Page 1 of 6 12345 ... LastLast
Results 1 to 10 of 58

Thread: Extremely SLOW PC

  1. 2011-09-17, 05:37 #1
    gilmore
    gilmore is offline
    Member
    Join Date
    Sep 2011
    Posts
    31

    Default Extremely SLOW PC

    Hello-
    Our PC has been extremely slow. We have a few different users (our kids) on this PC and my user runs somewhat ok, but a few of the kids users are extremely slow - about 7 minutes to boot. Sometimes the web page freezes. I think I ran Norton a few months back, but I don't recall it coming up with anything. I know our hard drive is getting full, but it is just strange that the different users load so slow. I have even taken the time over the last few months deleting programs they no longer use. Could this be some sort of trojan or virus that is just not being picked up from Norton? Please help - we are extremely frustrated!

    Here is the DDS log:
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.5730.11
    Run by Owner at 22:13:26 on 2011-09-16
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.205 [GMT -5:00]
    .
    AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\SoftwareTime\ComputerTime\bin\fbserver.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files\Norton Online\Engine\2.2.0.26\ccSvcHst.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\SoftwareTime\ComputerTime\bin\STProxy.exe
    C:\WINDOWS\system32\svchost.exe -k svcboot_lkais
    C:\WINDOWS\system32\svchost.exe
    svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Norton Online\Engine\2.2.0.26\ccSvcHst.exe
    C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    "C:\WINDOWS\system32\svchost.exe"
    C:\Program Files\SoftwareTime\ComputerTime\bin\ctmn32.exe
    C:\Program Files\SoftwareTime\ComputerTime\bin\stka32.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\QuickTime\QTTask.exe
    D:\iTunesHelper.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\WINDOWS\system32\svchost.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
    BHO: Norton Safety Minder BHO: {b8e07826-0971-4f16-b133-047b88034e89} - c:\program files\norton online\addons\norton safety minder\engine\2.2.0.34\coIEPlg.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
    TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRunOnce: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKCU-RunOnce
    mRun: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKLM-Run
    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "D:\iTunesHelper.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRunOnce: [*ctmn32] "c:\program files\softwaretime\computertime\bin\ctmn32.exe" HKLM-RunOnce
    StartupFolder: c:\docume~1\julieg~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    LSP: c:\windows\system32\STProxy.dll
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: webkins.com\www
    DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
    DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://rescam1.b2science.org/activex/AMC.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{3F815C68-606F-4179-9E43-F7E95177B20C} : DhcpNameServer = 192.168.1.254
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\julie goodwin\application data\mozilla\firefox\profiles\yrou326h.default\
    FF - prefs.js: network.proxy.ftp - :0
    FF - prefs.js: network.proxy.gopher - :0
    FF - prefs.js: network.proxy.http - :0
    FF - prefs.js: network.proxy.socks - :0
    FF - prefs.js: network.proxy.ssl - :0
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\picasa2\npPicasa2.dll
    FF - plugin: c:\program files\picasa2\npPicasa3.dll
    FF - plugin: c:\program files\sony\media go\npmediago.dll
    FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: d:\mozilla plugins\npitunes.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.brc - BRI/1
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-3-24 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-3-24 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-3-24 482432]
    R1 ccSet_NOF;Norton Online Settings Manager;c:\windows\system32\drivers\nof\0202000.01a\ccsetx86.sys [2011-9-15 132744]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20110915.030\IDSXpx86.sys [2011-9-15 356280]
    R2 ComputerTimeServer;ComputerTime Server;c:\program files\softwaretime\computertime\bin\fbserver.exe [2010-10-12 3780608]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-20 10448]
    R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-3-24 117640]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-29 105592]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20110916.018\NAVENG.SYS [2011-9-16 86136]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20110916.018\NAVEX15.SYS [2011-9-16 1576312]
    R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-12-26 25704]
    R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2009-12-26 25704]
    R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2009-12-26 25704]
    R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2009-12-26 25704]
    R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2009-12-26 25704]
    S2 gupdate1c9b9f9fa17bde8;Google Update Service (gupdate1c9b9f9fa17bde8);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]
    S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2007-5-30 39424]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]
    S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\system32\drivers\nsm\0202000.022\symrdr.sys [2011-9-15 196600]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
    S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
    .
    =============== Created Last 30 ================
    .
    2011-09-16 02:52:57 196600 ----a-w- c:\windows\system32\drivers\nsm\0202000.022\symrdr.sys
    2011-09-16 02:52:57 172152 ----a-w- c:\windows\system32\drivers\nsm\0202000.022\symrdrs.sys
    2011-09-16 02:52:52 -------- d-----w- c:\windows\system32\drivers\nsm\0202000.022
    2011-09-16 02:52:16 132744 ----a-w- c:\windows\system32\drivers\nof\0202000.01a\ccsetx86.sys
    2011-09-16 02:52:09 -------- d-----w- c:\windows\system32\drivers\nof\0202000.01A
    2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
    .
    ==================== Find3M ====================
    .
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-08-19 03:15:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-08-16 21:31:00 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2011-08-16 21:31:00 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll
    2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-06-21 18:45:57 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-06-21 18:45:57 17408 ----a-w- c:\windows\system32\corpol.dll
    2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec
    2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
    2006-08-25 23:43:48 11817800 -c----w- c:\program files\GoogleEarth.exe
    2002-07-26 22:02:06 153088 -c--a-w- c:\program files\UNWISE.EXE
    .
    ============= FINISH: 22:16:40.81 ===============


    And I think I attached the attach.txt zipped file.
    I'm not an expert at computers and I hope I posted things correctly.
    I wasn't sure if you wanted the S&D run as of yet. If so, let me know - just trying to post correctly.

    Thank you!
    -Julie
  2. 2011-09-22, 18:22 #2
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello and welcome to Safer Networking.

    I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

    Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

    Please be patient with me during this time.

    Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  3. 2011-09-23, 17:29 #3
    gilmore
    gilmore is offline
    Member
    Join Date
    Sep 2011
    Posts
    31

    Default

    Thank you for helping!
    I have gone through tools so that I get updates on replies.
    This weekend is a little crazy and I will be away from the computer (off and on), so please be patient with me : )
    Thank you!!!
  4. 2011-09-24, 18:22 #4
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello gilmore ,

    Welcome to Safer Networking. I am Jack&Jill, and I will be helping you out.

    Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
    • Please observe and follow these Forum Rules.
    • Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
    • Please read the instructions carefully and follow them closely, in the order they are presented to you.
    • If you have any doubts or problems during the fix, please stop and ask.
    • All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
    • Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
    • Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
    • Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
    • If you do not reply within 3 days, this topic will be closed.

    If you are agreeable to the above, then everything should go smoothly . We may begin.

    --------------------

    Please download aswMBR and save it to your desktop. Click here.
    • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
    • If you need help to disable your protection programs see here and here.
    • Double click the aswMBR.exe file to run it. If you are asked to download an antivirus software, please allow.
    • Click on the Scan button to start. The program will launch a scan.
    • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.
    • Please post the contents of the log in your next reply.


    --------------------

    Please download Malwarebytes' Anti-Malware (MBAM)© from Malwarebytes and save it to your desktop. Click here.

    Run MBAM
    • Double click on mbam-setup.exe and follow the prompts to install the program.
    • At the end of installation, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • MBAM will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update mirror, select one of the websites and click on Check for Updates.
    • Upon completion of update and loading, select the Scanner tab. Click on Perform full scan, then click on Scan.
    • Leave the default options as it is and click on Start Scan.
    • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
    • When done, you will be prompted. Click OK, then click on Show Results.
    • Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
    • After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.


    If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

    --------------------

    Please download MiniToolBox© by farbar and save it to your desktop. Click here.
    • Double click on MiniToolBox.exe to run it.
      Please check (tick) the following options:
      • List last 10 Event Viewer Errors
      • List Users, Partitions and Memory size.
      • List Minidump Files
    • Click on the GO button. A log will open.
    • Please post the contents of this log. It can also be found on the desktop as Result.txt.


