying updated is also necessary for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here. (http://secunia.com/vulnerability_scanning/online/)
2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.virusvault.us/signs1.html)that you may have malware on your computer.
3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*. There is no reason why your computer can not stay malware free.
4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem.
5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.
6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?
7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and W7 attempts to address.
8) Install and understand the *limitations* of a software firewall. A firewall is not a solution for attempting to control or catch malware sneaking out.
9) A tool (http://nsslabs.com/general/ie8-hardening-tool.html)for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's.
10) Warez, cracks etc are very popular for carrying all kinds of malware payloads. If you look for these you will encounter malware. If you download/install files via networks, then you are also much more likely to encounter malicious code in a downloaded file. Do you really trust the source of the file? Do you really need another malware source?
A longer version in link below.
Happy Safe Surfing.
Hi shelf life,
Many thanks for your help! Can I uninstall Malwarebytes' Anti-Malware as well, or do you recommend using the programme to scan for viruses/trojans on a regular basis?
I have two final questions:
1. I bought this machine in 2004 and, as far as I can remember, it has never been infected. It has definitely been infection-free since 2006. I try to scan my system every week with Spybot and Ad-Aware and I have not changed my internet behaviour and have no P2P-programmes installed. Do you have an idea how I could have picked up this specific infection, so I can prevent that it happens again?
2. According to http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Zbot the Zbot trojan steals cached web browser passwords. I have never let Firefox remember my user details (login name and passwords), though I use this machine for PC-banking, and I have some passwords stored in my e-mail client (Thunderbird). Is there a risk my login details for PC-banking and Thunderbird have been stolen? Would you recommend changing them?
Many thanks.
shelf life
2010-05-11, 00:24
hi,
Can I uninstall Malwarebytes' Anti-Malware
I would keep it to use as a anti-malware scanner. Note that the free version must be updated manually and a scan started manually. The paid version offers auto-updates and a real time protection feature that runs in the background.
You can pick up malware lots of ways. See tips # 2,4,5,6 and 10. I couldn't say exactly how you got it. Social engineering tricks are by far the most common. Exploits which could take advantage of a unpatched OS or software are not as common, tip # 1.
You must be doing the right thing if you have been malware free for so long.
I couldnt tell you if the trojan was successful grabbing your log in credentials. One indication would be financial transactions that are not your doing. Yes, it couldn't hurt to change all your passwords either. Happy safe surfing.