    --------------------

    Please post back:
    1. aswMBR log
    2. MBAM report
    3. MiniToolBox result
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  5. 2011-09-27, 00:36 #5
    gilmore
    gilmore is offline
    Member
    Join Date
    Sep 2011
    Posts
    31

    Default

    I kept checking my email all weekend looking for a notification. It didn't occur to me that it would shoot into my junk mail - sorry for the delay. The Malwarebytes' took almost 6 hours - wow, is that normal? I also accidentally clicked on some sort of cyber program that downloaded by accident. Had to wait til the Malwarebytes scan finished and then deleted it -I hope that was ok to do.
    Here are the three reports requested:

    Mini Tool box:
    MiniToolBox by Farbar
    Ran by Julie (administrator) on 26-09-2011 at 17:28:05
    Microsoft Windows XP Service Pack 3 (X86)

    ***************************************************************************

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (09/26/2011 03:16:23 PM) (Source: MSSQL$SQLEXPRESS) (User: )
    Description: Server-level event notifications can not be delivered. Either Service Broker is disabled in msdb, or msdsb failed to start. Event notifications in other databases could be affected as well. Bring msdb online, or enable Service Broker.

    Error: (09/26/2011 03:16:09 PM) (Source: MSSQL$SQLEXPRESS) (User: )
    Description: An error occurred during recovery, preventing the database 'msdb' (database ID 4) from restarting. Diagnose the recovery errors and fix them, or restore from a known good backup. If errors are not corrected or expected, contact Technical Support.

    Error: (09/26/2011 03:16:08 PM) (Source: MSSQL$SQLEXPRESS) (User: )
    Description: The log scan number (103:80:1) passed to log scan in database 'msdb' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

    Error: (09/26/2011 08:01:41 AM) (Source: MSSQL$SQLEXPRESS) (User: )
    Description: Server-level event notifications can not be delivered. Either Service Broker is disabled in msdb, or msdsb failed to start. Event notifications in other databases could be affected as well. Bring msdb online, or enable Service Broker.

    Error: (09/26/2011 08:01:21 AM) (Source: MSSQL$SQLEXPRESS) (User: )
    Description: An error occurred during recovery, preventing the database 'msdb' (database ID 4) from restarting. Diagnose the recovery errors and fix them, or restore from a known good backup. If errors are not corrected or expected, contact Technical Support.

    Error: (09/26/2011 08:01:21 AM) (Source: MSSQL$SQLEXPRESS) (User: )
    Description: The log scan number (103:80:1) passed to log scan in database 'msdb' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

    Error: (09/22/2011 05:54:15 PM) (Source: MSSQL$SQLEXPRESS) (User: )
    Description: Server-level event notifications can not be delivered. Either Service Broker is disabled in msdb, or msdsb failed to start. Event notifications in other databases could be affected as well. Bring msdb online, or enable Service Broker.

    Error: (09/22/2011 05:53:54 PM) (Source: MSSQL$SQLEXPRESS) (User: )
    Description: An error occurred during recovery, preventing the database 'msdb' (database ID 4) from restarting. Diagnose the recovery errors and fix them, or restore from a known good backup. If errors are not corrected or expected, contact Technical Support.

    Error: (09/22/2011 05:53:53 PM) (Source: MSSQL$SQLEXPRESS) (User: )
    Description: The log scan number (103:80:1) passed to log scan in database 'msdb' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

    Error: (09/22/2011 03:45:27 PM) (Source: Application Error) (User: )
    Description: Faulting application ccsvchst.exe, version 11.1.0.16, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
    Processing media-specific event for [ccsvchst.exe!ws!]


    System errors:
    =============




    Malwarebytes:
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7801

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    9/26/2011 3:09:18 PM
    mbam-log-2011-09-26 (15-09-17).txt

    Scan type: Full scan (C:\|D:\|G:\|)
    Objects scanned: 532098
    Time elapsed: 5 hour(s), 44 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\RECYCLER\adapt_installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.




    aswMBR:
    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-26 08:15:51
    -----------------------------
    08:15:51.082 OS Version: Windows 5.1.2600 Service Pack 3
    08:15:51.082 Number of processors: 2 586 0x409
    08:15:51.082 ComputerName: HOMESCHOOL UserName:
    08:15:52.566 Initialize success
    08:17:51.082 AVAST engine defs: 11092600
    08:19:43.675 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
    08:19:43.675 Disk 0 Vendor: WDC_WD1600JS-75NCB3 10.02E04 Size: 152587MB BusType: 3
    08:19:45.691 Disk 0 MBR read successfully
    08:19:45.691 Disk 0 MBR scan
    08:19:45.754 Disk 0 unknown MBR code
    08:19:45.769 Disk 0 scanning sectors +312496380
    08:19:45.832 Disk 0 scanning C:\WINDOWS\system32\drivers
    08:20:07.957 Service scanning
    08:20:09.488 Modules scanning
    08:20:18.129 Disk 0 trace - called modules:
    08:20:18.160 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    08:20:18.160 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d85ab8]
    08:20:18.160 3 CLASSPNP.SYS[f763efd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86d52b00]
    08:20:19.394 AVAST engine scan C:\WINDOWS
    08:20:51.316 AVAST engine scan C:\WINDOWS\system32
    08:23:36.066 AVAST engine scan C:\WINDOWS\system32\drivers
    08:24:03.035 AVAST engine scan C:\Documents and Settings\Julie
    08:27:54.269 AVAST engine scan C:\Documents and Settings\All Users
    08:34:56.972 Scan finished successfully
    08:36:04.191 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Julie \Desktop\MBR.dat"
    08:36:04.191 The log file has been saved successfully to "C:\Documents and Settings\Julie \Desktop\aswMBR.txt"
  6. 2011-09-27, 02:19 #6
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello gilmore ,

    No worries about the timing. As long as you reply within 3 days, it is good enough for me. Scan time depend very much on the severity of infection, the size of your hard drive and the number of files. Looking at what you have, yes I would say it is normal for Malwarebytes' Anti-Malware needing 6 hours.

    The MiniToolBox result appears incomplete. Could you please check the log file? If it is incomplete, please run it again and post back the results.
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  7. 2011-09-27, 02:58 #7
    gilmore
    gilmore is offline
    Member
    Join Date
    Sep 2011
    Posts
    31

    Default

    Here is the mini tool box results:
    MiniToolBox by Farbar
    Ran by Julie (administrator) on 26-09-2011 at 19:54:50
    Microsoft Windows XP Service Pack 3 (X86)

    ***************************************************************************

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (09/26/2011 05:45:56 PM) (Source: MSSQL$SQLEXPRESS) (User: )
    Description: Server-level event notifications can not be delivered. Either Service Broker is disabled in msdb, or msdsb failed to start. Event notifications in other databases could be affected as well. Bring msdb online, or enable Service Broker.

    Error: (09/26/2011 05:45:44 PM) (Source: MSSQL$SQLEXPRESS) (User: )
    Description: An error occurred during recovery, preventing the database 'msdb' (database ID 4) from restarting. Diagnose the recovery errors and fix them, or restore from a known good backup. If errors are not corrected or expected, contact Technical Support.

    Error: (09/26/2011 05:45:43 PM) (Source: MSSQL$SQLEXPRESS) (User: )
    Description: The log scan number (103:80:1) passed to log scan in database 'msdb' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

    Error: (09/26/2011 03:16:23 PM) (Source: MSSQL$SQLEXPRESS) (User: )
    Description: Server-level event notifications can not be delivered. Either Service Broker is disabled in msdb, or msdsb failed to start. Event notifications in other databases could be affected as well. Bring msdb online, or enable Service Broker.

    Error: (09/26/2011 03:16:09 PM) (Source: MSSQL$SQLEXPRESS) (User: )
    Description: An error occurred during recovery, preventing the database 'msdb' (database ID 4) from restarting. Diagnose the recovery errors and fix them, or restore from a known good backup. If errors are not corrected or expected, contact Technical Support.

    Error: (09/26/2011 03:16:08 PM) (Source: MSSQL$SQLEXPRESS) (User: )
    Description: The log scan number (103:80:1) passed to log scan in database 'msdb' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

    Error: (09/26/2011 08:01:41 AM) (Source: MSSQL$SQLEXPRESS) (User: )
    Description: Server-level event notifications can not be delivered. Either Service Broker is disabled in msdb, or msdsb failed to start. Event notifications in other databases could be affected as well. Bring msdb online, or enable Service Broker.

    Error: (09/26/2011 08:01:21 AM) (Source: MSSQL$SQLEXPRESS) (User: )
    Description: An error occurred during recovery, preventing the database 'msdb' (database ID 4) from restarting. Diagnose the recovery errors and fix them, or restore from a known good backup. If errors are not corrected or expected, contact Technical Support.

    Error: (09/26/2011 08:01:21 AM) (Source: MSSQL$SQLEXPRESS) (User: )
    Description: The log scan number (103:80:1) passed to log scan in database 'msdb' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

    Error: (09/22/2011 05:54:15 PM) (Source: MSSQL$SQLEXPRESS) (User: )
    Description: Server-level event notifications can not be delivered. Either Service Broker is disabled in msdb, or msdsb failed to start. Event notifications in other databases could be affected as well. Bring msdb online, or enable Service Broker.


    System errors:
    =============
    Error: (09/26/2011 05:47:18 PM) (Source: Service Control Manager) (User: )
    Description: The STProxy service terminated unexpectedly. It has done this 1 time(s).

    Error: (09/26/2011 05:47:18 PM) (Source: Service Control Manager) (User: )
    Description: The STProxy service hung on starting.

    Error: (09/26/2011 05:15:33 PM) (Source: Service Control Manager) (User: )
    Description: The Process creation detector. service failed to start due to the following error:
    %%2

    Error: (09/26/2011 05:15:32 PM) (Source: Service Control Manager) (User: )
    Description: The Process creation detector. service failed to start due to the following error:
    %%2

    Error: (09/26/2011 05:15:32 PM) (Source: Service Control Manager) (User: )
    Description: The Process creation detector. service failed to start due to the following error:
    %%2

    Error: (09/26/2011 03:17:46 PM) (Source: Service Control Manager) (User: )
    Description: The STProxy service terminated unexpectedly. It has done this 1 time(s).

    Error: (09/26/2011 03:17:38 PM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    IntelIde

    Error: (09/26/2011 03:17:38 PM) (Source: Service Control Manager) (User: )
    Description: The STProxy service hung on starting.

    Error: (09/26/2011 08:02:13 AM) (Source: Service Control Manager) (User: )
    Description: The SeaPort service failed to start due to the following error:
    %%1053

    Error: (09/26/2011 08:02:13 AM) (Source: Service Control Manager) (User: )
    Description: Timeout (30000 milliseconds) waiting for the SeaPort service to connect.


    Microsoft Office Sessions:
    =========================
    Error: (09/26/2011 05:45:56 PM) (Source: MSSQL$SQLEXPRESS)(User: )
    Description:

    Error: (09/26/2011 05:45:44 PM) (Source: MSSQL$SQLEXPRESS)(User: )
    Description: msdb4

    Error: (09/26/2011 05:45:43 PM) (Source: MSSQL$SQLEXPRESS)(User: )
    Description: (103:80:1)msdb

    Error: (09/26/2011 03:16:23 PM) (Source: MSSQL$SQLEXPRESS)(User: )
    Description:

    Error: (09/26/2011 03:16:09 PM) (Source: MSSQL$SQLEXPRESS)(User: )
    Description: msdb4

    Error: (09/26/2011 03:16:08 PM) (Source: MSSQL$SQLEXPRESS)(User: )
    Description: (103:80:1)msdb

    Error: (09/26/2011 08:01:41 AM) (Source: MSSQL$SQLEXPRESS)(User: )
    Description:

    Error: (09/26/2011 08:01:21 AM) (Source: MSSQL$SQLEXPRESS)(User: )
    Description: msdb4

    Error: (09/26/2011 08:01:21 AM) (Source: MSSQL$SQLEXPRESS)(User: )
    Description: (103:80:1)msdb

    Error: (09/22/2011 05:54:15 PM) (Source: MSSQL$SQLEXPRESS)(User: )
    Description:


    ========================= Memory info: ===================================

    Percentage of memory in use: 65%
    Total physical RAM: 1014.07 MB
    Available physical RAM: 351.04 MB
    Total Pagefile: 2440.82 MB
    Available Pagefile: 1864.8 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1967.65 MB

    ========================= Partitions: =====================================

    1 Drive c: () (Fixed) (Total:108.59 GB) (Free:22.78 GB) NTFS
    2 Drive d: (Backup) (Fixed) (Total:37.24 GB) (Free:37.03 GB) NTFS
    3 Drive e: (Math 6 - 1) (CDROM) (Total:0.4 GB) (Free:0 GB) CDFS
    5 Drive g: (Expansion Drive) (Fixed) (Total:465.76 GB) (Free:379.98 GB) NTFS

    ========================= Users: ========================================

    User accounts for \\HOMESCHOOL

    Administrator Dad Guest
    HelpAssistant Julie Madison
    Patrick PJG Sean
    SUPPORT_388945a0

    ========================= Minidump Files ==================================

    C:\WINDOWS\Minidump\Mini051310-01.dmp
    C:\WINDOWS\Minidump\Mini051810-01.dmp
    C:\WINDOWS\Minidump\Mini052610-01.dmp
    C:\WINDOWS\Minidump\Mini060711-01.dmp

    **** End of log ****
  8. 2011-09-27, 04:31 #8
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello gilmore ,

    Firstly, the RAM is marginally adequate. You might want to consider upgrading.

    Next, lets clear off some clutter.

    Please download ATF (Atribune Temp File) Cleaner© by Atribune from one of the links below and save it to your desktop.

    Link 1
    Link 2

    Run ATF Cleaner
    • Exit all browsers.
    • Double-click ATF Cleaner.exe to open it.
    • Click Run if prompted.
    • At the bottom of the list, check (tick) Select All.
    • Note: If you would like to keep your cookies, please uncheck this option as it will remove all cookies, including the useful ones you may want to keep.
    • Then click the Empty Selected button.
    • Firefox:
      • Click Firefox at the top and choose: Select All. Uncheck the cookies option if you want to keep them.
      • Click the Empty Selected button.
      • Note: If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.


    --------------------

    Check your hard disk for error
    • Go to Start > Run.... Copy and paste the following text into the white box:
      Code:
      cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
    • Click OK. A command prompt window will appear for a while. Please wait until it closes.
    • Post the contents of checkhd.txt. It is found on your desktop.


    --------------------

    Please close all programs and do not run any others before and during the Rootkit Unhooker scan. Do not use the computer for anything else until after the scan is completed.

    Please download Rootkit Unhooker and save it to your desktop. Click here.
    • Double click RKUnhookerLE.exe to run it.
    • Click the Report tab, then click Scan.
    • Ensure the following are checked (ticked):
      • Drivers
      • Stealth Code
      • Files
      • Code Hooks
    • Uncheck the rest, then click OK. An initial scan will be performed.
    • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
    • Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
    • Save the report somewhere you can find it. Click Close to exit.
    • Copy the entire contents of the report and paste it in your next reply.


    You may get a warning about parasite detection. Please click OK to continue.

    --------------------

    Please post back:
    1. chkdsk result
    2. Rootkit Unhooker log
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  9. 2011-09-27, 13:45 #9
    gilmore
    gilmore is offline
    Member
    Join Date
    Sep 2011
    Posts
    31

    Default

    I ran the ATF Cleaner then the checkhd.txtx and the Rootkit. Posting in two posts because the log is too long,
    Thank you!





    The type of the file system is NTFS.

    WARNING! F parameter not specified.
    Running CHKDSK in read-only mode.

    CHKDSK is verifying files (stage 1 of 3)...
    CHKDSK is verifying indexes (stage 2 of 3)...
    CHKDSK is recovering lost files.
    Recovering orphaned file ETILQS~2 (18017) into directory file 2612.
    Recovering orphaned file etilqs_CCXIClg2H89RbJi (18017) into directory file 2612.
    Recovering orphaned file EXTENS~2.SQL (50430) into directory file 178084.
    Recovering orphaned file extensions.sqlite-journal (50430) into directory file 178084.
    Recovering orphaned file PLACES~2.SQL (66750) into directory file 178084.
    Recovering orphaned file places.sqlite-wal (66750) into directory file 178084.
    Recovering orphaned file parent.lock (148866) into directory file 178084.
    Recovering orphaned file PARENT~1.LOC (148866) into directory file 178084.
    Recovering orphaned file COOKIE~2.SQL (153131) into directory file 178084.
    Recovering orphaned file cookies.sqlite-wal (153131) into directory file 178084.
    Recovering orphaned file COOKIE~3.SQL (153136) into directory file 178084.
    Recovering orphaned file cookies.sqlite-shm (153136) into directory file 178084.
    Recovering orphaned file PLACES~3.SQL (153139) into directory file 178084.
    Recovering orphaned file places.sqlite-shm (153139) into directory file 178084.
    CHKDSK is verifying security descriptors (stage 3 of 3)...
    CHKDSK is verifying Usn Journal...
    Usn Journal verification completed.
    Correcting errors in the master file table's (MFT) BITMAP attribute.
    Correcting errors in the Volume Bitmap.
    Windows found problems with the file system.
    Run CHKDSK with the /F (fix) option to correct these.

    113860687 KB total disk space.
    89111524 KB in 152859 files.
    65200 KB in 31505 indexes.
    0 KB in bad sectors.
    547311 KB in use by the system.
    65536 KB occupied by the log file.
    24136652 KB available on disk.

    4096 bytes in each allocation unit.
    28465171 total allocation units on disk.
    6034163 allocation units available on disk.







    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2154496 bytes
    0x804D7000 RAW 2154496 bytes
    0x804D7000 WMIxWDM 2154496 bytes
    0xBF800000 Win32k 1859584 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xF716D000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1306624 bytes (Intel Corporation, Intel Graphics Miniport Driver)
    0xF6FB7000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
    0xAA6C8000 C:\WINDOWS\system32\drivers\sthda.sys 1015808 bytes (SigmaTel, Inc., NDRC)
    0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 929792 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
    0xF6F10000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)
    0xF734C000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xAA2FC000 C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys 503808 bytes (Symantec Corporation, Common Client Hash Provider Driver)
    0xAA181000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
    0xAA3F3000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xAA395000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
    0xF6DA0000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xAA4D8000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110923.030\IDSxpx86.sys 372736 bytes (Symantec Corporation, IDS Core Driver)
    0xAA5F0000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xA9A97000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
    0xF7406000 SYMEFA.SYS 323584 bytes
    0xBF15A000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xAA2BA000 C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys 270336 bytes (Symantec Corporation, BASH Driver)
    0xA9BDF000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
    0xF70D9000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
    0xAA5BC000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS 212992 bytes (Symantec Corporation, Network Dispatch Driver)
    0xF74CF000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xF6D72000 C:\WINDOWS\system32\DRIVERS\MarvinBus.sys 188416 bytes (Pinnacle Systems GmbH, Pinnacle Marvin Discrete Bus Enumerator)
    0xA9D38000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xF731F000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xAA463000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xF7131000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
    0xAA4B0000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xF6EEA000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
    0xAA596000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
    0xAA548000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library)
    0xAA67C000 C:\WINDOWS\system32\drivers\NOF\0202000.01A\ccSetx86.sys 147456 bytes (Symantec Corporation, Common Client Settings Driver)
    0xF6EC6000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xF710D000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xF70B6000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xAA48E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
    0x806E5000 ACPI_HAL 134400 bytes
    0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xF7467000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xF749F000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xAA377000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
    0xF7305000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xF7487000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xA9FAB000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
    0xAA169000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
    0xF73D9000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xF6EAF000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xA9FC3000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
    0xA9F95000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF73F0000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
    0xAA533000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS 86016 bytes (Symantec Corporation, Firewall Filter Driver)
    0xA91D8000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xF7159000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xAA649000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xF7455000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xA98A5000 C:\WINDOWS\system32\drivers\tmcomm.sys 73728 bytes (Trend Micro Inc., TrendMicro Common Module)
    0xF74BE000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xF6E9E000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xF782E000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xF768E000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xF76CE000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xF769E000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xAA0A1000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xF779E000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
    0xF783E000 C:\WINDOWS\System32\Drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
    0xF763E000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xF771E000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xF761E000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xF773E000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xF77FE000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xF76AE000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xF760E000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xF772E000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xAA29A000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
    0xF75FE000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xF776E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xF77EE000 C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
    0xF775E000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xF76BE000 C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys 40960 bytes (Wondershare, Wondershare Virtual Audio Device)
    0xF76DE000 C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys 40960 bytes (Wondershare, Wondershare Virtual Audio Device)
    0xF76EE000 C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys 40960 bytes (Wondershare, Wondershare Virtual Audio Device)
    0xF76FE000 C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys 40960 bytes (Wondershare, Wondershare Virtual Audio Device)
    0xF770E000 C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys 40960 bytes (Wondershare, Wondershare Virtual Audio Device)
    0xA8D92000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0xF762E000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xF784E000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
    0xF767E000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
    0xF774E000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xF77CE000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xF764E000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0xF77BE000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xF79BE000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
    0xF79C6000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
    0xF78EE000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
    0xF7896000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xF798E000 C:\WINDOWS\system32\DRIVERS\SymIM.sys 32768 bytes (Symantec Corporation, NDIS Intermediate Driver)
    0xF78DE000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS 32768 bytes (Symantec Corporation, NDIS Filter Driver)
    0xF79B6000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0xF78D6000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xAA111000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF79E6000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0xF787E000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xF78FE000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS 28672 bytes (Symantec Corporation, IDS Filter Driver)
    0xF796E000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
    0xF79CE000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
    0xF7906000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0xF797E000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xF799E000 C:\WINDOWS\System32\Drivers\LUsbFilt.Sys 24576 bytes (Logitech, Inc., Logitech USB Filter Driver.)
    0xF7986000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xF78CE000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0xF79EE000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xF79FE000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xF7886000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xF7966000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xF7976000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xF7956000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xF7A06000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xAA031000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF72AC000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xF72C8000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
    0xF7ACE000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xAA035000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xF6D56000 C:\WINDOWS\system32\drivers\pclepci.sys 16384 bytes (Pinnacle Systems GmbH, PCLEPCI)
    0xA9F85000 C:\WINDOWS\system32\DRIVERS\wpsnuio.sys 16384 bytes (Skyhook Wireless, WPS NDIS User Mode I/O Driver)
    0xF7A0E000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xAA57A000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xAA6A8000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0xF7A8E000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
    0xA9C44000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
    0xF72B4000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xF7ABA000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xF7AA6000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xF6D66000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
    0xF7B36000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xF7B1E000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
    0xF7BB4000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF7B82000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
    0xF7B66000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
    0xF7B32000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xF7B02000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
    0xF7AFE000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xF7B3A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xF7B3E000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xF7B24000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
    0xF7B28000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xF7B2E000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xF7B00000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xF7D11000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xF7C16000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
    0xF7D0B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xF7CA8000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
    0xF7C0A000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xF7BC6000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    ==============================================
    >Stealth
    ==============================================
    WARNING: Virus alike driver modification [Hdaudio.sys]
    WARNING: Virus alike driver modification [cpqdap01.sys]
    WARNING: Virus alike driver modification [nikedrv.sys]
    WARNING: Virus alike driver modification [rio8drv.sys]
    WARNING: Virus alike driver modification [riodrv.sys]
    WARNING: Virus alike driver modification [fsvga.sys]
    WARNING: Virus alike driver modification [smclib.sys]
    WARNING: Virus alike driver modification [iqvw32.sys]
    WARNING: Virus alike driver modification [tsbvcap.sys]
    WARNING: Virus alike driver modification [emStream.sys]
    WARNING: Virus alike driver modification [atwpkt2.sys]
    WARNING: Virus alike driver modification [cinemst2.sys]
    WARNING: Virus alike driver modification [atmepvc.sys]
    WARNING: Virus alike driver modification [atwpkt264.sys]
    WARNING: Virus alike driver modification [rawwan.sys]
    WARNING: Virus alike driver modification [atmuni.sys]
    WARNING: Virus alike driver modification [tosdvd.sys]
    WARNING: Virus alike driver modification [nwlnkspx.sys]
    WARNING: Virus alike driver modification [vdmindvd.sys]
    WARNING: Virus alike driver modification [rootmdm.sys]
    WARNING: Virus alike driver modification [nwlnknb.sys]
    WARNING: Virus alike driver modification [mcd.sys]
    ==============================================
    >Files
    ==============================================
    !-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini::$DATA
    !-->[Hidden] C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-160E1F62.pf
    ==============================================
    >Hooks
    ==============================================
    ntkrnlpa.exe+0x0002D4CC, Type: Inline - RelativeJump 0x805044CC-->805044AF [ntkrnlpa.exe]
    ntkrnlpa.exe+0x0002D550, Type: Inline - RelativeJump 0x80504550-->805044E1 [ntkrnlpa.exe]
    ntkrnlpa.exe+0x0002D6A4, Type: Inline - RelativeJump 0x805046A4-->8050467D [ntkrnlpa.exe]
    ntkrnlpa.exe+0x0002D7D4, Type: Inline - RelativeJump 0x805047D4-->805047B5 [ntkrnlpa.exe]
    ntkrnlpa.exe+0x0002D884, Type: Inline - RelativeJump 0x80504884-->8050484A [ntkrnlpa.exe]
    ntkrnlpa.exe+0x0006ECEE, Type: Inline - RelativeJump 0x80545CEE-->80545CF5 [ntkrnlpa.exe]
    [1156]SetPoint.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->01970000 [unknown_code_page]
    [1156]SetPoint.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->018F0000 [unknown_code_page]
    [1156]SetPoint.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->01900000 [unknown_code_page]
    [1156]SetPoint.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->01960000 [unknown_code_page]
    [1156]SetPoint.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->01930000 [unknown_code_page]
    [1156]SetPoint.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->01950000 [unknown_code_page]
    [1156]SetPoint.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->01940000 [unknown_code_page]
    [1156]SetPoint.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->01980000 [unknown_code_page]
    [1156]SetPoint.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->01910000 [unknown_code_page]
    [1156]SetPoint.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->01960000 [unknown_code_page]
    [1156]SetPoint.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->01930000 [unknown_code_page]
    [1156]SetPoint.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->01950000 [unknown_code_page]
    [1156]SetPoint.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->01940000 [unknown_code_page]
    [1156]SetPoint.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->01910000 [unknown_code_page]
    [1156]SetPoint.exe-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x00447068-->018F0000 [unknown_code_page]
    [1156]SetPoint.exe-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x00447070-->01900000 [unknown_code_page]
    [1156]SetPoint.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00447140-->01960000 [unknown_code_page]
    [1156]SetPoint.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0044714C-->01930000 [unknown_code_page]
    [1156]SetPoint.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0044708C-->01950000 [unknown_code_page]
    [1156]SetPoint.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x00447128-->01940000 [unknown_code_page]
    [1156]SetPoint.exe-->kernel32.dll-->SuspendThread, Type: IAT modification 0x00447130-->01920000 [unknown_code_page]
    [1156]SetPoint.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x00447118-->01910000 [unknown_code_page]
    [1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->01990000 [unknown_code_page]
    [1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->01970000 [unknown_code_page]
    [1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->018F0000 [unknown_code_page]
    [1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->019A0000 [unknown_code_page]
    [1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->01900000 [unknown_code_page]
    [1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->01960000 [unknown_code_page]
    [1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->01930000 [unknown_code_page]
    [1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->019B0000 [unknown_code_page]
    [1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->01950000 [unknown_code_page]
    [1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->01940000 [unknown_code_page]
    [1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->01980000 [unknown_code_page]
    [1156]SetPoint.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->01910000 [unknown_code_page]
    [1156]SetPoint.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->019C0000 [unknown_code_page]
    [1156]SetPoint.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->018F0000 [unknown_code_page]
    [1156]SetPoint.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->01900000 [unknown_code_page]
    [1156]SetPoint.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->01960000 [unknown_code_page]
    [1156]SetPoint.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->01930000 [unknown_code_page]
    [1156]SetPoint.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->01950000 [unknown_code_page]
    [1156]SetPoint.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->01940000 [unknown_code_page]
    [1156]SetPoint.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->01910000 [unknown_code_page]
    [1700]stka32.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->01070000 [unknown_code_page]
    [1700]stka32.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->01030000 [unknown_code_page]
    [1700]stka32.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->01040000 [unknown_code_page]
    [1700]stka32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00FD0000 [unknown_code_page]
    [1700]stka32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00FC0000 [unknown_code_page]
    [1700]stka32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->01060000 [unknown_code_page]
    [1700]stka32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->01050000 [unknown_code_page]
    [1700]stka32.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->00FB0000 [unknown_code_page]
    [1700]stka32.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->00FA0000 [unknown_code_page]
    [1700]stka32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00FD0000 [unknown_code_page]
    [1700]stka32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00FC0000 [unknown_code_page]
    [1700]stka32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->01060000 [unknown_code_page]
    [1700]stka32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->01050000 [unknown_code_page]
    [1700]stka32.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->00FA0000 [unknown_code_page]
    [1700]stka32.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00453184-->00FD0000 [unknown_code_page]
    [1700]stka32.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00453180-->00FC0000 [unknown_code_page]
    [1700]stka32.exe-->kernel32.dll-->OpenProcess, Type: IAT modification 0x004531B8-->00FB0000 [unknown_code_page]
    [1700]stka32.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x00453168-->00FA0000 [unknown_code_page]
    [1700]stka32.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->00FF0000 [unknown_code_page]
    [1700]stka32.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->01070000 [unknown_code_page]
    [1700]stka32.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->01030000 [unknown_code_page]
    [1700]stka32.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->01000000 [unknown_code_page]
    [1700]stka32.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->01040000 [unknown_code_page]
    [1700]stka32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00FD0000 [unknown_code_page]
    [1700]stka32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00FC0000 [unknown_code_page]
    [1700]stka32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->01020000 [unknown_code_page]
    [1700]stka32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->01060000 [unknown_code_page]
    [1700]stka32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->01050000 [unknown_code_page]
    [1700]stka32.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->00FB0000 [unknown_code_page]
    [1700]stka32.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->00FA0000 [unknown_code_page]
    [1700]stka32.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->00FE0000 [unknown_code_page]
    [1700]stka32.exe-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x00453534-->00FE0000 [unknown_code_page]
    [1700]stka32.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->01030000 [unknown_code_page]
    [1700]stka32.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->01040000 [unknown_code_page]
    [1700]stka32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00FD0000 [unknown_code_page]
    [1700]stka32.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00FC0000 [unknown_code_page]
    [1700]stka32.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->01060000 [unknown_code_page]
    [1700]stka32.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->01050000 [unknown_code_page]
    [1700]stka32.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->00FA0000 [unknown_code_page]
    [1700]stka32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00FD0000 [unknown_code_page]
    [1700]stka32.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00FC0000 [unknown_code_page]
    [1700]stka32.exe-->ws2_32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x71AB10D0-->00FA0000 [unknown_code_page]
    [216]hpwuschd2.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->00CE0000 [unknown_code_page]
    [216]hpwuschd2.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->00CA0000 [unknown_code_page]
    [216]hpwuschd2.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->00CB0000 [unknown_code_page]
    [216]hpwuschd2.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00C90000 [unknown_code_page]
    [216]hpwuschd2.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00C80000 [unknown_code_page]
    [216]hpwuschd2.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00CD0000 [unknown_code_page]
    [216]hpwuschd2.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00CC0000 [unknown_code_page]
    [216]hpwuschd2.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->00CF0000 [unknown_code_page]
    [216]hpwuschd2.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->00C70000 [unknown_code_page]
    [216]hpwuschd2.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00C90000 [unknown_code_page]
    [216]hpwuschd2.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00C80000 [unknown_code_page]
    [216]hpwuschd2.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00CD0000 [unknown_code_page]
    [216]hpwuschd2.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00CC0000 [unknown_code_page]
    [216]hpwuschd2.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->00C70000 [unknown_code_page]
    [216]hpwuschd2.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00408064-->00C90000 [unknown_code_page]
    [216]hpwuschd2.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00408048-->00C80000 [unknown_code_page]
    [216]hpwuschd2.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x00408088-->00C70000 [unknown_code_page]
    [216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->00D00000 [unknown_code_page]
    [216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->00CE0000 [unknown_code_page]
    [216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->00CA0000 [unknown_code_page]
    [216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->00D10000 [unknown_code_page]
    [216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->00CB0000 [unknown_code_page]
    [216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00C90000 [unknown_code_page]
    [216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00C80000 [unknown_code_page]
    [216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00D20000 [unknown_code_page]
    [216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00CD0000 [unknown_code_page]
    [216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00CC0000 [unknown_code_page]
    [216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->00CF0000 [unknown_code_page]
    [216]hpwuschd2.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->00C70000 [unknown_code_page]
    [216]hpwuschd2.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->00D30000 [unknown_code_page]
    [216]hpwuschd2.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->00CA0000 [unknown_code_page]
    [216]hpwuschd2.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->00CB0000 [unknown_code_page]
    [216]hpwuschd2.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00C90000 [unknown_code_page]
    [216]hpwuschd2.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00C80000 [unknown_code_page]
    [216]hpwuschd2.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00CD0000 [unknown_code_page]
    [216]hpwuschd2.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00CC0000 [unknown_code_page]
    [216]hpwuschd2.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->00C70000 [unknown_code_page]
    [2344]QTTask.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->00C60000 [unknown_code_page]
    [2344]QTTask.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->00C40000 [unknown_code_page]
    [2344]QTTask.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->00C50000 [unknown_code_page]
    [2344]QTTask.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00C10000 [unknown_code_page]
    [2344]QTTask.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00BF0000 [unknown_code_page]
    [2344]QTTask.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00C30000 [unknown_code_page]
    [2344]QTTask.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00C20000 [unknown_code_page]
    [2344]QTTask.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->00BE0000 [unknown_code_page]
    [2344]QTTask.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->00BD0000 [unknown_code_page]
    [2344]QTTask.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00C10000 [unknown_code_page]
    [2344]QTTask.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00BF0000 [unknown_code_page]
    [2344]QTTask.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00C30000 [unknown_code_page]
    [2344]QTTask.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00C20000 [unknown_code_page]
    [2344]QTTask.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->00BD0000 [unknown_code_page]
    [2344]QTTask.exe-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x0044C090-->00BC0000 [unknown_code_page]
    [2344]QTTask.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0044C108-->00C10000 [unknown_code_page]
    [2344]QTTask.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0044C104-->00BF0000 [unknown_code_page]
    [2344]QTTask.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x0044C05C-->00C00000 [unknown_code_page]
    [2344]QTTask.exe-->kernel32.dll-->OpenProcess, Type: IAT modification 0x0044C0F8-->00BE0000 [unknown_code_page]
    [2344]QTTask.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x0044C068-->00BD0000 [unknown_code_page]
    [2344]QTTask.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->00BC0000 [unknown_code_page]
    [2344]QTTask.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->00C60000 [unknown_code_page]
    [2344]QTTask.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->00C40000 [unknown_code_page]
    [2344]QTTask.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->00C70000 [unknown_code_page]
    [2344]QTTask.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->00C50000 [unknown_code_page]
    [2344]QTTask.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00C10000 [unknown_code_page]
    [2344]QTTask.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00BF0000 [unknown_code_page]
    [2344]QTTask.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00C00000 [unknown_code_page]
    [2344]QTTask.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00C30000 [unknown_code_page]
    [2344]QTTask.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00C20000 [unknown_code_page]
    [2344]QTTask.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->00BE0000 [unknown_code_page]

    *** Continued next post ***
  10. 2011-09-27, 13:45 #10
    gilmore
    gilmore is offline
    Member
    Join Date
    Sep 2011
    Posts
    31

    Default

    *** Continued ***
    [2344]QTTask.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->00BD0000 [unknown_code_page]
    [2344]QTTask.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->00C80000 [unknown_code_page]
    [2344]QTTask.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->00C40000 [unknown_code_page]
    [2344]QTTask.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->00C50000 [unknown_code_page]
    [2344]QTTask.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00C10000 [unknown_code_page]
    [2344]QTTask.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00BF0000 [unknown_code_page]
    [2344]QTTask.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00C30000 [unknown_code_page]
    [2344]QTTask.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00C20000 [unknown_code_page]
    [2344]QTTask.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->00BD0000 [unknown_code_page]
    [2604]explorer.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->00DB0000 [unknown_code_page]
    [2604]explorer.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->00D10000 [unknown_code_page]
    [2604]explorer.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->00D20000 [unknown_code_page]
    [2604]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00D90000 [unknown_code_page]
    [2604]explorer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00D50000 [unknown_code_page]
    [2604]explorer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00D80000 [unknown_code_page]
    [2604]explorer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00D60000 [unknown_code_page]
    [2604]explorer.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->00D40000 [unknown_code_page]
    [2604]explorer.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->00D30000 [unknown_code_page]
    [2604]explorer.exe-->crypt32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x77A8120C-->00DC0000 [unknown_code_page]
    [2604]explorer.exe-->crypt32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77A81210-->00D10000 [unknown_code_page]
    [2604]explorer.exe-->crypt32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x77A81214-->00DD0000 [unknown_code_page]
    [2604]explorer.exe-->crypt32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77A81218-->00D20000 [unknown_code_page]
    [2604]explorer.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->00D90000 [unknown_code_page]
    [2604]explorer.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77A81190-->00D50000 [unknown_code_page]
    [2604]explorer.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x77A811F8-->00D70000 [unknown_code_page]
    [2604]explorer.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77A811FC-->00D80000 [unknown_code_page]
    [2604]explorer.exe-->crypt32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77A811AC-->00D30000 [unknown_code_page]
    [2604]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00D90000 [unknown_code_page]
    [2604]explorer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00D50000 [unknown_code_page]
    [2604]explorer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00D80000 [unknown_code_page]
    [2604]explorer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00D60000 [unknown_code_page]
    [2604]explorer.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->00D30000 [unknown_code_page]
    [2604]explorer.exe-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x01001188-->00D10000 [unknown_code_page]
    [2604]explorer.exe-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x01001184-->00D20000 [unknown_code_page]
    [2604]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00D90000 [unknown_code_page]
    [2604]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x010011D4-->00D50000 [unknown_code_page]
    [2604]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x0100112C-->00D70000 [unknown_code_page]
    [2604]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0100117C-->00D80000 [unknown_code_page]
    [2604]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x01001254-->00D60000 [unknown_code_page]
    [2604]explorer.exe-->kernel32.dll-->OpenProcess, Type: IAT modification 0x010011CC-->00D40000 [unknown_code_page]
    [2604]explorer.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x010011F0-->00D30000 [unknown_code_page]
    [2604]explorer.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->00DC0000 [unknown_code_page]
    [2604]explorer.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->00DB0000 [unknown_code_page]
    [2604]explorer.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->00D10000 [unknown_code_page]
    [2604]explorer.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->00DD0000 [unknown_code_page]
    [2604]explorer.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->00D20000 [unknown_code_page]
    [2604]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00D90000 [unknown_code_page]
    [2604]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00D50000 [unknown_code_page]
    [2604]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00D70000 [unknown_code_page]
    [2604]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00D80000 [unknown_code_page]
    [2604]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00D60000 [unknown_code_page]
    [2604]explorer.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->00D40000 [unknown_code_page]
    [2604]explorer.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->00D30000 [unknown_code_page]
    [2604]explorer.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->00DA0000 [unknown_code_page]
    [2604]explorer.exe-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x01001688-->00DA0000 [unknown_code_page]
    [2604]explorer.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->00D10000 [unknown_code_page]
    [2604]explorer.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->00D20000 [unknown_code_page]
    [2604]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00D90000 [unknown_code_page]
    [2604]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00D50000 [unknown_code_page]
    [2604]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00D80000 [unknown_code_page]
    [2604]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00D60000 [unknown_code_page]
    [2604]explorer.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->00D30000 [unknown_code_page]
    [2604]explorer.exe-->wininet.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x3D93127C-->00DC0000 [unknown_code_page]
    [2604]explorer.exe-->wininet.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x3D931284-->00DD0000 [unknown_code_page]
    [2604]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00D90000 [unknown_code_page]
    [2604]explorer.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D931484-->00D50000 [unknown_code_page]
    [2604]explorer.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931418-->00D80000 [unknown_code_page]
    [2604]explorer.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D9313EC-->00D60000 [unknown_code_page]
    [2604]explorer.exe-->wininet.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x3D931470-->00D30000 [unknown_code_page]
    [2604]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->5CB77774 [shimeng.dll]
    [3224]ctmn32.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->022B0000 [unknown_code_page]
    [3224]ctmn32.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->02270000 [unknown_code_page]
    [3224]ctmn32.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->02280000 [unknown_code_page]
    [3224]ctmn32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->02220000 [unknown_code_page]
    [3224]ctmn32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->02210000 [unknown_code_page]
    [3224]ctmn32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->022A0000 [unknown_code_page]
    [3224]ctmn32.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->02290000 [unknown_code_page]
    [3224]ctmn32.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->02200000 [unknown_code_page]
    [3224]ctmn32.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->021F0000 [unknown_code_page]
    [3224]ctmn32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->02220000 [unknown_code_page]
    [3224]ctmn32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->02210000 [unknown_code_page]
    [3224]ctmn32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->022A0000 [unknown_code_page]
    [3224]ctmn32.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->02290000 [unknown_code_page]
    [3224]ctmn32.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->021F0000 [unknown_code_page]
    [3224]ctmn32.exe-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x004D213C-->021E0000 [unknown_code_page]
    [3224]ctmn32.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004D20BC-->02220000 [unknown_code_page]
    [3224]ctmn32.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x004D20C0-->02210000 [unknown_code_page]
    [3224]ctmn32.exe-->kernel32.dll-->OpenProcess, Type: IAT modification 0x004D20D8-->02200000 [unknown_code_page]
    [3224]ctmn32.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x004D20E4-->021F0000 [unknown_code_page]
    [3224]ctmn32.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->02220000 [unknown_code_page]
    [3224]ctmn32.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->02210000 [unknown_code_page]
    [3224]ctmn32.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->02290000 [unknown_code_page]
    [3224]ctmn32.exe-->mswsock.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x71A51144-->02200000 [unknown_code_page]
    [3224]ctmn32.exe-->mswsock.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x71A510B4-->021F0000 [unknown_code_page]
    [3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->021E0000 [unknown_code_page]
    [3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->022B0000 [unknown_code_page]
    [3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->02270000 [unknown_code_page]
    [3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->02240000 [unknown_code_page]
    [3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->02280000 [unknown_code_page]
    [3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->02220000 [unknown_code_page]
    [3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->02210000 [unknown_code_page]
    [3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->02260000 [unknown_code_page]
    [3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->022A0000 [unknown_code_page]
    [3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->02290000 [unknown_code_page]
    [3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->02200000 [unknown_code_page]
    [3224]ctmn32.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->021F0000 [unknown_code_page]
    [3224]ctmn32.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->02230000 [unknown_code_page]
    [3224]ctmn32.exe-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x004D260C-->02230000 [unknown_code_page]
    [3224]ctmn32.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->02270000 [unknown_code_page]
    [3224]ctmn32.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->02280000 [unknown_code_page]
    [3224]ctmn32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->02220000 [unknown_code_page]
    [3224]ctmn32.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->02210000 [unknown_code_page]
    [3224]ctmn32.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->022A0000 [unknown_code_page]
    [3224]ctmn32.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->02290000 [unknown_code_page]
    [3224]ctmn32.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->021F0000 [unknown_code_page]
    [3224]ctmn32.exe-->wininet.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x3D93127C-->021E0000 [unknown_code_page]
    [3224]ctmn32.exe-->wininet.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x3D931284-->02240000 [unknown_code_page]
    [3224]ctmn32.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->02220000 [unknown_code_page]
    [3224]ctmn32.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D931484-->02210000 [unknown_code_page]
    [3224]ctmn32.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931418-->022A0000 [unknown_code_page]
    [3224]ctmn32.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D9313EC-->02290000 [unknown_code_page]
    [3224]ctmn32.exe-->wininet.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x3D931470-->021F0000 [unknown_code_page]
    [3224]ctmn32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->02220000 [unknown_code_page]
    [3224]ctmn32.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->02210000 [unknown_code_page]
    [3224]ctmn32.exe-->ws2_32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x71AB10D0-->021F0000 [unknown_code_page]
    [3420]AdobeARM.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->017B0000 [unknown_code_page]
    [3420]AdobeARM.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->016F0000 [unknown_code_page]
    [3420]AdobeARM.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->01700000 [unknown_code_page]
    [3420]AdobeARM.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->01760000 [unknown_code_page]
    [3420]AdobeARM.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->01740000 [unknown_code_page]
    [3420]AdobeARM.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->01780000 [unknown_code_page]
    [3420]AdobeARM.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->01750000 [unknown_code_page]
    [3420]AdobeARM.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->01730000 [unknown_code_page]
    [3420]AdobeARM.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->01710000 [unknown_code_page]
    [3420]AdobeARM.exe-->crypt32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x77A8120C-->01790000 [unknown_code_page]
    [3420]AdobeARM.exe-->crypt32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77A81210-->016F0000 [unknown_code_page]
    [3420]AdobeARM.exe-->crypt32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x77A81214-->017A0000 [unknown_code_page]
    [3420]AdobeARM.exe-->crypt32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77A81218-->01700000 [unknown_code_page]
    [3420]AdobeARM.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->01760000 [unknown_code_page]
    [3420]AdobeARM.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77A81190-->01740000 [unknown_code_page]
    [3420]AdobeARM.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x77A811F8-->017C0000 [unknown_code_page]
    [3420]AdobeARM.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77A811FC-->01780000 [unknown_code_page]
    [3420]AdobeARM.exe-->crypt32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77A811AC-->01710000 [unknown_code_page]
    [3420]AdobeARM.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->01760000 [unknown_code_page]
    [3420]AdobeARM.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->01740000 [unknown_code_page]
    [3420]AdobeARM.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->01780000 [unknown_code_page]
    [3420]AdobeARM.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->01750000 [unknown_code_page]
    [3420]AdobeARM.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->01710000 [unknown_code_page]
    [3420]AdobeARM.exe-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x004663C0-->016F0000 [unknown_code_page]
    [3420]AdobeARM.exe-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x004662C4-->01700000 [unknown_code_page]
    [3420]AdobeARM.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004663C8-->01760000 [unknown_code_page]
    [3420]AdobeARM.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00466270-->01740000 [unknown_code_page]
    [3420]AdobeARM.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004663CC-->01750000 [unknown_code_page]
    [3420]AdobeARM.exe-->kernel32.dll-->OpenProcess, Type: IAT modification 0x00466320-->01730000 [unknown_code_page]
    [3420]AdobeARM.exe-->kernel32.dll-->SuspendThread, Type: IAT modification 0x0046628C-->01720000 [unknown_code_page]
    [3420]AdobeARM.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x004661DC-->01710000 [unknown_code_page]
    [3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->01790000 [unknown_code_page]
    [3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->017B0000 [unknown_code_page]
    [3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->016F0000 [unknown_code_page]
    [3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->017A0000 [unknown_code_page]
    [3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->01700000 [unknown_code_page]
    [3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->01760000 [unknown_code_page]
    [3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->01740000 [unknown_code_page]
    [3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->017C0000 [unknown_code_page]
    [3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->01780000 [unknown_code_page]
    [3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->01750000 [unknown_code_page]
    [3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->01730000 [unknown_code_page]
    [3420]AdobeARM.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->01710000 [unknown_code_page]
    [3420]AdobeARM.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->01770000 [unknown_code_page]
    [3420]AdobeARM.exe-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x004665D4-->01770000 [unknown_code_page]
    [3420]AdobeARM.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->016F0000 [unknown_code_page]
    [3420]AdobeARM.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->01700000 [unknown_code_page]
    [3420]AdobeARM.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->01760000 [unknown_code_page]
    [3420]AdobeARM.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->01740000 [unknown_code_page]
    [3420]AdobeARM.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->01780000 [unknown_code_page]
    [3420]AdobeARM.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->01750000 [unknown_code_page]
    [3420]AdobeARM.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->01710000 [unknown_code_page]
    [3572]ctfmon.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->00DA0000 [unknown_code_page]
    [3572]ctfmon.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->00D70000 [unknown_code_page]
    [3572]ctfmon.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->00D90000 [unknown_code_page]
    [3572]ctfmon.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00D50000 [unknown_code_page]
    [3572]ctfmon.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00D40000 [unknown_code_page]
    [3572]ctfmon.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00DD0000 [unknown_code_page]
    [3572]ctfmon.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00DC0000 [unknown_code_page]
    [3572]ctfmon.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->00DB0000 [unknown_code_page]
    [3572]ctfmon.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->00D30000 [unknown_code_page]
    [3572]ctfmon.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00D50000 [unknown_code_page]
    [3572]ctfmon.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00D40000 [unknown_code_page]
    [3572]ctfmon.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00DD0000 [unknown_code_page]
    [3572]ctfmon.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00DC0000 [unknown_code_page]
    [3572]ctfmon.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->00D30000 [unknown_code_page]
    [3572]ctfmon.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00401098-->00D50000 [unknown_code_page]
    [3572]ctfmon.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401060-->00D40000 [unknown_code_page]
    [3572]ctfmon.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x0040107C-->00D30000 [unknown_code_page]
    [3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->00D60000 [unknown_code_page]
    [3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->00DA0000 [unknown_code_page]
    [3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->00D70000 [unknown_code_page]
    [3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->00D80000 [unknown_code_page]
    [3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->00D90000 [unknown_code_page]
    [3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00D50000 [unknown_code_page]
    [3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00D40000 [unknown_code_page]
    [3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00DE0000 [unknown_code_page]
    [3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00DD0000 [unknown_code_page]
    [3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00DC0000 [unknown_code_page]
    [3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->00DB0000 [unknown_code_page]
    [3572]ctfmon.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->00D30000 [unknown_code_page]
    [3572]ctfmon.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->00DF0000 [unknown_code_page]
    [3572]ctfmon.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->00D70000 [unknown_code_page]
    [3572]ctfmon.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->00D90000 [unknown_code_page]
    [3572]ctfmon.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00D50000 [unknown_code_page]
    [3572]ctfmon.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00D40000 [unknown_code_page]
    [3572]ctfmon.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00DD0000 [unknown_code_page]
    [3572]ctfmon.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00DC0000 [unknown_code_page]
    [3572]ctfmon.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->00D30000 [unknown_code_page]
    [3620]wscntfy.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->00C90000 [unknown_code_page]
    [3620]wscntfy.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->00C30000 [unknown_code_page]
    [3620]wscntfy.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->00C50000 [unknown_code_page]
    [3620]wscntfy.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00C70000 [unknown_code_page]
    [3620]wscntfy.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00C60000 [unknown_code_page]
    [3620]wscntfy.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00C10000 [unknown_code_page]
    [3620]wscntfy.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00C80000 [unknown_code_page]
    [3620]wscntfy.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->00CA0000 [unknown_code_page]
    [3620]wscntfy.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->00C00000 [unknown_code_page]
    [3620]wscntfy.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00C70000 [unknown_code_page]
    [3620]wscntfy.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00C60000 [unknown_code_page]
    [3620]wscntfy.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00C10000 [unknown_code_page]
    [3620]wscntfy.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00C80000 [unknown_code_page]
    [3620]wscntfy.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->00C00000 [unknown_code_page]
    [3620]wscntfy.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x01001024-->00C10000 [unknown_code_page]
    [3620]wscntfy.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x0100103C-->00C00000 [unknown_code_page]
    [3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->00C20000 [unknown_code_page]
    [3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->00C90000 [unknown_code_page]
    [3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->00C30000 [unknown_code_page]
    [3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->00C40000 [unknown_code_page]
    [3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->00C50000 [unknown_code_page]
    [3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00C70000 [unknown_code_page]
    [3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00C60000 [unknown_code_page]
    [3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00CB0000 [unknown_code_page]
    [3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00C10000 [unknown_code_page]
    [3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00C80000 [unknown_code_page]
    [3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->00CA0000 [unknown_code_page]
    [3620]wscntfy.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->00C00000 [unknown_code_page]
    [3620]wscntfy.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->00CC0000 [unknown_code_page]
    [3620]wscntfy.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->00C30000 [unknown_code_page]
    [3620]wscntfy.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->00C50000 [unknown_code_page]
    [3620]wscntfy.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00C70000 [unknown_code_page]
    [3620]wscntfy.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00C60000 [unknown_code_page]
    [3620]wscntfy.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00C10000 [unknown_code_page]
    [3620]wscntfy.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00C80000 [unknown_code_page]
    [3620]wscntfy.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->00C00000 [unknown_code_page]
    [3892]iTunesHelper.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->09CF0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->09CD0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->09CE0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->09CC0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->09CA0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->09D10000 [unknown_code_page]
    [3892]iTunesHelper.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->09CB0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->09D00000 [unknown_code_page]
    [3892]iTunesHelper.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->09C90000 [unknown_code_page]
    [3892]iTunesHelper.exe-->crypt32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x77A8120C-->09D20000 [unknown_code_page]
    [3892]iTunesHelper.exe-->crypt32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77A81210-->09CD0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->crypt32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x77A81214-->09D30000 [unknown_code_page]
    [3892]iTunesHelper.exe-->crypt32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77A81218-->09CE0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->09CC0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77A81190-->09CA0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x77A811F8-->09D40000 [unknown_code_page]
    [3892]iTunesHelper.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77A811FC-->09D10000 [unknown_code_page]
    [3892]iTunesHelper.exe-->crypt32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77A811AC-->09C90000 [unknown_code_page]
    [3892]iTunesHelper.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->09CC0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->09CA0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->09D10000 [unknown_code_page]
    [3892]iTunesHelper.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->09CB0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->09C90000 [unknown_code_page]
    [3892]iTunesHelper.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00408018-->09CC0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x004080C8-->09CA0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x0040802C-->09CB0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x0040803C-->09C90000 [unknown_code_page]
    [3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->09D20000 [unknown_code_page]
    [3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->09CF0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->09CD0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->09D30000 [unknown_code_page]
    [3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->09CE0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->09CC0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->09CA0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->09D40000 [unknown_code_page]
    [3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->09D10000 [unknown_code_page]
    [3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->09CB0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->09D00000 [unknown_code_page]
    [3892]iTunesHelper.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->09C90000 [unknown_code_page]
    [3892]iTunesHelper.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->09D50000 [unknown_code_page]
    [3892]iTunesHelper.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->09CD0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->09CE0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->09CC0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->09CA0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->09D10000 [unknown_code_page]
    [3892]iTunesHelper.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->09CB0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->09C90000 [unknown_code_page]
    [3892]iTunesHelper.exe-->wininet.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x3D93127C-->09D20000 [unknown_code_page]
    [3892]iTunesHelper.exe-->wininet.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x3D931284-->09D30000 [unknown_code_page]
    [3892]iTunesHelper.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->09CC0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D931484-->09CA0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931418-->09D10000 [unknown_code_page]
    [3892]iTunesHelper.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D9313EC-->09CB0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->wininet.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x3D931470-->09C90000 [unknown_code_page]
    [3892]iTunesHelper.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->09CC0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->09CA0000 [unknown_code_page]
    [3892]iTunesHelper.exe-->ws2_32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x71AB10D0-->09C90000 [unknown_code_page]
    [4560]KHALMNPR.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x77DD1060-->027F0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->advapi32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77DD1234-->027B0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->advapi32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77DD1064-->027C0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->027A0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->02790000 [unknown_code_page]
    [4560]KHALMNPR.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->027E0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->027D0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->advapi32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x77DD11FC-->02800000 [unknown_code_page]
    [4560]KHALMNPR.exe-->advapi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77DD1164-->02780000 [unknown_code_page]
    [4560]KHALMNPR.exe-->crypt32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x77A8120C-->02810000 [unknown_code_page]
    [4560]KHALMNPR.exe-->crypt32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77A81210-->027B0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->crypt32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x77A81214-->02820000 [unknown_code_page]
    [4560]KHALMNPR.exe-->crypt32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77A81218-->027C0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->027A0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77A81190-->02790000 [unknown_code_page]
    [4560]KHALMNPR.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x77A811F8-->02830000 [unknown_code_page]
    [4560]KHALMNPR.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77A811FC-->027E0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->crypt32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77A811AC-->02780000 [unknown_code_page]
    [4560]KHALMNPR.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->027A0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->02790000 [unknown_code_page]
    [4560]KHALMNPR.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->027E0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->027D0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->gdi32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x77F11038-->02780000 [unknown_code_page]
    [4560]KHALMNPR.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004130DC-->027A0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x004130D4-->02790000 [unknown_code_page]
    [4560]KHALMNPR.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x004130F8-->02780000 [unknown_code_page]
    [4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->FindFirstFileA, Type: IAT modification 0x7C9C12BC-->02810000 [unknown_code_page]
    [4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->FindFirstFileExW, Type: IAT modification 0x7C9C13B0-->027F0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7C9C15E8-->027B0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->FindNextFileA, Type: IAT modification 0x7C9C12C4-->02820000 [unknown_code_page]
    [4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7C9C15EC-->027C0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->027A0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->02790000 [unknown_code_page]
    [4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->02830000 [unknown_code_page]
    [4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->027E0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->027D0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->OpenProcess, Type: IAT modification 0x7C9C1568-->02800000 [unknown_code_page]
    [4560]KHALMNPR.exe-->shell32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7C9C13E0-->02780000 [unknown_code_page]
    [4560]KHALMNPR.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x7C9C1E7C-->02840000 [unknown_code_page]
    [4560]KHALMNPR.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x7E4112B4-->027B0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x7E4112B0-->027C0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->027A0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->02790000 [unknown_code_page]
    [4560]KHALMNPR.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->027E0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->027D0000 [unknown_code_page]
    [4560]KHALMNPR.exe-->user32.dll-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x7E4112FC-->02780000 [unknown_code_page]


    !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules